[WinMac] Re: Virus protection for NT Server 4.0

Subject: [WinMac] Re: Virus protection for NT Server 4.0
From: Aryeh Weinstein (ari[at]i-netconsulting.com)
Date: Fri Jan 25 2002 - 14:42:34 EST

• Next message: Dan Schwartz: "RE: [WinMac] Re: Mac prntr- Win98"
• Previous message: Jeff Johnson: "Re: [WinMac] Re: Mac prntr- Win98"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
>
> >Hello,
> > We just set up an NT 4.0 sever with IIS and immediately got
> >infected with the nimda or code red virus. What virus software will
> >run on NT 4.0 server or Windows 2000 server (not workstation). We're
> >getting feedback that workstation versions of Nortons won't do the
> >job. Thanks. MVK
> >--
> >Michael V. Kramizeh
>
>Michael-
>
>In addition to antivirus software, you should consider Applock/Web or
>ServerLock from Watchguard. These prevent viruses from attacking
>Windows/Solaris servers by preventing file modification and execution,
>instead of having to know about specific viruses. For more info,
>www.watchguard.com.
>
>-Ari Weinstein
>
>
>
>Message-ID: <9FA0DE4FA5C1544692ECB39CBEDEBE2E729B37@ACS-W2KAS1>
>From: "Wilcox, Curtis" <cwilcox@esm.rochester.edu>
>To: "'winmac@iffy.com'" <winmac@iffy.com>
>Date: Wed, 23 Jan 2002 17:53:07 -0500
>MIME-Version: 1.0
>Content-Type: text/plain
>Subject: RE: [WinMac] RE: Virus protection for NT Server 4.0
>
> > -----Original Message-----
> > From: Perbix, Michael [mailto:PERBIX@lmsd.org]
> > Sent: Wednesday, January 23, 2002 9:08 AM
> > To: 'winmac@iffy.com'
> > Subject: RE: [WinMac] RE: Virus protection for NT Server 4.0
> >
> >
> > Here is our setup for those curious...
> >
> > We are running Virex 6.1 on all Mac clients. This is set to
> > eupdate every
> > month from an internal FTP server that I download the current
> > monthly file
> > to.
>
>That sounds a lot like our setup for Macs with Norton AV. What if the Mac is
>off at the day/time the update is supposed to happen? With Norton's
>LiveUpdate, if you miss the time, it doesn't happen.
>
>
> > > Wilcox, Curtis wrote:
> > >
> > > >
> > > >
> > --------------------------------------------------------------
> > ----------
> > > >
> > > > Subject:
> > > >
> > > > RE: [WinMac] RE: Virus protection for NT Server 4.0
> > > > From:
> > > >
> > > > "Wilcox, Curtis" <cwilcox@esm.rochester.edu>
> > > > Date:
> > > >
> > > > Tue, 22 Jan 2002 16:17:12 -0500
> > > > To:
> > > >
> > > > "'winmac@iffy.com'" <winmac@iffy.com>
> > > >
> > > > To:
> > > >
> > > > "'winmac@iffy.com'" <winmac@iffy.com>
> > > >
> > > >
> > > > Is the scanning of Mac files on an NT server an unusual
> > feature? I did
> > > some
> > > > looking on Symantec's site and while it doesn't say it
> > does, it also
> > > doesn't
> > > > say it doesn't. The Virus Encyclopedia doesn't make a distinction
> > > between
> > > > virus definitions by platform which implies Norton
> > AntiVirus for Windows
> > > > will catch Mac-specific viruses.
> > > >
> > > > What interested me on the Sophos site was their Mac client.
> > > > http://www.sophos.com/products/software/antivirus/savmac.html
> > > >
> > > > They seem to be describing a managed client for Mac. Has
> > anyone used it?
> > > I'm
> > > > most familiar with Norton's managed client for Windows
> > and their client
> > > for
> > > > Mac (7.0), how does Sophos compare? The things I like
> > about the Symantec
> > > > managed client system are automated updates of the master
> > server, pushed
> > > > definitions to clients, centralized control of AV client
> > configuration,
> > > and
> > > > notification to server of events on the client.
>Message-ID: <9FA0DE4FA5C1544692ECB39CBEDEBE2E729B38@ACS-W2KAS1>
>From: "Wilcox, Curtis" <cwilcox@esm.rochester.edu>
>To: "'winmac@iffy.com'" <winmac@iffy.com>
>Date: Wed, 23 Jan 2002 18:10:45 -0500
>MIME-Version: 1.0
>Content-Type: text/plain
>Subject: RE: [WinMac] RE: Virus protection for NT Server 4.0
>
> > -----Original Message-----
> > From: Aryeh Weinstein [mailto:ari@i-netconsulting.com]
> > Sent: Wednesday, January 23, 2002 1:52 PM
> > To: winmac@iffy.com
> > Subject: [WinMac] Re: winmac Digest 23 Jan 2002 14:09:53
> > -0000 Issue 179
>
>
> > In addition to antivirus software, you should consider Applock/Web or
> > ServerLock from Watchguard. These prevent viruses from attacking
> > Windows/Solaris servers by preventing file modification and
> > execution,
> > instead of having to know about specific viruses. For more info,
> > www.watchguard.com.
>
>I looked at the Applock/Web page.
>http://www.watchguard.com/products/applock.asp
>Here's my smartass assessment, "Our software will configure your server,
>even though you can and should do it yourself, and charge you $600 for the
>service." (The site wants me to register before I can look at "Brochures" or
>"White Papers." I don't think so.)
>
>Seriously, Microsoft provides some pretty good information now for securing
>an NT server and tools to deal with the absurd state IIS comes in by
>default.
>
>Security Tools and Checklists
>http://www.microsoft.com/technet/security/tools/tools.asp
>
>IIS Security Planning Tool (Win2k)
>http://www.microsoft.com/downloads/release.asp?ReleaseID=24973
>
>IISlockdown Tool (IIS4 & IIS5)
>http://www.microsoft.com/technet/security/tools/locktool.asp

Curtis-

Unfortunately, your "smartass" assessment is completely inaccurate,
AppLock/Web is quite different from Microsoft's IIS Lockdown tool. If you
bothered to read the white papers on how AppLock/Web and ServerLock work,
you would know that they use kernel level drivers that intercept I/O and
registry edit calls to prevent hacking. When an application, legitimate or
a virus/trojan horse/hacker, tries to write to the NTFS file system or the
registry, the Watchguard driver compares the request against its list of
rules. This allows legitimate applications to run unmodified and prevents
the massive, repetitive file creation of a virus like Nimda. The advantage
of a tool like AppLock/Web is that it prevents viruses and hacking by
monitoring and preventing actions outside of a user-definable ruleset, not
by knowing the specifics of a virus or hack and detecting it by pattern.
This is one step ahead of waiting for the latest virus updates or OS
patches (which many users do not keep up with). The disadvantage is that it
increases system resource utilization, mostly RAM. As I wrote in my
previous post, it is software worth considering, but not for everyone. As
far as having to register to view brochures and whitepapers, I agree with
you completely, and I have complained to Watchguard about this more than once.

*** Windows-MacintoshOS Cooperation List ***
FAQ: http://www.darryl.com/winmacfaq/
Archive: http://www.darryl.com/winmac/

To unsubscribe, send mail to winmac-unsubscribe@iffy.com

• Next message: Dan Schwartz: "RE: [WinMac] Re: Mac prntr- Win98"
• Previous message: Jeff Johnson: "Re: [WinMac] Re: Mac prntr- Win98"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Fri Jan 25 2002 - 14:48:13 EST