[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Martijn Grooten wrote:
Yep it is a bit worrying, saying that at the last place I worked at they had a policy of making USB mass storage devices read-only (I can't remember if they disabled auto-run). I think in cases such as Conficker it would have probably been picked up by the Anti-Virus software, but it still leaves new unknown viruses out there which could potentially cause havoc.On Fri, Sep 4, 2009 at 7:15 PM, Rob Beardwrote:I can't remember if this was posted before, but it's an article about how a London council was infected with Conficker costing them lots of money to sort out (plus lots of lost revenue in fines). Their solution? Upgrade from Windows 2000 to Windows XP. Yeah great.I won't go into the debate whether if everyone used Linux there'd be fewer viruses, but if someone can make so much damage by plugging in an infected USB stick, then something more serious is the matter than "wrong operating system" or even "viruses are just really bad". Why did the IT security policy enable that person able to plug the infected stick in the first place?
You'd have thought though that it would be IT policy that all USB devices are banned from being used, or at least make it the policy that only council provided USB devices could be used and not on anything other than council machines (but I guess with a network it would in most cases mean that USB mass storage devices would be pointless - albeit handy for sending large amounts of data to remote sites with slow links I guess).
Not a very good response from them really. On my Windows machines I tend to run AVG (since it's free) and even though it does seem to slow the machines down to a slugs pace in some cases, I still leave it running as I'm kind of paranoid about getting infected (either when I work on a customers machine, from my other half downloading something or sticking in a USB stick, or even from running something myself that could end up being infected).Incidentally, I discovered a copy of Conficker on one of our USB sticks today. It turns out to have been infected at the print shop I took it last week to have them print a document. Thankfully, I could safely investigate the files on Linux and upload them to VirusTotal -- which is how I discovered it was Conficker -- but then I called the print shop, to warn them, and they weren't the least concerned. They do run an antivirus program they sad, but have weakened its settings because, you know, all these warnings about files are so annoying. My suggestion that they might thus infect the network of a big customer resulted in a "such is life" reply. Martijn
I must admit, when working on customers machines, before I backup any data I do a scan with ClamAV just to be sure.
Rob -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html