|
|
|
 |
|
June 24, 2002
|
|
We've received Klez more times than all other worms and viruses combined -- even the big ones like I Love You, Goner, CodeRed and CodeBlue."
--Parrish S. Knight, Market*Access International
|
|
Combating Klez: Defending...
The fact that the Klez virus forges the sender address, as mentioned by Jonathan Feldman in "Klez Fallout Continues," was not known or reported initially, so, like Feldman's organization, we had staff members being falsely accused of sending the virus. When I got a message saying the postmaster was sending a virus to one of our internal addresses, I realized it had been forged by someone on the outside. As Feldman suggests, a quick look at the header verified this. Eventually, Symantec, Trend Micro and other antivirus software vendors added that "feature" to the virus descriptions in their knowledge bases.
My solution to most viruses is to block all incoming executable attachments. Just about the only files I let through these days are the ones labeled .txt, .doc and .xls, and those are scanned prior to delivery. That way, any new viruses my defs don't know about are blocked simply for being .exe, .bat, .pif, .scr, .vbs, .jar, .com or other unidentifiable files.
Paul A. Easter
IT Manager
The Production Network
peaster@tpnevents.com
...Disinfecting...
We're still receiving the Klez worm on a frequent basis, but we haven't been infected. Fortunately, our proxy server scans all incoming and outgoing e-mail messages and disinfects anything that shouldn't be there. However, it's getting tiresome to see that this worm is still trying so hard to get into our organization.
I've been the IT manager at Market*Access for about two-and-a-half years, and we've received the Klez worm more times than all other worms and viruses combined -- even the big ones like I Love You, Goner, CodeRed and CodeBlue.
I'm committed to safe computing and "Internet purity," so whenever an infected e-mail message comes in, I typically contact the recipient to let him or her know. However, Klez hides its origins well, and the volume of Klez messages (10 to 12 a day) doesn't allow me to investigate thoroughly. Argh!
Parrish S. Knight
Internet & LAN Administration
Market*Access International
pknight@marketaccess.org
...and Differentiating
If people would stop using Microsoft e-mail products, we wouldn't have anything to talk about. When will people get it? There are no e-mail viruses, only Microsoft Outlook viruses. There are no document-macro viruses, only Microsoft Office viruses. There have been more than 20 serious browser security vulnerabilities discovered in Microsoft Internet Explorer for every one found in all other browsers combined.
My networks are running Microsoft Windows 98 "lite" with all Microsoft Internet add-ons stripped out (see the litePC.com Web site). Not only is a PC more secure without Internet Explorer installed, it also runs 30 percent faster.
I've put Novell NetWare and GroupWise on the servers and use Corel WordPerfect Office. Taking these tactics and performing proper antivirus updates, I haven't had a virus problem in more than 10 years.
Bob Fiero, Owner
Alpha Byte Computer Services
bfiero@mentalfloss.net
Jonathan Feldman responds: Yes, a monoculture is a good breeding ground for virus attacks. I guess everybody brings up the American chestnut tree and its fungus blight as the prime example, right? But it's appropriate, I think.
Making the Most of WLANs -- From Any Location
Pete Morrissey's May 13 column, "Checking Up on Your WLANs," could have gone further to say that if you set up proper client security and send all traffic through IPsec, users can freely access your corporate network from wherever they are -- even from a company's own conference rooms. The nice thing is that the user then would have the same configuration at the office, at home and on the road.
Of course, this means someone will need to talk to Linksys to make sure its Wireless Presentation Gateway (WPG11) will support IPsec. Otherwise, users will be presenting to a much larger audience than they think!
Gerald Q. Maguire Jr.
Professor
Royal Institute of Technology (KTH)
E-mail withheld upon request
 |
Correction: In "Sneak an AiroPeek at WLAN Stats", Network Instruments Expert Observer should have received a report-card score of 4.5 for packet-capture filtering. Contrary to what we reported, you do not need to save to hard disk first using Expert Observer, and you can see packets in real time and change filters in real time. Expert Observer's total report-card score should be 4.23, which puts it ahead of Network Associates Sniffer Wireless.
Tell Us How You ReallyFeel:
Send e-mail to editor@nwc.com, fax to (516) 562-7293 or mail letters to Network Computing, 600 Community Drive, Manhasset, NY 11030. Include your name, title, company name, e-mail address and phone number. All correspondence becomes the property of Network Computing.
|
|
|
|
|
|
|
|
RSS
