[Gloucs] I-WORM/Opas.A - FIREWALLS

Guy Edwards gloucs at mailman.lug.org.uk
Wed Jan 1 18:57:01 2003


On Wed, 2003-01-01 at 17:53, bjh wrote:
> When connection was made with the Microsoft site, our dear friends system
> said that we needed to re-load some updates, and in particular the Service
> Pack for Internet Explorer 6 (which had previously been installed - remember
> we do download updates as a matter of course!).

Just to check you know. There's a MS corporate download site so you can
download all the patches to a CD or a network share and then update all
you machines, rather than each connecting to the net to download the
same file from the automated update sniffer thing. I used to keep ours
on a samba share at my old company (we had a rubbish connection to the
net). Service packs would be my first stop
http://support.microsoft.com/default.aspx?scid=fh;EN-US;sp
I can burn these to CD if you have a slow connection as they're big (120mb etc) 
Incidentally I notice MS now has "How To" articles - about halfway down
the page. (not howtos of course)
http://support.microsoft.com/default.aspx?scid=fh;en-us;win2000

> After many different attempts to recover the system I was able to save the
> day by re-starting the system and ignoring the first virus warning, allowing
> the warning to time out and then clicking the AVG  desktop shortcut before
> the remaining virus warnings clicked in.... and thankfully our trusted
> friend AVG clicked in and we were finally able to get to a Dos prompt to do
> a Root removal - time taken to get to this point - about four
> hours!!!!!!!!!!!!

I'd check all your driver discs and any "backup" software CDR's that you
might have for viruses. Might not be just the net which is the problem

this might help:- (some Linux based virus scanners)
http://www.linux.org/apps/all/System/Anti-Virus.html

This is the main site I'd try though, and it's not listed above.
http://www.openantivirus.org/
http://www.openantivirus.org/projects.php

It has different AV tools for unix/linux  for different tasks. If you've
got a few Win9x boxes networked together with file sharing then I'd use
a spare machine to put samba on and put all you important files on the
samba share so that your data's always reliably stored. Makes backups
really easy too (just drag n drop the samba share onto a CDR). 

You can also put your windows CD's on a samba share using a loopback
filesystem (read the CD server howto) so that you don't have to go
hunting for the application CD's every time Windows asks for it. If your
using a 11mb/s wireless then it'll be equivilent to a 4x CD drive (I
think my maths is right?) but you save time by not waiting for a CD
drive to spin up or having to look for the CD (and finding it's
scratched).

I haven't run any AV software on Linux before but I presume you can just
leave a cron job to scan the samba share at regular intervals (or
overnight etc). 

I would suggest going to Windows 2000 as well as it's more "unixified".
If someone has a Windows 98 machine and it's just a default install,
they log in making a typo at the login, press enter and it logs them in
as a new user, they don't notice, and then wonder why all the network
shares deny them access (wrong username). Win2000 (and Linux of course)
will refuse your login. Once [windows] people get used to users and
permissions it's easier to bring them over from the darkside too.

I've said samba all the way through this but you could use NFS which I
had no idea worked with windows till now
http://support.microsoft.com/default.aspx?scid=kb;en-us;265324

whats "Linux 7.2" by the way :-)
http://support.microsoft.com/default.aspx?scid=kb;en-us;315979

Guy