Date post: | 15-Jan-2016 |
Category: |
Documents |
View: | 216 times |
Download: | 0 times |
Slides © 2002 Sophos Plc
www.sophos.com
Computer Viruses: The end of the World as we know it?
The media will often tell you…
It’s The End Of The World As We Know It - aka
TEOTWAWKI That the latest virus is a global disaster
Because of the data it destroys
Viruses and the media
Viruses and the media
Are viruses disasters?
Here are what some disasters look like...
Microsoft AntiVirus
Don’t panic!
Data destroyers are not disasters
Because you all have backups (we hope)
But is data destruction the worst problem viruses
cause?
But...
Data diddlers
Binary blabbers
Phantom posters
Oops! I did it again...
Your credibility can be affected by any of the
following
Slides © 2002 Sophos Plc
www.sophos.com
Credibility crushers
Data diddlers
Data diddlers
Viruses which subtly corrupt data
Viruses can switch around or alter data
May take months before the data corruption is even
noticed
Maybe you’re posting financial information for
the stock market
You may have to make an embarrassing
retraction
Data diddlers
Imagine if your financial results were diddled with...
Data diddlers
Let’s make this more personal, shall we?
Romeo,
I love you.
I hate the thought that we
will never see each other
again.
Ta ta for now, Juliet
Romeo,
I hate you.
I love the thought that we
will never see each other
again.
Ta ta for now, Juliet
Data diddlers
Data diddlers corrupt your data by swapping information
AND…
…ruin your love life
Slides © 2002 Sophos Plc
www.sophos.com
Binary blabbers
Credibility crushers
Binary blabbers
Confidentiality breached
Email-aware viruses
Forwarding a confidential document to customers and
business associates
Who needs espionage when a virus is doing it for free?
Research, exam papers, results
Binary blabbers
Imagine Alistair Campbell wanted to send
an email
to Tony Blair
…even Mr Prescott!!
Binary blabbers
But the virus emailed his message to everybody in
the government
Everyone turns up to King’s Head
Slides © 2002 Sophos Plc
www.sophos.com
Phantom posters
Credibility crushers
Newsgroups: alt.impeach.clinton, alt.politics.clinton,alt.fan.rushlimbaugh, alt.rush-limbaugh
Message-Id: <[email protected]>
From: "Linus F. Zimmerman” <[email protected]>
Subject: Re: Bradley on homosexual access to military
Date: 17 Jan 2000 00:47:22 GMT
Attached file: HAPPY99.EXE
Consider this example:
Phantom posters
Newsgroups: alt.politics.economics, comp.software.year-
2000, misc.invest.stocks,alt.talk.year2000
Message-Id: <[email protected]>
From: Hyman Blumenstock <[email protected]>
Subject: Re: Defending Y2K - The Greatest Con Job Of All
Date: 02 Jan 2000 14:43:10 GMT
Attached file: HAPPY99.EXE
Would this affect your IT credibility?
Phantom posters
Slides © 2002 Sophos Plc
www.sophos.com
Oops! I did it again...
Credibility crushers
Oops! I did it again...
Credibility
Sending out a virus publicly announces you are
infected
What would your customers/colleagues think?
Oops! I did it again...
Credibility
Ziff Davis reported in August 1999
Fuji Bank sent out a document to investment partners regarding its
forthcoming merger with the Industrial Bank of Japan and Dai-Ichi
Kangyo Bank
When investors opened the document...
So...
In short...
The media are focusing on data destruction as being
the problem with viruses
Yet your credibility and confidentiality is being
threatened by a growing number of viruses
Having anti-virus software in place and regularly
updated is a must…
Internet virus vectors
SMTP
HTTP
FTP
NNTP
IRC
Other virus vectors
Network shares
Removable media
PDA
Four tiers of virus protection
Internet
ISP
Tier 4
Tier 3
Tier 2
Tier 1
Four tiers of virus protection
Internet
ISP
Users’ computers
Tier 3
Tier 2
Tier 1
Users’ computers
Desktops
Laptops
PDAs
Mobile ‘phones
Users’ computers
Main target
Only place guaranteed to see all data
Uncontrolled
Increasing diversity
Large numbers
Difficult to manage
Identification
Installation
Updates
Configuration
Four tiers of virus protection
Internet
ISP
Users’ computers
Local servers
Tier 2
Tier 1
Local servers
File-servers
Application servers
Local servers
Susceptible to network aware viruses
Controlled by network administrators
Lower numbers
Easier to manage
Not all data passes through servers
Four tiers of virus protection
Internet
ISP
Users’ computers
Local servers
Email servers
Tier 1
Email servers
Main route for viruses
Controlled by network administrators
Low numbers
Easy to manage
Data may not be readable e.g. Encryption
May not have access to stored email
Not only route for viruses
Four tiers of virus protection
Internet
ISP
Users’ computers
Local servers
Email servers
Managed services
Managed service
Edge of network devices
Dedicated devices
ISPs
Dedicated managed service
Managed service
Managed by supplier
No local management
Main route for viruses - Email
Data may not be readable e.g. Encryption
Not only route for viruses
No access to stored data
What else can you do?
But perhaps other preventative measures would
better protect your reputation from going down the
loo
DISCLAIMER
Preventative anti-virus measures
The following rules and procedures are not foolproof
But they will dramatically reduce the threat viruses
can pose your organisation - and decrease the
chances of your confidentiality and credibility being
damaged
Avoid using DOC files
DOC files support macros
If macros are supported, macro viruses can flourish
Why not...
Save your documents in Rich Text Format (RTF)
RTF does not support macros
Configure Word to save files as RTF by default
Look out for security bulletins
Offer timely security information, patches and
updates
Examples include Microsoft,
(http://www.microsoft.com/technet/security),
and Sophos Anti-Virus
(www.sophos.com/virusinfo/notifications)
Block unwanted filetypes
Do you really need to send/receive these file types:
EXE, VBS, SHS, COM, SCR, JS, HTA, BAT?
If yes…
Set up a list of authorised users who can
send and receive these files.
If not, protect yourself!
Limit internet access
Viruses are often downloaded from the web
Is surfing the net a necessity in your organisation?
If yes...
Ensure that web access is only available on dedicated
internet PCs
Or limit access to trusted sites only.
If not…
get rid of the darn thing
++ ==
Visit www.eicar.org and download the EICARtest file insteadNo infection risk. No worries.
Use EICAR for testing
Never EVER test your anti virus software with a virus
Deselect WSH
Deselect Windows Scripting Host (WSH)
Some viruses depend upon WSH to spread (e.g.VBE
and VBS)
Watch out for hoaxes
Never allow users to forward virus alerts
Sleuthing out whether a real virus or a hoax has
infiltrated your company is the administrator’s job and
no one else’s
Tell your users not to trust ANY virus alerts
(even from coolcat anti virus companies)
Don’t boot from floppies
Obstruct boot sector viruses via CMOS
Most PCs check the A: drive before
the C: when booting
An infected floppy disk in the
A: drive on boot up equals virus
Why not...
Change the sequence to “C: first” in
your BIOS settings to avoid pure
boot sector viruses
Warn users about floppies
Warn users about the dangers of floppies
Many believe that floppy disks are no longer used
But pure boot sector viruses are still infecting PCs
Laptops are a major contributor
Conclusion
Viruses, Trojans and worms are on the increase
They are becoming more complex and more effective
BUT...
It is not the end of the World!
They are preventable
Anti-virus software
Best practice
Know your enemy
Ignore the hype
Latest virus alerts
Recent reports
Playing on World Cup interest
Latest virus alerts
The Barthez virus
Prevents you from saving anything
Latest virus alerts
The Rivaldo virus
Repeatedly falls over but immediately reboots with
no apparent side-effects
Latest virus alerts
The Roy Keane virus
Makes the PC unstable and throws you out of
Windows
Latest virus alerts
The Argentinian virus
Looks dangerous but deletes itself after ten days
Slides © 2002 Sophos Plc
www.sophos.com
Computer Viruses: NOT the end of the World as we know it!