Re: OT security on mainframe versus that on Windows was Re: RW's statement - what am I missing (was: help with tables

On Wed, 6 Feb 2008 15:55:32 -0800 (PST), Richard <riplin@xxxxxxxxxxxx> wrote:

On Feb 7, 11:43 am, Robert <n...@xxxxxx> wrote:
On Wed, 06 Feb 2008 13:56:01 -0400, Clark F Morris <cfmpub...@xxxxxxxxxxxxxxx> wrote:

How locked down is the Internet
access? How locked down is the computer from upgrade? Is there a USB
port on the desktop and what can be hooked to it? Can CDs be read? Is
autoplay enabled? Is boot from CD enabled?

Imagine a virus that completely disabled your Web browser. That would be some nasty
malware that no one would tolerate. Same for a virus that killed your USB devices or CD
drive. It would be stomped out within a week.

Suppose the virus infected spread to every machine in the company, and was impossible to
remove. Frantic calls would go out to Symantec and McAfee.

Want to mount a denial of service attack? Don't bother writing viruses, sending in a
short-sighted administrator will cripple them more, without you having to lift a finger.

Imagine a virus that was designed to never be noticed.

Many Windows viruses these days try to hide themselves, preferably
with rootkits, so that they can be used as spyware or as zombies on
the botnets. When Windows is inactive the zombie will call home and
receive instructions. These are the source of most spam email these
days. Each botnet could run to millions of Windows machines, including
corporates.

The users have no idea that the spyware or botnet resides on the
machine and thus fail to try to get rid of it.

All true. Users cannot get rid of botnet viruses for two reasons:

... Smart viruses detect that you're running a virus scanner and fool it with clean disk
segments. The scanner appears to be running normally and not finding anything.

... Virus scanners look for known patterns in files and in memory. Some viruses have no
identifying pattern because each copy is encrypted with a different key.

Valentine's Day is the best day of the year for bad guys. They will send hundreds of
millions of Valentine emails with links to LEGITIMATE electronic card sites. If you click
the link, you'll be redirected to their site, which will install a dozen viruses.

Bad guys are not teenaged hackers; they are professional criminals. They have their own
communication protocol and encryption algorithm, dozens of servers, tens of millions of
bots. Last year they took down monster.com, Bank of India, Akami, and a primary DNS server
run by Dept of Defense. They can send well over a billion bits per second at a server, and
do it to several servers simultaneously. Nearly all email spam comes from their bots, not
their own machines. Their server cannot be traced or tapped because its IP address changes
every second.
.

Relevant Pages

  • Re: Frustrated with Trend CSM!
    ... wonder if what you're seeing inhte reports are viruses that have been caught ... DCS is separate from the actual virus detection pattern ... Trend Damage Cleanup Server ... As for email viruses...Many viruses propagate by sending themselves to ...
    (microsoft.public.windows.server.sbs)
  • Re: inetinfo.exe
    ... I would check the headers of an infected message to see if it actually ... There are some devious bastards in the virus ... alerts regarding your server. ... software is fully upto date and even on a full scan no viruses are found. ...
    (microsoft.public.win2000.general)
  • Re: Anybody being attacked by the Conficker virus?
    ... If you want your botnet (which is what many ... viruses seem to establish these days) to survive, ... it will kill my virus. ... there's a CHANCE that the loose ...
    (rec.motorcycles)
  • Re: Local Drive C: got problem!
    ... My PC had viruses and I try to scan it. ... After I can clean those virus ... You are currently in a group that focuses on server issues. ...
    (microsoft.public.windows.server.general)
  • Re: Keep getting viruses on new mail server.
    ... is a new server we haven't really moved anyone over to this right now. ... exclude those directories. ... > like the virus is in an email that is being sent/recieved to or from a user ... >> For some reason we keep getting viruses on this server. ...
    (microsoft.public.exchange2000.general)