[_] Anti virus
Oliver Humpage
oliver at watershed.co.uk
Thu Sep 28 11:35:58 BST 2006
on 28/9/06 11:27, Andy Davies at dajdavies at gmail.com wrote:
> I wouldn't disagree about the balance between the two, clearly the increased
> used of AV, email scanning services etc. has had the largest effect, but
> don't forget the tests with upatched XP boxes illustrating how quickly it is
> to get infected via a non-NAT'd connection.
Just to be pedantic, that's more of a worm thing than a virus thing. My
stats were only examining email-born viruses, which have tailed off a lot.
Worms (like blaster) do scour the internet for unpatched boxes with public
IPs, and I expect you're right that with the roll-out of XP SP2 (with
default "on" firewall) and other things, the number of worms has gone down
too.
So we get all the virus writers jumping on other ways to get into systems.
This is where the onion layer approach to security really comes into its
own. You can never guarantee an internet-connected box isn't going to get
taken over - the trick is to minimise the impact. Even if it's a standalone
box, not on a network, you can still take regular backups and store them
either on WORM media, or on a hard disk you don't leaved plugged in all the
time.
> Some of the trojan writers are sneaky b*st*rds - my daughter uses something
> called Habbo Hotel and people have tried sending her several trojans virus -
> others kids sites seem to have become real targets for them too.
Yeah, there's a good load kicking about on IM as well - mostly which will
take over your IM programme and start sending itself out to all your
contacts.
Oliver.
> I wouldn't disagree about the balance between the two, clearly the increased
> used of AV, email scanning services etc. has had the largest effect, but
> don't forget the tests with upatched XP boxes illustrating how quickly it is
> to get infected via a non-NAT'd connection.
Just to be pedantic, that's more of a worm thing than a virus thing. My
stats were only examining email-born viruses, which have tailed off a lot.
Worms (like blaster) do scour the internet for unpatched boxes with public
IPs, and I expect you're right that with the roll-out of XP SP2 (with
default "on" firewall) and other things, the number of worms has gone down
too.
So we get all the virus writers jumping on other ways to get into systems.
This is where the onion layer approach to security really comes into its
own. You can never guarantee an internet-connected box isn't going to get
taken over - the trick is to minimise the impact. Even if it's a standalone
box, not on a network, you can still take regular backups and store them
either on WORM media, or on a hard disk you don't leaved plugged in all the
time.
> Some of the trojan writers are sneaky b*st*rds - my daughter uses something
> called Habbo Hotel and people have tried sending her several trojans virus -
> others kids sites seem to have become real targets for them too.
Yeah, there's a good load kicking about on IM as well - mostly which will
take over your IM programme and start sending itself out to all your
contacts.
Oliver.