LINUX SECURITY --- March 06, 2001
Published by ITworld.com -- changing the way you view IT
http://www.itworld.com/newsletters
__________________________________________________________________________
______
HIGHLIGHTS
* Dealing with email viruses and Microsoft's susceptibility to them.
__________________________________________________________________________
____
Virus Security - The Microsoft Factor
By Rick Johnson
Don't you love receiving an email with the subject "ILOVEYOU"?
Curiously, it is addressed from a friend who surely does not
feel "that" way towards you. More surprisingly, you find one of those
wonderful Windows VBS code excerpts attached at the bottom. Of course,
this message will never be more than humorous to my Linux mail client
(PINE for those who need to know). Realistically, Linux users need not
concern themselves with 99% of the viruses at large. Trojans and
Rootkits pose a problem, but they pale in comparison to the sheer
volume of Windows related viruses available. Why should you care? If,
like me, your organization's security falls into your lap, then you
should care.
In a perfect world, everyone would use a locked down custom
distribution and viruses wouldn't be an issue; but in the corporate
world, switching everyone to Linux is not a reality. Try telling the
head of sales to use an alternative to PowerPoint. Business-types love
their MS Office Suite. Until something equally widespread and supported
appears for Linux, you're stuck with this mentality. Until that day
arrives, checking out a few of the email gateway virus scanning tools
available for Linux is worthwhile.
* AMaViS (A Mail Virus Scanner)
http://www.amavis.org
* Trend Micro InterScan VirusWall
http://www.antivirus.com/products/isvw (30-day evaluation)
Of course, how can we have a proper virus discussion without mentioning
hoaxes. Virus hoaxes have run rampant through email for years. If a
user sends you a virus email warning, then it might be worth checking
out one the following hoax archive sites.
* ICSA Labs
http://www.icsalabs.com/html/communities/antivirus/hoaxes.shtml
* Vmyths.com
http://www.vmyths.com
If you don't find the virus on a hoax list, then you will need to look
elsewhere. To learn more about a suspected virus, the McAfee Anti-
Virus Labs (http://www.avertlabs.com) is the fastest way I have found
to view a virus's details. McAfee has a searchable archive of every
known virus and the steps to remove the offender. The best part is
that the answer is hardly ever "Install McAfee Virus Scan".
On a side note, I'd like to thank everyone who has been sending
recommendations of your favorite tools. I will be compiling them into
categories and sharing the best.
About the author(s)
-------------------
Rick Johnson is currently the Manager of Security Services for
FusionStorm, a remote managed services company. When not writing, he
heads the development team for PMFirewall, an Ipchains Firewall and
Masquerading Configuration Utility for Linux. Rick can be contacted via
email at rick@pointman.org or on the web at http://www.pointman.org.
__________________________________________________________________________
______
ADDITIONAL RESOURCES
Understanding viruses
As viruses get smarter, we need to change our focus from patching holes
to preventing them
http://www.unixinsider.com/jsw/linsec_nl/swol-01-2001/swol-0126-buildingbl
ocks.html
Can IT ban e-mail attachments?
Don't blame the messenger
http://www.itworld.com/jump/linsec_nl/www.itworld.com/Sec/2199/IW010305ops
watch/
Chinks begin to appear in the antivirus armor
http://www.itworld.com/jump/linsec_nl/www.itworld.com/Sec/2222/CWSTO58268/
'NAKEDWIFE' trojan worm strikes
http://www.itworld.com/jump/linsec_nl/www.itworld.com/News/2001/3/itwnews0
10306virus/
Beef up your defense against e-mail viruses
Fortify your enterprise before the next outbreak is unleashed
http://www.itworld.com/jump/linsec_nl/www.itworld.com/AppDev/1312/IW010226
tctcap/
__________________________________________________________________________
______
<<attachment: winmail.dat>>