| Author | Message | ||
     Staindus |
Just had 9 computers hit with winfixer. (called trojan.vundo by Symantec) Seems to be a new variant. It seems to be using a vulnerability in Symantec AV clients that are not patched. vundofix.exe from http://www.atribune.org/content/view/24/2/ seems to get rid of it. | ||
| Staindus |
it seems to me I need to broaden my vocabulary  | ||
| Jackbequick |
Looks to me like winfixer and trojan.vundo are two different virii: trojan.vundo - http://tinyurl.com/2f9teb winfixer - http://tinyurl.com/2aoejb I don't see that Symantec acknowledges any vulnerability either but that does not surprise me. I've been using Norton (now on NIS 2006) for some time and find it effective but maddening in use at times. It seems to have stabilized a little bit in the last year or so and the Norton Removal Tool solved a lot of issues for me. About two times in the last year I had to phone Symantec and get them to clear an error on invalid "expired subscriptions". They verify the key code and reset if for me. I'm using W2K Pro and will until I have to change from that. NIS 2006 is the last version of NIS that does W2K and I buy OEM version of it on eBay for $15 or so each year. Maybe I should turn NIS off and run vundofix.exe and see what it finds? Jack | ||
| Steve_mackay |
I honestly don't understand why people run Norton AV. It's a massively invasive, bloated pile of crap IMHO. I've been using AVG free at home for about 3-4 years now, and have a site license for work. Works excellent. Cheaper than Norton(for business use), and FREE for home use. It's also much less resource intensive. http://free.grisoft.com/ | ||
| Toona |
Ditto on the Grisoft software. They also offer a free anti-spyware program as well. It was recommended to me me by my local computer repair guy a few years back. Yes it is free and yes it does work well. | ||
| Thespive |
I use OSX.  --Sean | ||
| Toe_cutter |
Linux  | ||
| Glitch |
Right on Steve! Right on ToeCutter! | ||
| Staindus |
I use Linux too (kubuntu), too bad my users cant  jack - thanks for clearing that up. One must be pulling in the other. Seems to be under control now. | ||
| Greenlantern |
OSX In my world a virus is something that gives you the runs, spyware is black spandex, a ski mask and binoculars and adware is my Buell jersey.  | ||
| Jackbequick |
I work on computers for friends and family occasionally and recommend the AVG security suite. I should try it myself and dump NIS but have not done it yet. I agree with the use of AVG. Especially for non technical folks. If I set up their system I load that and tell them to run it at the defaults, let it update itself every day, do a full search every day, and let it delete all threats found every time it runs. And I also tell them that if they let their subscription lapse (i.e., don't renew it online) I will not "unfork" their systems for them again (I do it for free and don't want more work). And I tell them the keys to maintaining a good, usable system are to: 1 - Try to learn how to use a browser other than the dreaded IE/OE combo. I recommend Firefox/Thunderbird. 2 - Don't ever install any AOL product. 3 - Don't ever install any optional toolbars offered by sites you are browsing. 4 - Don't install any of the "messenger" services. If you have to have one, use only one that is built into your browser. 5 - Don't let your "computer genius" grandson touch your computer unless he understands and agrees to all the rules above. And then allow it only when you are looking over his shoulder, have a hammer in your hand, and are willing to smash his little fingers when he does anything that violates the rules above. Jack | ||
| Staindus |
AVG is a fine free Anti virus program. I feel that everyone running windows must abide by these rules to have a safe and happy computing experience. Make sure Security patches and service packs are up to date. Make sure Anti Virus is installed and up to date and set to scan everyday. Use a firewall, whether its a free software one like Zone Alarm or a hardware one like a NATed broadband router. And have an Anti ADware/Spyware program installed like SpybotSD or Adaware My Friends and Family that I have done this with (as well as the users at my job) have had minimal downtime. I totally agree about NIS but Symantecs Corporate version of the antivirus is very good. I run an anti virus server so I control the updates and also get alerts when a computer is infected so I can catch it before it spreads too much. The security updates part really goes for any OS including OSX and Linux. Nothing is safe these days since OSX is BSD UNIX, it can still get hacked into. Anyway sorry for rambling thats just my 2, err 8 cents | ||
| Staindus |
Hey Toe_cutter if you have any doubts, look at your /var/log/auth.log (or equivalent for your distro) you will see how many attempts there are for failed logins. I get over 50 a night. | ||
| Rasmonis |
I've been using NAV at our site for 5 years without any problems. It is very effective at preventing AV attacks and the Corp ver 10 also monitors spyware and security risks. Since I deployed SAV (then, now NAV) we have had 0 infections at our facility in over 5 years. There were some issues with resources on the 10 release but a patch took care of the problem on the few machines affected. Any AV/Spyware/Spam SW is as good as the definitions (must keep them current) and the behavior of the user sitting on the other side of the terminal. The client installation package included with the Corp suite can be installed on any IBM PC and does not require an annual fee. | ||
| Glitch |
Windows is the bane of my existence.  | ||
| Doon |
Staindus: Make ssh listen on a different port and all of those auth failures go away. A lot of them are infected linux boxes looking for other vulnerable sshd's. I run OSX, (Free|Open)BSD, Solaris, and Irix at home. FreeBSD and OSX at the office. So we tend to be smug about viruses, although I found sending all of my customers (I run an ISP) outbound mail through the virus scanners help limit the impact on the Ohhh Shiny Click Crowd. -Patrick | ||
| Steve_mackay |
Another IRIX user! I've still got an old SGI Indy sitting in my basement | ||
| Staindus |
Quote Doon: help limit the impact on the Ohhh Shiny Click Crowd.  I have a new term for my users who like to click on attachments when they dont know who sent the email. Thanks for the tip on changing the port. | ||
| Toe_cutter |
I have a stand alone firewall (coyote), no logins here. Well maybe on the firewall. | ||
| Blake |
This reminds me. I gotta update my NIS/NAV. | ||
| Reepicheep |
I moved my SSH listener, and IP strapped it to my work IP address. If I need to hit my home system remotely, I VPN into work first, and hit myself from there. PayPal is getting ready to roll out $8 verisign tokens for two factor authentication... when they do, I am buying one. Give me 10 minutes and a wget script, and I will have true two factor authentication for my home SSH server. Securing systems is hard. Securing customer facing applications and enterprises is a freaking nightmare. And all the problems have to do with processes, people, and politics. | ||
| Doon |
Steve_mackay: I have an O2 and an Octane in my computer room at home (it was the dining room at one point, but I have a very understanding wife). They still run great, and make decent x terminals. Staindus: We have lots of names for customers. Depends on the day and what they just got done messing up | ||
| Jackbequick |
Blake, I just bought three NIS 2006 CD's (sealed OEMs)on eBay for a little less than $20 shipped. I have two boxes running W2K and got the third for a neighbor. I bought some hardware too so I could qualify for the OEM versions of course. NIS 2006 is the last version of NIS that will support Windows 2000 apparently. NIS 2007 does not. Jack | ||
| Blake |
Bill (Reep), I hope I'm not just speaking for myself when I ask you, what in tarnation did you just say?  Rest assured though that you have convinced me. I don't know what "two factor authentication" is, but I totally want it. Jack, I just paid the $50 retail for the online upgrade. I too am running Win2K. | ||
| Hootowl |
Bill, Give this a go for remote access... http://sourceforge.net/projects/sslexplorer Works great and it is free. Jeff | ||
| Rasmonis |
NIS is a mess, if you can go with NAV Corp, do it. Licensing works differently, it's not subscription based as far as I can tell. | ||
| Reepicheep |
Hot dang hoot, that's the bees knees. Thanks! |
