First Virus in 25 Years [modified]
-
I've never needed it before. Why are you shocked?
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001John Simmons / outlaw programmer wrote:
I've never needed it before.
I'm with you on this one. I haven't gotten a virus on my home pc in ages. I've had more problems on my work pc with Norton on it.
"Love is a snowmobile racing across the tundra and then suddenly it flips over, pinning you underneath. At night, the ice weasels come." I refuse to spend my life worrying about what I eat. There is no pleasure worth foregoing just for an extra three years in a geriatric ward.
-
Well, it finally happened. I've been using personal computers (in one form or another) for over 25 years, and yesterday I got my first computer virus. It happened while I was setting up a new DSL modem/router. I was playing with the settings, and pondering a page regarding static IP mapping when all of a sudden, the three non-server boxes (running Win2k Pro/SP4) all rebooted at the same time. When they came back up everything appeared normal except for one thing - the router was being hammered mercilessly by all three machines. I don't think any bad packets were getting out, but it sure did play hell with the speed of our internet connection. I immediately disabled the network connections on all three and just to be safe, completely shut down my server. After considering the possibilities, I assumed I had gotten a virus before I could lock the router down, so I enabled the network connection on my computer long enough to download AVG 7.1 and scanned my system. It found the Nachi.A virus and cleeaned it off my system, so I repeated the process (enable network connection, download, disable connection) on the other three machines (including the server). Sure enough it found Nachi.A on the other two boxes that had rebotted themselves, but strangely, not of the server box (running 2k3 server). I googled the virus, and found it reported in 2003 and that it exploited a RPC bug. I guess SP4 isn't patched enough to prevent the virus. This is the first time I've ever gotten a computer virus on ANY machine I was the admin on, and the first time I've ever installed A/V software on any machine I've ever owned. I wonder why it didn't infect the server...
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001After a long time of saying I didn't need AV software, I installed a trial of AVG's professional edition. Within a couple of weeks it trapped a drive-by-download attempt from a website (this was still on XP SP1). I've come around to the view that AV software is essential. If you're certain that you always practice suitable isolation procedures for all files you receive, and if you keep your system fully patched up to date, and you follow security mailing lists to find out about new unpatched threats, and you ensure that only the ports that actually need to be exposed to the internet are open, then you can be safe without AV software. It only takes a small amount of carelessness to become infected. Most users have a very large dose of carelessness. Microsoft recommend that everyone running Windows 2000 applies SP4 and the following Update Rollup. We haven't applied the rollup yet but I believe it's just a collection of security updates which we have already applied - Windows Server Update Services is actually reporting that the rollup is installed. The general recommendation is that you should test security patches in your environment and deploy them as soon as possible. If you don't have spare resources to test security patches, my recommendation is to turn on Automatic Updates with automatic download and installation. We do this on all servers except for our domain controller, which is managed manually. If you have even a slightly large network, consider installing Windows Server Update Services. This allows you to see in a central place which systems have which updates, and to approve updates for installation. You can have WSUS automatically approve categories of updates. You can also save bandwidth by having WSUS download updates once from Windows Update, then the clients download the updates from the WSUS server. Stability. What an interesting concept. -- Chris Maunder
-
Well, it finally happened. I've been using personal computers (in one form or another) for over 25 years, and yesterday I got my first computer virus. It happened while I was setting up a new DSL modem/router. I was playing with the settings, and pondering a page regarding static IP mapping when all of a sudden, the three non-server boxes (running Win2k Pro/SP4) all rebooted at the same time. When they came back up everything appeared normal except for one thing - the router was being hammered mercilessly by all three machines. I don't think any bad packets were getting out, but it sure did play hell with the speed of our internet connection. I immediately disabled the network connections on all three and just to be safe, completely shut down my server. After considering the possibilities, I assumed I had gotten a virus before I could lock the router down, so I enabled the network connection on my computer long enough to download AVG 7.1 and scanned my system. It found the Nachi.A virus and cleeaned it off my system, so I repeated the process (enable network connection, download, disable connection) on the other three machines (including the server). Sure enough it found Nachi.A on the other two boxes that had rebotted themselves, but strangely, not of the server box (running 2k3 server). I googled the virus, and found it reported in 2003 and that it exploited a RPC bug. I guess SP4 isn't patched enough to prevent the virus. This is the first time I've ever gotten a computer virus on ANY machine I was the admin on, and the first time I've ever installed A/V software on any machine I've ever owned. I wonder why it didn't infect the server...
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001John Simmons / outlaw programmer wrote:
This is the first time I've ever gotten a computer virus on ANY machine I was the admin on,
Pwned! :-D Weiye Chen Life is hard, yet we are made of flesh...
-
I've never needed it before. Why are you shocked?
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001John Simmons / outlaw programmer wrote:
Why are you shocked?
i'm used to users (collegues and family) who could infect a toaster with a virus, so the concept of NOT having AV software installed is completely foreign to me... my hats off to you for making it through 25 years unscathed. nicko
-
John Simmons / outlaw programmer wrote:
the first time I've ever installed A/V software on any machine I've ever owned
:omg::omg::omg: nicko
-
Personally I'd wonder why your new router was port forwarding the RPC ports - on every home router I've seen these are blocked by default, so Nachi should never have been able to get in.
I don't know. After I applied power the first time, I did a reset on the router to make sure it was at the factory default settings, and THEN plugged in the CAT5 cable to the modem. I was flying blind on the setup, so I may have inadvertantly turned something of/off that should have been left alone. After I connected my old setup back up, I did another reset on the modem. A problem with this modem is that I apparently can't configure the LAN side unless the WAN side is connected. That's pretty stupid, IMHO.
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001-- modified at 8:59 Monday 22nd May, 2006
-
After a long time of saying I didn't need AV software, I installed a trial of AVG's professional edition. Within a couple of weeks it trapped a drive-by-download attempt from a website (this was still on XP SP1). I've come around to the view that AV software is essential. If you're certain that you always practice suitable isolation procedures for all files you receive, and if you keep your system fully patched up to date, and you follow security mailing lists to find out about new unpatched threats, and you ensure that only the ports that actually need to be exposed to the internet are open, then you can be safe without AV software. It only takes a small amount of carelessness to become infected. Most users have a very large dose of carelessness. Microsoft recommend that everyone running Windows 2000 applies SP4 and the following Update Rollup. We haven't applied the rollup yet but I believe it's just a collection of security updates which we have already applied - Windows Server Update Services is actually reporting that the rollup is installed. The general recommendation is that you should test security patches in your environment and deploy them as soon as possible. If you don't have spare resources to test security patches, my recommendation is to turn on Automatic Updates with automatic download and installation. We do this on all servers except for our domain controller, which is managed manually. If you have even a slightly large network, consider installing Windows Server Update Services. This allows you to see in a central place which systems have which updates, and to approve updates for installation. You can have WSUS automatically approve categories of updates. You can also save bandwidth by having WSUS download updates once from Windows Update, then the clients download the updates from the WSUS server. Stability. What an interesting concept. -- Chris Maunder
-
John Simmons / outlaw programmer wrote:
This is the first time I've ever gotten a computer virus on ANY machine I was the admin on,
Pwned! :-D Weiye Chen Life is hard, yet we are made of flesh...
Going 25 years before getting a virus is hardly considered being "pwned"...
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001 -
Well, it finally happened. I've been using personal computers (in one form or another) for over 25 years, and yesterday I got my first computer virus. It happened while I was setting up a new DSL modem/router. I was playing with the settings, and pondering a page regarding static IP mapping when all of a sudden, the three non-server boxes (running Win2k Pro/SP4) all rebooted at the same time. When they came back up everything appeared normal except for one thing - the router was being hammered mercilessly by all three machines. I don't think any bad packets were getting out, but it sure did play hell with the speed of our internet connection. I immediately disabled the network connections on all three and just to be safe, completely shut down my server. After considering the possibilities, I assumed I had gotten a virus before I could lock the router down, so I enabled the network connection on my computer long enough to download AVG 7.1 and scanned my system. It found the Nachi.A virus and cleeaned it off my system, so I repeated the process (enable network connection, download, disable connection) on the other three machines (including the server). Sure enough it found Nachi.A on the other two boxes that had rebotted themselves, but strangely, not of the server box (running 2k3 server). I googled the virus, and found it reported in 2003 and that it exploited a RPC bug. I guess SP4 isn't patched enough to prevent the virus. This is the first time I've ever gotten a computer virus on ANY machine I was the admin on, and the first time I've ever installed A/V software on any machine I've ever owned. I wonder why it didn't infect the server...
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001It's always good to be safe cause you never know if a company product you use that needs an update and you go and download the update it happens to be infected. I downloaded an update a few months ago for a program I own from the companies website and it happened to be infected. I informed them and they said it was scanned before they uploaded it but apparently they used norton, ouch. Without av software you would never know, some virus malware etc don't really give a visual notice of their presence but a system speed decrease notice. I remember not long ago in here how you never had the need for a av program, I new one of these days it would happen, cause without a av program to stop the virus in its tracks it has free reign. Atleast you were lucky no data loss occured. I highly recommend the best av program for the job and that is Eset Nod32[^] They are the leader in av trojan and malware protection. They support windows, linux, freebsd and so on. Remember when nullsoft uploaded a infected winamp install?:doh:
-
It's always good to be safe cause you never know if a company product you use that needs an update and you go and download the update it happens to be infected. I downloaded an update a few months ago for a program I own from the companies website and it happened to be infected. I informed them and they said it was scanned before they uploaded it but apparently they used norton, ouch. Without av software you would never know, some virus malware etc don't really give a visual notice of their presence but a system speed decrease notice. I remember not long ago in here how you never had the need for a av program, I new one of these days it would happen, cause without a av program to stop the virus in its tracks it has free reign. Atleast you were lucky no data loss occured. I highly recommend the best av program for the job and that is Eset Nod32[^] They are the leader in av trojan and malware protection. They support windows, linux, freebsd and so on. Remember when nullsoft uploaded a infected winamp install?:doh:
-
At home at least I never needed antivirus, I don't open any unsolicited software, mind you I do have a good firewall, a Cisco 877W :) Never send a human to do a machine's job Agent Smith
norm.net wrote:
I don't open any unsolicited software
Actually our first virus at work, the "Monkey Virus" (DOS days), came from a vendor driver diskette. Simply avoiding unsolicited software is not a protection, given that virus protection is "after the virus is known well" meaning that all companies and individuals are unprotected from "new" viruses, every virus has about a week to a month of "free reign" in which it can spread without risk of detection or halt through unprotected and/or unmonitored systems. This means that even a vendor you trust could punch out a CD Master with a virus on it, if it falls in that window. _________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb)
-
I also don't use anti-virus at home. Never send a human to do a machine's job Agent Smith
You obviously don't have a teenager/wife using a PC at home :doh:.
Software Zen:
delete this; -
Well, it finally happened. I've been using personal computers (in one form or another) for over 25 years, and yesterday I got my first computer virus. It happened while I was setting up a new DSL modem/router. I was playing with the settings, and pondering a page regarding static IP mapping when all of a sudden, the three non-server boxes (running Win2k Pro/SP4) all rebooted at the same time. When they came back up everything appeared normal except for one thing - the router was being hammered mercilessly by all three machines. I don't think any bad packets were getting out, but it sure did play hell with the speed of our internet connection. I immediately disabled the network connections on all three and just to be safe, completely shut down my server. After considering the possibilities, I assumed I had gotten a virus before I could lock the router down, so I enabled the network connection on my computer long enough to download AVG 7.1 and scanned my system. It found the Nachi.A virus and cleeaned it off my system, so I repeated the process (enable network connection, download, disable connection) on the other three machines (including the server). Sure enough it found Nachi.A on the other two boxes that had rebotted themselves, but strangely, not of the server box (running 2k3 server). I googled the virus, and found it reported in 2003 and that it exploited a RPC bug. I guess SP4 isn't patched enough to prevent the virus. This is the first time I've ever gotten a computer virus on ANY machine I was the admin on, and the first time I've ever installed A/V software on any machine I've ever owned. I wonder why it didn't infect the server...
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001I got nicked by the Michaelangelo virus in '91 or '92 when I was running my software company. The machine that got hit was dual booting QNX, so the removal process was somewhat exciting to say the least. However, I managed to get out of the scrape without losing data. Been running anti virus software ever since. Once bitten... And yeah, AVG rocks. I'd been paying Norton / Symantec for years, but they decided to boost their profits by outsourcing customer support to an extremely inept and apathetic organization, so I dumped them. Yep, that outsourcing stuff sure does save money. Who needs all those pesky customers? :) Christopher Duncan Practical Strategy Consulting Author of The Career Programmer Unite the Tribes
-
You obviously don't have a teenager/wife using a PC at home :doh:.
Software Zen:
delete this; -
Going 25 years before getting a virus is hardly considered being "pwned"...
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001John Simmons / outlaw programmer wrote:
Going 25 years before getting a virus is hardly considered being "pwned"...
I mean the virus.:) Weiye Chen Life is hard, yet we are made of flesh...
-
Craster wrote:
"They are the leader"
You will have several categories, not sure which he is using, but the "official" categories where several (not just one) are able to call themselves "leaders": 1) User response (responding to new viruses submitted by customers) 2) Market response (responding to new viruses caught by other companies and their customers) 3) Catching viruses in the wild (usually referred to as a sacrificial lamb, one or more computers are deliberately left open to catch new viruses) 4) Detection via heuristics 5) speed of dictionary/signature detection/reaction 6) quality of dictionary/signature detection/reaction (false vs. true usually, this is very relative) 7) detection of virus "behavior" (a program tried to .... do you wish to allow this action?) and new ones that companies make up. :) _________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb)
-
You obviously don't have a teenager/wife using a PC at home :doh:.
Software Zen:
delete this;Gary Wheeler wrote:
wife
Yes, her emails, are filter by outlook, the junk filter is high, she know open attachments from anybody she does not know. If you're careful then you can avoid AV, it's all down to common sense. Never send a human to do a machine's job Agent Smith
-
Gary Wheeler wrote:
wife
Yes, her emails, are filter by outlook, the junk filter is high, she know open attachments from anybody she does not know. If you're careful then you can avoid AV, it's all down to common sense. Never send a human to do a machine's job Agent Smith
I've found common sense to be anything but common when it comes to normal users. I try to instill some amount of discretion in my family, but I'm not going to make them neurotic about it when I can do things up front. Ironically enough, our worst 'incident' occurred with a root kit / virus combination infection that happened while I was browsing msnbc; one of their ad servers was hijacked. In this case, I was browsing what I thought was a safe site. The adage "an ounce of prevention is worth a pound of cure" comes to mind. Given my experience with my 'incident', the units are more like µg and kiloton.
Software Zen:
delete this; -
You obviously don't have a teenager/wife using a PC at home :doh:.
Software Zen:
delete this; -
Restricting admin rights doesn't seem to do much when it comes to preventing malware infections, unfortunately.
Software Zen:
delete this;