05-26-2004, 05:27 PM
Firewalls and antivirus software do wonders for protection. But, the adware garbage is a problem that most firewalls, and antivirus programs have not yet learned to deal with. Most of the antivirus companies are offering some protection from these programs, and some do a pretty good job, but there aren't any out there that stop them dead, dang....just had a stinking phone call from a user that is having pop-up problems....dejavu? Anyway, one thing we have done in our environment is allowing access to the few sites that our operators absolutely need (for instance antivirus updates, customer websites, vendors, etc), but in all reality, most of our operators don't do the research, and don't need the internet. You are in a different situation. There are some technologies that will be released in the near future that will have significant improvements in security for windows based computers. Windows XP Service Pack 2 will be released in a couple months, and this alone will help tremendously.
In the end, it all comes down to protection and security (I am the one responsible for the security of our servers and workstations). I think of it no differently than an STD (sexually transmitted disease). Protection may help, and it may help tremendously. But, there is really only one way to keep viruses, intrustions, ads, etc. out of your network, and that's by abstinence...eliminate the net, and you eliminate the problems. So, who do you eliminate the net from? Those who's jobs don't require it.
For a perfect example of, we can look at the latest virus that went the rounds, Sasser. Unlike many recent worms, this virus does not spread via email. No user intervention is required to become infected or propagate the virus further. The worm works by instructing vulnerable systems to download and execute the viral code. This is the whole problem with many internet intrusions as of late. You don't have to do anything wrong in order for your computer to become infected. In an environement where I am responsible for well over 500 computers, it can be quite difficult to maintain, and update all workstations when new intrusive programs arise. One way to combat them, is to deny access to those computers that don't need the internet...problem solved for current viruses, and future viruses alike.
If you really are concerned about losing access to BFT, talk to your IS department and see if they will allow that website.....it might be worth a try, but I can probably tell you their answer....
[signature]
In the end, it all comes down to protection and security (I am the one responsible for the security of our servers and workstations). I think of it no differently than an STD (sexually transmitted disease). Protection may help, and it may help tremendously. But, there is really only one way to keep viruses, intrustions, ads, etc. out of your network, and that's by abstinence...eliminate the net, and you eliminate the problems. So, who do you eliminate the net from? Those who's jobs don't require it.
For a perfect example of, we can look at the latest virus that went the rounds, Sasser. Unlike many recent worms, this virus does not spread via email. No user intervention is required to become infected or propagate the virus further. The worm works by instructing vulnerable systems to download and execute the viral code. This is the whole problem with many internet intrusions as of late. You don't have to do anything wrong in order for your computer to become infected. In an environement where I am responsible for well over 500 computers, it can be quite difficult to maintain, and update all workstations when new intrusive programs arise. One way to combat them, is to deny access to those computers that don't need the internet...problem solved for current viruses, and future viruses alike.
If you really are concerned about losing access to BFT, talk to your IS department and see if they will allow that website.....it might be worth a try, but I can probably tell you their answer....
[signature]