What can be learned?

Hi antivirus friends,

What can we learn from an infection.? Well the general advice given is patch, patch, patch. But this is only part of the story. Worms will find holes, that cannot be patched (bad file share protection, poor user policies, etc.) Some comments blame the end-user entirely. Irritant malware now carry a payload like a backdoor, a Trojan or open a session on the malcreant’s server (IRC).
A real virus infection gives you more insight than all human driven testing can do. Hear I am not propagating you must infect your computer or network with a worm, far from that, but it will show you a narrow and deep vision of where your hole(s) are. They also come to show how well your system is guarded against various types of traffic. Can your internet host be reached on TCP 445, you are shocked and compromised. Your firewall, ACL or host filtering should be under scrutiny, something is desperately wrong. Host protection must be good, IDS and your client antivirus policy OK. Floppy disks, Web downloads and USB device must not infect. Weak internal security provokes File sharing worms and trojans, drop your rights on all boxes. Your browser habits are problematic when you get trojan infections through malicious code not being blocked. You must have direct controls on what ports are open. This story shows that this is a dual problem, a technical part of the story on the one hand, and a non-technical on the other. Solving the one problem to tackle the other creates only more frustration,

polonus

Don’t browse the internet or collect email whilst logged on as a user with administrator rights as the virus then inherits those same rights and can use them to reap havoc. A limited user account is less vulnerable, but you don’t want to keep switching user accounts, a pain. The solution use MS DropMyRights (free) to limit the rights of you browser, email, etc. see the link in my signature.