Originally posted by DarkeningAddict
Well, as I said earlier, we were experiencing an almost complete shutdown of our business. Someone had hacked into our network and was accessing Quickbooks. We installed ZoneAlarm and the intruder was blocked. Because ZA tells you the ip address and the exact time the firewall repelled the attempt, we got to watch the hacker change strategies over the next several days trying without success to get back in.
I use it at home as well. The only time in the past year I had any trouble with viruses was shortly after I shut it down and forgot to restart it before going online. The result was an immediate trojan problem.
If you've got things like that happening, you've got a major security problem somewhere... Go fix it, instead of trying to patch it over with a software solution. If Zone Alarm fails, by the way you're telling things, you're screwed. One point of failure is a Bad Thing. If you're actually running a buiness on the web off this machine, get a real, hardware firewall and someone who knows how to set it up properly
and fix whatever security problems you already have. A proper hardware firewall is capable of dealing with issues before they reach the hardware your important applications are running on and, as such, is more capable than any software solution on your production machine. To have trojans magically appear, your security is either wide open or you're doing things that aren't incredibly intellegent to begin with...
I don't know about the other assertions regarding Gibson's hyperbole, but I don't know if I'd call him "chicken little".
It's exactly what he's doing, though... running around exclaiming that the sky is falling, hoping that someone will come and pay attention to him.
Do any of you guys work in an environment where you deal with webservers or handle a lot of e-mail?
I get anywhere from 20-40 emails a day and usually, at least 2 of them will contain viruses. That doesn't sound like much until you realize that those are just the ones that make it through the server's antivirus screen.
Death was an abuse point of contact for a major backbone provider... he's rather more qualified than I to comment on this... Though I will add that it's hardly a problem if you don't use an insecure mail reader, and don't open things that are, in pretty much every case, obviously viruses.
They are currently disinfecting 12 to 20 thousand infected messages per hour.
It's gotten steadily worse and forced them to upgrade their servers twice in the past year.
That sounds like they're handling their mail in a really odd way... but I'll let Death, or maybe Tye take that one...
What makes this so frustrating to me is the fact that no matter what Antivirus software we use, it either misses or fails to disinfect certain trojans. There used to be certain programs like F-PROT and F-Secure that were pretty reliable. Lately it seems that the hackers have gotten the upper hand and nothing really works.
Umm... do you update the virus definitions?
Whether or not this is because of the dissemination of XP, as Gibson asserts is debatable, but the way I see it, the problem is very serious and getting worse.
The release of XP has absolutely nothing to do with anything... There are definately various holes, but the implication that Gibson makes in his DDoS article that the ability to modify TCP/IP packets at the client software level is somehow a bad idea is ludicrous. People who wanted to do so for bad reasons were already able to do so by simple modifications of the OS. This simply allows legitimate uses of these features that are available using pretty much any other OS and TCP/IP stack. Universal Plug & Play does, however, have a
potential to be bad.