[unisog] How often to pull anti virus updates from vendors
flynngn at jmu.edu
Wed Dec 5 19:15:00 GMT 2001
> on 12/5/01 7:33 AM, Harris, Michael C. at HarrisMC at health.missouri.edu
> > it seems weekly won't cut it any more, but is daily enough?
No. Today's worms travel the globe in hours and infect many
people before they're widely discovered let alone have
signatures created for them for distribution.
We use a managed Norton system that updates itself from the
Norton site and that clients pull from. However, I've noticed
a lag in the introduction of new signatures to both the
site from which the managed version gets its updates and the
LiveUpdate site...usually several hours. In any case, by
the time a new signature comes out, either directly or
indirectly, a lot of people can be affected.
We block scr, pif, com, vbs, name.xxx.exe, and other attachments
at the email server. I don't think anyone here has seen Goner
unless they used a different mail server. I wouldn't have even
issued an alert but for the ICQ tie-in, wide distribution, and
We also try to educate people about the hazards of hasty use
of the index finger on a mouse. Unlike the Badtrans-B worm
which exploited a defect in IE to infect, the spread of goner
was completely operator driven.
Security Engineer - Technical Services
James Madison University
More information about the unisog