[unisog] How often to pull anti virus updates from vendors

Gary Flynn flynngn at jmu.edu
Wed Dec 5 19:15:00 GMT 2001


> on 12/5/01 7:33 AM, Harris, Michael C. at HarrisMC at health.missouri.edu
> wrote:
> 
> > it seems weekly won't cut it any more, but is daily enough?

No. Today's worms travel the globe in hours and infect many
people before they're widely discovered let alone have
signatures created for them for distribution.

We use a managed Norton system that updates itself from the
Norton site and that clients pull from. However, I've noticed
a lag in the introduction of new signatures to both the
site from which the managed version gets its updates and the
LiveUpdate site...usually several hours. In any case, by
the time a new signature comes out, either directly or
indirectly, a lot of people can be affected.

We block scr, pif, com, vbs, name.xxx.exe, and other attachments 
at the email server. I don't think anyone here has seen Goner 
unless they used a different mail server. I wouldn't have even
issued an alert but for the ICQ tie-in, wide distribution, and
publicity.

We also try to educate people about the hazards of hasty use
of the index finger on a mouse. Unlike the Badtrans-B worm
which exploited a defect in IE to infect, the spread of goner 
was completely operator driven.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe



More information about the unisog mailing list