[unisog] Request Opinions on Anti-Virus Software
Peter Van Epp
vanepp at sfu.ca
Mon Jun 6 15:30:50 GMT 2005
On Mon, Jun 06, 2005 at 11:10:15AM -0400, Michael Holstein wrote:
> >Do you block .doc and .xls files as well? You should not have to block
> >.zip files as they require work on the user's part to make them dangerous.
> Unfortunately, users have repeatedly demonstrated the desire to "go the
> extra effort" to make ZIP files dangerous.
> "Oh .. how thoughtful .. they encrypted it for me .. but at least they
> gave me the password".
> unisog mailing list
> unisog at lists.sans.org
True, but education does work. Our first time through there were around
50 accounts that clicked on an executable to become infected. After their
network access was removed they (the user, not their lan administrator who
cleaned the machine) had to explain via email to the Director that they
understood why this was an inappropriate thing to do and what they were going
to do to prevent a reoccurance before their network access was returned (even
after the machine had been cleaned). The last time a week or so ago there were
3 machines (and only one of those was a repeat offender).
We allow zips but block password protected zips (which did cause
complaint from a small number of users) because there is some requirement for
users to get attachements via email from sites we don't control and who won't
change to accomidate us so we have to accomidate them.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the unisog