[unisog] Request Opinions on Anti-Virus Software

Russell Fulton r.fulton at auckland.ac.nz
Tue Jun 7 18:58:57 GMT 2005

On Tue, 2005-06-07 at 10:31 -0400, Hall, Rand wrote:
> Hmmm, I'm surprised by two things:
> 1) All of this talk about email-borne viruses. I thought most
> companies/schools had a pretty good handle on this.

In general we do, but this leads to its own problems (see my summary
post for the 'phishing' issue which turned out to be something
completely different.

My conclusion is that with current technology (and probably for the
conceivable future) we are all going to be subject to periodic malware
outbreaks.  The reason for this is nothing to do with technology and
everything to do with people.  Yes, most of the time we do a very good
job of keeping the nasties at bay and as a consequence our users (or
enough of them to cause problems) disregard our warnings about being
cautious with attachments and links in email.

So yesterday we had 30 infections from the latest mytob worm and that's
way higher than we would have liked.  OTOH it is well under 1% of our
staff email users.  When you have several thousand users it only takes a
few idiots (or sensible folk having an off day) to screw things up.

The key thing with this one was that there was no code in the email that
we could recognise and block, nor was the email recognised as spam and
when users followed the link SAV did not recognise the downloaded file
as malicious.  This combined with a few people who got suckered by the
social engineering left us with a sizable problem that tied up several
IT staff for most of the day.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050608/949baed8/smime-0001.bin

More information about the unisog mailing list