Can't blame just Microsoft?
Just a quick reply to your request for experiences of the Nimda worm. I have to say that thus far, our company...
has not been affected by it at all! We have 2 web servers:one protected by an ISA firewall deployment; the other by basic port filtering on the external interface. Neither has become infected. The worm has also neither affected our web access server (also running ISA in integrated mode) nor our internal network.
I have vigilantly been monitoring Microsoft for new patches, reading subscription e-mails about how it infects machines and making sure all virus defenses are up to date and functioning. The result: So far (touch wood) we have avoided infection. I am in no way pointing the finger at anyone out there with this comment, but I do believe that proper security management of systems is the key to curbing these attacks.
Yes, IIS has its vulnerabilities and more are frequently found, but Microsoft does generally address them within a very short period, and therefore, the holes should not be exposed for long if patching is carried out. Security management is a full-time job and one that companies should take more seriously as the growing number of threats increases. Subscribe to MS security bulletins. Subscribe to CERT Advisory bulletins. Be vigilant and careful with Internet gateways on your network, and I believe these threats can be minimized.
It's hard work but no one ever said it would be otherwise.Rob Delany,
I have found that this virus does random damage to random files in systems. In some cases, it has disabled the virus scanners; in others destroyed files. Follow the removal instructions in McAfee first, then check TrendMicro's instructions. There are a few specialized Nimda removal scanners to be had out there -- try them.
In a few cases, I have had to reinstall the virus scanners. And in a few other cases, I had to FDISK and reinstall the OS because there was something keeping the Uninstall of the virus scanners from working and deleting all the scanner files. This is consistent in Win95, Win98se, Win2k pro -- all were hit prior to the virus alert put out by the virus companies.
I have removed this virus and repaired several systems successfully without reinstall of the OS, but again, the damage is not consistent.Ralph Azbill
Fortunately, I don't use Outlook or IIS
I am a professor at a university in Massachusetts. Besides teaching and research, I administer a small VPN with about 15 systems, as well as a Vax cluster and a potpourri of operating systems. Our focus is meteorology, so we rely on the Internet for data; we rely on our computers for model graphical output, and to some extent, model runs.
Fortunately, I don't use Outlook or IIS for anything, so my systems didn't get infected, but the network access became horribly slow when Nimda was first coming out. Several of my systems protected by Zone Alarm are still recording attacks of various sorts, and network speed is still not what it was before Nimda.Frank Colby
Professor of Meteorology
University of Massachusetts, Lowell
Media coverage biased
If you wanted to be immune to Nimda, et al, you could use professional grade software such as Domino. It wasn't written with all those buffer overflows and architectural "features". You can't even say you weren't warned. You have been publishing a constant stream of warnings about how flaky IIS and Exchange are. Magazines such as your own and Windows 2000 have an unfortunate bias towards MS-written software and almost totally avoid competing packages. When was the last time you editorialized about a non-MS package? Yes, I know you have a SearchDomino stream, but in your mainstream, you never talk about it.Does not want name published, but is an IT professional in the government
Just use Linux!
You could do what we do: Run Linux on all your boxes, including desktops. We use KMail as our mail client. Granted, Linux can have its share of flaws, but it seems to be easier to make more secure.Richard Schlee
Follow these rules
I wrote this in the hopes to help people avoid mistakes. Really, the main rules are very simple:1. DON'T USE ANY MICROSOFT SYSTEMS! Use OS/2, MacOS, Linux and Unix as your working systems.
2. If you can't avoid using the any Windows XYZ, DON'T USE it for servers -- a destroyed client is not as painful as a destroyed server!
3. If you can't avoid using Windows XYZ on servers, USE NON-MICROSOFT software for E-mail and Web.
I have already collected some statistics: Our company and some of my friends who haven't used Windows servers haven't had any troubles with viruses -- both now and before.
Several of my friends do have Windows servers, and 50% of their servers were fully destroyed. The rest of them seriously damaged, with the recovery time from 2 days to 1 week. Some of these computers were "fixed" using the latest known MS patches -- it didn't help them!Dr. Volodymyr Kruglov
Dig Deeper on Security Resources