Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!shadooby!accuvax.nwu.edu!chris From: chris@accuvax.nwu.edu (Chris Krohn) Newsgroups: comp.sys.mac Subject: Re: Virus Protection for AppleShare File Servers? Keywords: virus, appleshare Message-ID: <852@accuvax.nwu.edu> Date: 10 Jul 89 17:14:04 GMT References: <5956@hubcap.clemson.edu> <8148@bsu-cs.bsu.edu> Sender: news@accuvax.nwu.edu Reply-To: chris@accuvax.nwu.edu (Chris Krohn) Organization: Northwestern Univ. Evanston, Il. Lines: 84 In article <8148@bsu-cs.bsu.edu> mithomas@bsu-cs.bsu.edu (Michael Thomas Niehaus) writes: ##> How does one protect the AppleShare file server from viruses? Will ##> running Vaccine on it work? Or will the dialog box produced upon ##> detection of a virus hang the server? ## ##I debated this with myself before, and came to this conclusion: You do not ##need to protect an AppleShare File Server from viruses. Having been an AppleShare net administrator for a couple years, and having witnessed several viral infections on various types of server configurations, I must strongly disagree with this statement. ##How can I make such ##a statement? Well, install the AppleShare software and maybe the ##Print Server software as well. Use something like Virus Rx and make sure ##that you did not install a virus (very unlikely if you are using original, ##locked disks). Nevertheless, it can happen. For example, Adobe shipped many copies of it's popular Illustrator program complete with a virus. Even if you did use the orginal, locked disks, you were still vulnerable to infection. ##Now that your software is installed, you are safe because *THAT IS THE ##ONLY SOFTWARE EVER RUN* from the server. Well, the server system *itself* is safe, but (as you point out below) the client workstations are not. ##All of the other files on the ##network are data files. Viruses cannot be spread from these data files. Not true. The Init29 virus, for example, will infect data files as well as applications. ##Now, if you were to shut down your server, boot with another disk, and run ##some of the software that is on that server's disk *ON THE SAME SERVER ##MACHINE* then you could infect the server. But, I recommend against ##doing this. I agree with this. If you do need to do this, (run a disk optimization package or partition utility or something), make sure you have Vaccine installed and turned on for the system disk which you use to boot the machine. ##The stations on the network that are using the software from the servers ##are the ones that need to be protected. If one of them put a virus in one ##of the oft-used applications on the server, it would spread to all of the ##stations in a matter of days (or less). But since the server never runs ##this software, it will remain unscathed. ##Put your applications in locked folders so that viruses cannot be installed ##into them. Put Vaccine or something like it on all of the workstation's ##system disks. Check the workstation disks regularly. ## This is excellent advice. This will not necessarily protect you from spreading viruses off the server, but will do a good job. It is necessary to check the workstation disks regularly, as people often will turn vaccine off, or delete it, or whatever. Additionally, do what you can to ensure your users are educated about viruses, because even if Vaccine is installed, they may not understand what is going on, and may through ignorance allow a virus to spread. Certain software packages will not run in locked folders, however. (E.G. FileMaker II, CricketDraw, WriteNow 1.0) and are therefore always vulnerable. The only real solution is not to allow such software packages to be installed on the file server, but this may not be possible. Because no virus prevention technique is foolproof, you will *always* be in danger of viral infections. Check your server with a virus detection/ removal program like Disinfectant on a regular basis. ##Michael Niehaus UUCP: !{iuvax,pur-ee}!bsu-cs!mithomas ##Apple Student Rep ARPA: mithomas@bsu-cs.bsu.edu ##Ball State University AppleLink: ST0374 (from UUCP: st0374@applelink.apple.com) Chris Krohn Academic Computing and Network Services Northwestern University