Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!iuvax!bsu-cs!mithomas From: mithomas@bsu-cs.bsu.edu (Michael Thomas Niehaus) Newsgroups: comp.sys.mac Subject: Re: Virus Protection for AppleShare File Servers? Summary: Corrections Keywords: virus, appleshare Message-ID: <8159@bsu-cs.bsu.edu> Date: 10 Jul 89 19:47:25 GMT References: <5956@hubcap.clemson.edu> <8148@bsu-cs.bsu.edu> <852@accuvax.nwu.edu> Organization: CS Dept, Ball St U, Muncie, IN, USA Lines: 102 In article <852@accuvax.nwu.edu>, chris@accuvax.nwu.edu (Chris Krohn) writes: > having witnessed several viral infections on various types of server > configurations, I must strongly disagree with this statement [about viruses infecting a server]. Virus infections of the SERVER or of the SERVER'S SOFTWARE? That is the distinction that I wanted to make. Yes, it is very easy to infect the applications software that resides on the server, but as for the server itself (actually, the server's System) it won't be infected. > Nevertheless, it can happen. For example, Adobe shipped many copies > of it's popular Illustrator program complete with a virus. Even if you > did use the orginal, locked disks, you were still vulnerable to infection. But since you would install this software from a workstation, the server (read: the server's System) would not become infected (unless you run the software from the server while the server is not serving). > Well, the server system *itself* is safe, but (as you point out > below) the client workstations are not. Sorry for not making that more clear. The original question asked if it was necessary to install Vaccine or some other virus protection ON THE SERVER ITSELF. > ##All of the other files on the > ##network are data files. Viruses cannot be spread from these data files. > > Not true. The Init29 virus, for example, will infect data files > as well as applications. I must clarify here as well: as far as the server is concerned, all of the files on its hard disk are data files. They are delivered to the stations upon request. The server never executes them (and they are never placed into the server's System Folder) so the server is not infected. > ##Now, if you were to shut down your server, boot with another disk, and run > ##some of the software that is on that server's disk *ON THE SAME SERVER > ##MACHINE* then you could infect the server. But, I recommend against > ##doing this. > > I agree with this. If you do need to do this, (run a disk > optimization package or partition utility or something), make sure you > have Vaccine installed and turned on for the system disk which you use > to boot the machine. > ##The stations on the network that are using the software from the servers > ##are the ones that need to be protected. If one of them put a virus in one > ##of the oft-used applications on the server, it would spread to all of the > ##stations in a matter of days (or less). But since the server never runs > ##this software, it will remain unscathed. > > ##Put your applications in locked folders so that viruses cannot be installed > ##into them. Put Vaccine or something like it on all of the workstation's > ##system disks. Check the workstation disks regularly. > > This is excellent advice. This will not necessarily protect you > from spreading viruses off the server, but will do a good job. It is > necessary to check the workstation disks regularly, as people often will > turn vaccine off, or delete it, or whatever. Additionally, do what you can > to ensure your users are educated about viruses, because even if Vaccine > is installed, they may not understand what is going on, and may through > ignorance allow a virus to spread. I must clarify one point again here: there is a difference between LOCKED folders and folders that you do not have WRITE ACCESS to. To be more effective, you should try to place applications in folders, then deny all users write access to that folder (modify the folder's access priviledges). > Certain software packages will not run in locked folders, however. > (E.G. FileMaker II, CricketDraw, WriteNow 1.0) and are therefore always > vulnerable. The only real solution is not to allow such software packages > to be installed on the file server, but this may not be possible. I have never had any problems with Cricket Draw (we have version 1.1). It works just fine from a non-write-access folder (read-only folder? I can't think of a good term. Just look for the little pencil with the line through it in the Finder's windows). > Because no virus prevention technique is foolproof, you will *always* > be in danger of viral infections. Check your server with a virus detection/ > removal program like Disinfectant on a regular basis. Definitely take the time to do this. It may seem like an enormous chore, but it will save you time in the long run. (I had to use the money argument at Ball State: Which would you rather do? Pay a lab assistant $3.35 an hour to check disks instead of do his homework, or would you rather have the software technicians reinstalling software at a higher price?) Ball State did have viruses on all of their machines across campus. But we gave them all copies of Interferon, Vaccine, and Virus Rx, taught them how to use them, and helped them reinstall all of their software/Systems. Now it is rare to find a virus, but they do still show up. In fact, several labs on campus now check every disk that is brought in the door for viruses. (This also allows them to check for pirated software.) -Michael -- Michael Niehaus UUCP: !{iuvax,pur-ee}!bsu-cs!mithomas Apple Student Rep ARPA: mithomas@bsu-cs.bsu.edu Ball State University AppleLink: ST0374 (from UUCP: st0374@applelink.apple.com)