Hi,
Blindly saying "move to Linux, its more secure" is simply not a sensible answer
for a number of really obvious reasons. Stating two of those, first if he has LOB
applications that need Windows Server then you will be stopping his business from
working, and second if he is clueless about Windows, can you imagine how much more
difficulty he'll have in a Linux environment?
A default Linux install is about as secure as a default Windows Server 2003
install - that is, neither are anywhere near secure. You have to do a
reasonable amount of work to secure BOTH of them - and include *BSD in that
too. We support Linux, BSD and Windows systems here and, honestly, there's not
much different between securing them all, and definitely not that much
difference in the time needed to secure them and then keep them secure.
If he has a Windows machine OR a Linux machine he must do regular backups.
Data protection by backup is not dependant on the OS running on the server.
This is a misdirected statement in a really major way that you have made here.
Also, not only should he not run unnecessary software on a Windows box, but
that applies equally to a Linux (or BSD) box - all unnecessary software does is
to increase the attack surface.
Also, his anti-virus - Bit Defender - is OBVIOUSLY not doing the job. If it is
removing viruses, then WHY did it let them into his system in the first place?
The whole idea of an AV program is to stop viruses and other malware such as
worms and Trojans from infecting your system in the first place. If it can't
do that, then it is obviously time for another package (or a sysadmin who has a
clue about configuring it).
We use NOD32 here because for us and our clients, it has simply not missed a
virus in the 5+ years that we have been using it. It has also been used to
detect viruses that have been missed by McAfee, Trend, Symantec, AVG, Avast,
Bit Defender, CA AntiVirus and more on client machines - and we have converted
every single one of them to NOD32 on the spot.
The OP obviously is not clued up to security. Your comments to him wouldn't
help in the slightest. He needs a decent firewall, a better AV program, to
ensure that all OS and application patches are made to his server and
especially to his client PCs, and he needs to get someone in with a clue to
show him how and why to do things properly. He also needs to flatten and
rebuild most of his network, apparently, as an infected machine cannot be
trusted. And when he does this, he needs to isolate the infected machines from
the clean ones and never, ever have the two networks meet each other.
Oh, and by the way, your English is more than acceptable for a non
English-as-a-first-language speaker. It is a lot better than the English I've
encountered from many a native English speaker!
--
Regards,
Hilton Travis Phone: +61 (0)7 3344 3889
(Brisbane, Australia) Phone: +61 (0)419 792 394
Manager, Quark IT http://www.quarkit.com.au
Quark AudioVisual http://www.quarkav.net
http://www.threatcode.com/ <-- its now time to shame poor coders
into writing code that is acceptable for use on today's networks
War doesn't determine who is right. War determines who is left.
This document and any attachments are for the intended recipient
only. It may contain confidential, privileged or copyright
material which must not be disclosed or distributed.
Quark Group Pty. Ltd.
T/A Quark Automation, Quark AudioVisual, Quark IT
> -----Original Message-----
> From: brain5ide [mailto:brain5ide@gmail.com]
> Sent: Friday, 20 October 2006 12:16 AM
>
> Hi,
> excuse me, but could you tell me what was wrong in my last post
> to this thread. Yeah, I'm a newbie, and I'm just interested in
> this thread. That was the way I would do it. Could you link me
> to a site or something else, that would help solving this or
> similar problem the other way?
>
> Thanks in advance
> On 10/19/06, Quark IT - Hilton Travis <Hilton@quarkit.com.au> wrote:
> > Hi Laz,
> >
> > He should really apologize for his poor grasp of security, not
> > his English!
> >
> > --
> >
> > Regards,
> >
> > Hilton Travis Phone: +61 (0)7 3344 3889
> > (Brisbane, Australia) Phone: +61 (0)419 792 394
> > Manager, Quark IT http://www.quarkit.com.au
> > Quark AudioVisual http://www.quarkav.net
> >
> > War doesn't determine who is right. War determines who is left.
> >
> > > -----Original Message-----
> > > From: listbounce@securityfocus.com
> > > On Behalf Of brain5ide
> > > Sent: Wednesday, 18 October 2006 4:31 AM
> > >
> > > Hi,
> > > you didn't provide a lot information about your server. But
> > > as I understand from what you have written, it's a Windows
> > > server. You could improve security, not to a hundred per
> > > cent of course, by just installing a *nix (yeah, yeah, i'm
> > > a *nix freak). However, if you still want to have a windows
> > > machine you MUST do regular backups, don't run any unknown
> > > software. And also, have an antivirus, like you said - a
> > > bitdefender. That's all you can do. There's no way to
> > > actually prevent the attacks, but you can just drop them by
> > > having you system as new as it can be.
> > >
> > > Sorry for my poor english.
> > >
> > > On 10/14/06, boonting <boontinglim@gmail.com> wrote:
> > > >
> > > > Thanks for your information, Whoever reply my post and send
> > > > email to me.
> > > >
> > > > However, i still don't know what wrong, i checked my server
> > > > bit-defender report. Almost everyday got virus attacked my
> > > > server. However, luckly bit-defender able to disinfect and
> > > > delete the viruses.
> > > >
> > > > Any idea how to protect my server? Anyhow, really thanks
> > > > for all the information provided.
> > > > --
> > > > View this message in context: http://www.nabble.com/Virus-
> > > > tf2429074.html#a6806622
> > > > Sent from the Security - Virus mailing list archive at
> > > > Nabble.com.
> > > >
> > > >
> > > > -----------------------------------------------------------------
> > > >
> > > > ALERT: "How a Hacker Launches a SQL Injection Attack!" - White
> Paper
> > > > It's as simple as placing additional SQL commands into a Web Form
> > > input box giving hackers complete access to all your backend
> systems!
> > > >
> > > >
> > >
> https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZWL
> > > >
> > > > -----------------------------------------------------------------
