On Fri, 21 May 2004 22:13:17 +0800, Connor McDonald wrote
(in article <40AE0E7D.2113_at_yahoo.com>):
> Joel Garry wrote:
>>
>> "Howard J. Rogers" <hjr_at_dizwell.com> wrote in message
>> news:<40abfed7$0$3035$afc38c87_at_news.optusnet.com.au>...
>>> Joel Garry wrote:
>>>> "Howard J. Rogers" <hjr_at_dizwell.com> wrote in message
>>>> news:<40ab5429$0$31680$afc38c87_at_news.optusnet.com.au>...
>>>>
>>>>> Bear in mind, Norton Autoprotect is really designed to run on desktop
>>>>> PCs where users are forever receiving email and loading documents and
>>>>> executables from unknown sources. In that 'constant use' situation, a
>>>>> 'constant protection agent' is a good idea. But a server is not, one
>>>>> hopes, receiving and opening email attachments all the time, or forever
>>>>> having new software from dubious sources installed on it. It probably
>>>>> lives behind a firewall, too. Of course, a periodic -but manual- running
>>>>> of an antivirus scanning program might not be a bad idea in a
>>>>> maintenance moment if you have one. But continual monitoring is not a
>>>>> good idea for a production system, I think.
>>>>
>>>>
>>>> Have to totally disagree.
>>>
>>> With what? I didn't say "no AV". I said "no continuous AV, but periodic
>>> manual scans".
>>>
>>> I don't know whether your comments therefore still apply.
>>
>> Well, unless by periodic manual scans you mean you have someone
>> sitting at every server 24/7 manually scanning, you must have missed
>> the point. .doc viruses are trivial to create and defend, but
>> infrastructure attacks are not, and are much more dangerous. Anything
>> less than continuous monitoring inevitably leads to downtime. And
>> there is still a problem even with companies dedicated to watching
>> such attacks propagate and stopping them. Unix is certainly not
>> immune to such things, but there are large economic, social and
>> political incentives to go after Windows servers, ie, spammers
>> harvesting, criminals blackmailing, and who knows what political
>> motivations. And some of the worst attacks have been kids trying to
>> implement the long-discredited notion of a "good virus" that removes
>> the "bad virus."
>>
>> Sit down with a network admin sometime and count the knocks on your
>> door.
>>
>> jg
>> --
>> @home.com is bogus.
>> http://www.pdos.lcs.mit.edu/%7Ertm/papers/117.pdf
>
> Although.... there's two typical virus patterns - 1 comes in on email, 1
> attacks an open port.
>
> Oracle servers shouldn't be checking email, and open ports...well, what
> were you thinking having open ports :-)
>
Er actually you missed infections by visiting web sites.
also keep in mind that oracle now has a mailer that sits inside the oracle
database. not to mention Java mail package which you can also load into the
oracle server.
Received on Sun May 23 2004 - 16:49:11 CDT
