Virus Protection at MIT

1
Virus Protection at MIT

• Using Dr Solomons Anti-Virus Toolkit
• ? 1997 MIT Information Security Office

2
Virus Protection at MIT

• What is a virus
• Top 20 list
• MIT experiences
• Installing the Toolkit
• Whats coming up
• Where to get help

3
Virus Protection at MIT

• What is a virus?
• A virus is a computer program that replicates
  itself.
• It may, or may not carry a payload

4
Virus Protection at MIT

• Viruses
• Can be innocuous
• Can be dangerous
• Can be stealthy
• Often are buggy
• Are ALWAYS a problem
• Can be managed

5
Virus Protection at MIT

• The Threat Continues
• The number of new PC viruses continues to grow at
  the rate of 150 - 200 per month.
• Most of these have a very short life and rarely
  get in the wild

6
Virus Protection at MIT

• The Wild List
• Joe Wells provides a list of those viruses that
  have been reported by researchers and anti-virus
  vendors. The list is updated monthly

7
Virus Protection at MIT

• Top 20 viruses found on campus
• Form.A WM.Concept.A One-half
• Anti-exe Monkey Junkie
• AntiCMOS Parity_boot Natas
• NYB Ripper Sampo
• WM.Npad WM.Wazzu DieHard
• Boot_437 Michelangelo Stoned

8
Virus Protection at MIT

• Other Viruses Found at MIT
• WM.Cap WM.MDMA B1

9
Virus Protection at MIT

• Why the concern?
• The risk of having foreign code in your system
• Some are really dangerous
• Cleaning up after an attack is expensive and time
  consuming
• It is an avoidable risk

10
Virus Protection at MIT

• Virus Hoaxes
• Returned Mail
• Join the Crew
• AOL for Free
• PenPal Greetings
• Deeyenda
• Good Times

11
Virus Protection at MIT

• Terminology
• Boot or Partition infectors
• File infectors
• Polymorphic
• Multipartite
• Stealth
• Macro virus

12
Virus Protection at MIT

• Virus Payloads
• Screen painting
• Boot Sector or Partition Table corruption
• Disk formatting
• Document corruption
• File erasure or corruption

13
Virus Protection at MIT

• Platforms
• Viruses were generally limited to operation on a
  specific platform or operating environment
• This is no longer the case

14
Virus Protection at MIT

• Macro Viruses
• This newer class of viruses takes advantage of
  the macro capabilities of many of our office
  software products such as Word Processors,
  Spreadsheets and any other software that has
  executable program capability built in.

15
Virus Protection at MIT

• The first macro virus (WM.Concept.A) was
  distributed in the summer of 1995. In August
  1997 there were 1,000 macro viruses or variants
  reported

16
Virus Protection at MIT

• Avoiding Virus Infections
• Is shareware the culprit?
• Are commercial packages safe?
• Can I get them from e-mail?
• How about the Net
• You cant avoid exposure - but you can avoid
  infections

17
Virus Protection at MIT

• Dr Solomons Anti-Virus Toolkit
• MIT has a site license for the AVTK package.
• It is available for use on any system owned or
  administered by MIT faculty, staff or students.

18
Virus Protection at MIT

• Installing Dr Solomons Anti-virus Toolkit
• Platforms available
• Getting the software
• New installation
• Updates to existing installations

19
Virus Protection at MIT

• Dr Solomon is available now for
• DOS/Windows
• Windows 95
• Windows NT
• Macintosh
• IBM OS/2
• Novell Netware

20
Virus Protection at MIT

• Dr Solomons is also available for
• SCO UNIX linux

21
Virus Protection at MIT

• Where can you get it?
• From the Security Office home page
• http//web.mit.edu/security/www
• From Net-dist in
• /pub/anti-virus/ ltselect your platformgt

22
Virus Protection at MIT

• LAN Version Availability
• Contact the Information Security Office
• for information about the
• NT Management Edition
• for NT Servers

23
Virus Protection at MIT

• Anti-Virus ToolKit Installation
• The Toolkit is installed from floppy disks or
  temp directories on your hard drive.
• Note It must initially be installed on a clean
  virus-free system

24
Virus Protection at MIT

• General Installation Instructions
• Check system for viruses by cold booting from a
  clean disk and running virus checking software.
• Download files from server and unpack them into
  separate directories for a floppy installation

25
Virus Protection at MIT

• The Magic Bullet
• The Magic Bullet is the name of a self-booting
  copy of Findvirus. It is only available for PC
  platforms using FAT file systems (Not for NTFS)

26
Virus Protection at MIT

• Install from hard drive or
• copy to and install from floppy disks

27
Virus Protection at MIT

• Common Instructions
• Use default settings during install
• Changes to AUTOEXEC.BAT (Win3.1)
• If high memory is available change line calling
  toolkit to LH C\toolkit\guard
• If running LanWP - after line calling LanWP add
  c\toolkit\guard /reguard

28
Virus Protection at MIT

• Changes to the default configuration
• Auto Disinfect
• Scan on writes

29
Virus Protection at MIT

• Updating Dr Solomon
• Currently updating an installation requires a
  new install.
• New releases come out about once a month

30
Virus Protection at MIT

• Extra Drivers
• If an extremely infectious virus, or one that is
  very damaging, is found in circulation between
  normal updates Dr Solomon will issue an
• Extra Driver
• for the virus

31
Virus Protection at MIT

• Toolkit Components
• Guard Winguard (PC)
• MacGuard (Mac)
• Findviru (PC) FindVirus (Mac)
• Schedule
• Virus Encyclopedia

32
Virus Protection at MIT

• Whats coming in the future
• Windows installation directly from Windows
• Signature file updates rather than reinstalls
• More viruses ?

33
Virus Protection at MIT

• For the latest virus news on campus
• Subscribe to mitvirus_at_mitvma.mit.edu
• Check the Security Office Web page
• http//web.mit.edu/security/www
• Call the Security Office at 253-1440
• Send e-mail to gii_at_mit.edu

34
Virus Protection at MIT
Jerry Isaacson

• MIT Information Security Office
• E19-365A
• 253 -1440 gii_at_mit.edu
• http//web.mit.edu/security/www