Title: What Does the UM Virus Busters Team Do to Help Me Protect My Data
1What Does the U-M Virus Busters Team Do to Help
Me Protect My Data?
Bruce P Burrell U-M AntiVirus Team
Leader bpb_at_umich.edu http//www.itd.umich.edu/viru
sbusters
2The U-M AntiVirus Team A Brief History
- Formed in 1988 by Conrad Mason
- Conrad retired in 1992 and I became the team
leader - Hired Adam Wilkinson in 1995 with 0.5 of his FTE
for virus-related things
3The U-M AntiVirus Team A Brief History
- In 1996, I started telecommuting and my FTE
became devoted entirely to antivirus - Several other team members, but they mostly
observe - Adam now officially spends about 0.2 FTE on the
project, but volunteers much more
4Services We Provide
5Services We Provide
- Software evaluation
- Software distribution
6Services We Provide
- Software evaluation
- Software distribution
- Updating antivirus definitions (desktop and email
gateway)
7Services We Provide
- Software evaluation
- Software distribution
- Updating antivirus definitions (desktop and email
gateway) - Announcing various antivirus-related news
8Services We Provide
- Software evaluation
- Software distribution
- Updating antivirus definitions (desktop and email
gateway) - Announcing various antivirus-related news
- Assisting victims of virus infections and Trojan
Horse attacks
9Services We Provide
- Assisting departments and sysadmins to develop
antivirus strategies
10Services We Provide
- Assisting departments and sysadmins to develop
antivirus strategies - Web information about malware at U-M, and about
email hoaxes and urban legends
11Case Study W32/MyDoom_at_MM
- Youve almost surely seen far to many emails
lately that claim that you are infected with this
virus - But you probably are not MyDoom forges its
From field - In fact, you probably havent even received the
actual virus (but someone you know may be a
victim)
12Case Study W32/MyDoom_at_MM
- 26 Jan 2004 1625 I receive my first MyDoom
sample, unrecognized by current VirusScan
drivers. I determine what it is and notify U-M
sysadmin - 26 Jan 2004 1651 I alert email gateway folks to
be ready for an urgent update when available - 26 Jan 2004 1700 I notify them to install
extra.dat - 26 Jan 2004 1739 email gateway protected
13Case Study W32/MyDoom_at_MM
- 26 Jan 2004 1816 Some samples still getting
through - 26 Jan 2004 1854 Email folks implement a new
strategy - 26 Jan 2004 2100 I complete a URL on MyDoom but
keep it off-line - 26 Jan 2004 2313 4319 drivers available
- 26 Jan 2004 2341 Update to servers completed
- 26 Jan 2004 2345 URL goes live
14Case Study W32/MyDoom_at_MM
- 27 Jan 2004 0031 PCAVU alert sent
- 27 Jan 2004 0117 4319s on email gateway
- Jan 27 0214 I call it a night. My mailbox now
contains 143 natural samples, and 373 from
email bounces and antivirus gateway scanner
rejections - And so it continues
15I promised more.
- So, what is it that we CANNOT do for you?
16I promised more.
- So, what is it that we CANNOT do for you?
- We cant prevent viruses from being written
17I promised more.
- So, what is it that we CANNOT do for you?
- We cant prevent viruses from being written
- We cant prevent email (viruses or spam) from
being forged in your email address
18I promised more.
- So, what is it that we CANNOT do for you?
- We cant prevent viruses from being written
- We cant prevent email (viruses or spam) from
being forged in your email address - We cant prevent infections
19What else?
- We cant do everything. We can almost always
protect you well, but we cant
20What else?
- We cant do everything. We can almost always
protect you well, but we cant - Make you use antivirus
21What else?
- We cant do everything. We can almost always
protect you well, but we cant - Make you use antivirus
- Make sure it is working properly
22What else?
- We cant do everything. We can almost always
protect you well, but we cant - Make you use antivirus
- Make sure it is working properly
- Make sure your computer is safe from other
security vulnerabilities (but see
http//www.itd.umich.edu/virusbusters/security_rec
ommendations.html
23So, We Need Your Cooperation!
24So, We Need Your Cooperation!
25So, We Need Your Cooperation!
- Use antivirus software
- Keep it updated
26So, We Need Your Cooperation!
- Use antivirus software
- Keep it updated
- Make sure it really IS updated
27So, We Need Your Cooperation!
- Use antivirus software
- Keep it updated
- Make sure it really IS updated
- Apply security beyond virus protection
28So, We Need Your Cooperation!
- Use antivirus software
- Keep it updated
- Make sure it really IS updated
- Apply security beyond virus protection
- Contact us if we can help!