RE: Probably a silly Question

From: Karl Levinson [x y], mvp (levinson_k_at_despammed.com)
Date: 09/27/04 

Date: Mon, 27 Sep 2004 08:51:03 -0700

No, it won't. The two most popular categories of viruses right now are email
worms like Bagle and Mydoom, and network worms like Blaster. User
permissions will not prevent either of these viruses from running on a
machine.

Reduced permissions can prevent a few things, like it may keep the virus
from altering the registry so that it re-loads when Windows is restarted.
This is a good thing, but the machine still becomes fully infected and the
virus spreads just the same and remains in the persons' email inbox and/or
hard drive. A virus infection that partially disappears when the computer is
rebooted the next day or week is still a virus infection, and can cause
tremendously bad problems for your network.

Even with reduced user permissions, a virus can still send out emails or
packets that infect other machines and hog network bandwidth, remotely
control the computer, search for passwords and credit cards, launch attacks
against other computers on the network, access and alter any document that
the user can access, etc.

Reduced user permissions is much more effective at permitting change control
to prevent users from installing unauthorized software and disturbing the
default setup of the machine, but this generally requires a fair amount of
investment in help desk and computer support personnel to make changes to the
computers as change requests come in. This also prevents users from running
Windows Update and patching their own machine, so be sure you have something
like Automatic Updates or another remote patching solution to keep the
machines patched in a timely manner.

More importantly for fighting viruses, make sure you are keeping patched and
running up to date antivirus.

"BOFH" wrote:

> If all my users are plain users, is it less likely our network will contract
> a virus?
>
>
> BOFH
>
>
>

Relevant Pages

  • RE: Using viruses in pen-test
    ... I wonder if there is some type of "fake" virus you could use in this case. ... David A. Swafford, Network Engineer ... I wish to know your views on "Using viruses in pen-test"I ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: XPE Security - virus and hacker attacs
    ... a firewall, close most network ports as much as possible, ... Any system could be broken (intentionally, or with a virus). ... > alone" and help from several of the more nasty network borne viruses... ...
    (microsoft.public.windowsxp.embedded)
  • Re: AntiVirus
    ... implement signatures for new viruses discovered. ... > anti-virus testing laboratories (ICSA Labs, West Coast Labs, Virus ... who employ multiple scanning engines for the same reason that it is ... network location to another. ...
    (Security-Basics)
  • Re: MyDoom etc.
    ... I manage a mix windows 2000 network with susE (Midway migration) and can ... tell you that one of the reasons I do the migration is the virus attacks. ... As far as viruses; Outlook 2000/XP is based on VBA, ...
    (alt.os.linux.suse)
  • RE: Securing a Local Network
    ... How much would it cost if a virus infected one ... be if a competitor hacked into their network and was able to access all ... Third issue is virus protection. ... can infect you from numerous other sources. ...
    (Security-Basics)