Presentation is loading. Please wait.

Presentation is loading. Please wait.

Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.

Published byIsabella Page Modified over 8 years ago

Similar presentations

Presentation on theme: "Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt."— Presentation transcript:

1 Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt

2 Worms What’s a worm? Code that spreads from one computer to another using some vulnerability. When your computer has a worm, it is called compromised. Once compromised, your computer is actively trying to infect other computers. What protects me? In all but a few cases, vulnerabilities have security patches. The security patches might be for the operating system, e.g. Windows XP, and applications like Internet Explorer. We distribute security patches automatically in Nebula.

3 Security patches How does my computer get patches? In general, MS releases patches on Wednesday. We approve these patches Friday morning A special client on your workstation notices the patches on our server sometime Friday (and in a few cases early Saturday). Your workstation downloads the patches, and applies them at 11pm on the day after it has downloaded them. So your computer has to be on the network to detect the patches, download them, and then be on at 11pm to apply them. The 11pm time is key.

4 Critical patches In some cases, Nebula decides that a patch is so critical that it should be applied as quickly as possible. In these cases, the patch is approved immediately (but won’t be applied until 11pm). Additionally, we package critical patches to be installed at user login. As part of the login process, we also keep track of which computers have a critical patch. This allows us to ensure Nebula is secure as quickly as possible.

5 Missing patches What might prevent my workstation from getting patches? –Not being on at 11pm to apply the patches. –Not being on the network to detect the patches. Computers that are taken home or are offline for long periods of time are in danger. –Having applied a patch manually, but chosen to not reboot. All subsequent patches will fail to reboot, until the computer is manually rebooted.

6 Viruses (or is it virii?) What’s a virus? Code that is executed by a user that does something unexpected to the user. Frequently, email attachments are the vector for a virus. A virus does not exploit a vulnerability in an operating system or application, it takes advantage of a user. A variety of things can happen because of a virus. What protects me? McAfee VirusScan scans for viruses on your computer. Prior to that, the email infrastructure scans for viruses in email. Both scanning engines rely on virus definitions. These are configuration files that must be updated to reflect the latest discovered viruses.

7 Virus definitions How do my definitions get updated? There are two separate processes that update the virus definitions: –For gold workstations, during login, the definitions are updated to the latest version. –Alternatively, a process that runs 4 times a day pushes definitions to all nebula workstations (gold and bronze) that are on the network. Finally, a report runs once a day. It queries every Nebula workstation to determine what version it has. If that version is greater than 2 versions ago, it is reported to support teams. Support teams may contact you for manual intervention in this case.

8 Question/Answers Open forum—Ask away! No questions? How about: –What happened to the Tues/Sat. night patches? –What happened with the recent Blaster/Nachi worms? –How do I avoid patch reboots?

9 What happened to the Tuesday night/Saturday night patch process? We had to change the underlying patch technology we used primarily because the cost of our previous tool became prohibitive. The new tool we are using isn’t flexible enough yet to allow a complex set of patch times. However, the new tool has some improvements that should mean greater patching success rate and therefore better security in Nebula.

10 What happened with the recent Blaster/Nachi worms? We had quite a few compromises that resulted in rebuilds from Blaster and the non-worm precursors to Blaster, about 70 computers or ~3.5% of Nebula. This is quite a bit less than what most of UW saw. We were among the first UW folks to note compromises, and almost without fail we caught compromises before they were discovered and the network port shut down. But we don’t think this was acceptable. So we implemented quite a few changes in the patching process (most of which we’ve skimmed over). And we noticed the improvement when Nachi came along a few weeks later. There were very few compromises from Nachi. Why did the 70 computers get compromised? What failed (and how are things different now)? There are a number of different scenarios that caused failures. The time between patching used to be 1 week. If you missed a patch one week, you had to wait a week. The scanning tool we used to use had a problem we weren’t aware of: if a computer was in power saving mode, depending on the hardware, it might take longer for the computer to wake up then the scanning timeout. This would result in the tool skipping the computer (and then it’d need to wait another week). Computers that were off during either the scanning time or the patch application time wouldn’t get the patch (and would have to wait another week). Scanning now happens daily (assuming the computer is on the network), and the patch application time is 11pm on the day the patch is detected (although usually this is still just once a week). We now also keep track of which computers have critical patches. This is an important sanity check.

11 Avoiding random reboots How do I avoid a reboot from a patch at a time I don’t like? Nebula security patches only reboot your computer at night or at login. This is the least intrusive time we can pick, and shouldn’t be a problem for most people. But if you run processes overnight … For normal patches, run Windows Update anytime Wednesday afternoon through Friday afternoon. But please reboot your computer when you apply the patch. This will avoid a reboot over the weekend. For critical patches, your support team can give you warning that Nebula has approved a patch for application as soon as possible. Some support teams automatically inform their users, others don’t. Once you have this info, you can either use Windows Update or the login process to patch your computer manually to avoid a reboot at night.

Download ppt "Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Introduction of ZTE Handset Online Upgrade tool V1.1 version

Introduction of ZTE Handset Online Upgrade tool V1.1 version
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the common cold of modern technology. One e-mail in every 200 containing.

Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
Spring 2008 www.umsl.edu/~iclabs. Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
COMPUTER BACKUP A disaster will happen to you one day…an accidentally deleted file, a new program that caused problems or a virus that wreaked havoc, wiping.

COMPUTER BACKUP A disaster will happen to you one day…an accidentally deleted file, a new program that caused problems or a virus that wreaked havoc, wiping.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Security. Physical security Protection from fire/water Protection from dust and extremes of temperature.

Security. Physical security Protection from fire/water Protection from dust and extremes of temperature.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
1 Computer Security: Protect your PC and Protect Yourself.

1 Computer Security: Protect your PC and Protect Yourself.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Basic Computer Maintenance Basic Computer Maintenance Clean and Cool Deleting Temporary Files Scandisk Backup Your Data How to.

Basic Computer Maintenance Basic Computer Maintenance Clean and Cool Deleting Temporary Files Scandisk Backup Your Data How to.
FileSecure Implementation Training Patch Management Version 1.1.

FileSecure Implementation Training Patch Management Version 1.1.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Computer Information Technology – Section 2-4. Objectives The Student will Understand the basic system tools and how to use them Understand virus and.

Computer Information Technology – Section 2-4. Objectives The Student will Understand the basic system tools and how to use them Understand virus and.

Similar presentations

Ads by Google