Re: Oracle and Arcserve

Connor McDonald <connor_mcdonald_at_yahoo.com> wrote in message news:<40AE0E7D.2113_at_yahoo.com>...
> Joel Garry wrote:
> >
> > "Howard J. Rogers" <hjr_at_dizwell.com> wrote in message news:<40abfed7$0$3035$afc38c87_at_news.optusnet.com.au>...
> > > Joel Garry wrote:
> > > > "Howard J. Rogers" <hjr_at_dizwell.com> wrote in message news:<40ab5429$0$31680$afc38c87_at_news.optusnet.com.au>...
> > > >
> > > >>Bear in mind, Norton Autoprotect is really designed to run on desktop
> > > >>PCs where users are forever receiving email and loading documents and
> > > >>executables from unknown sources. In that 'constant use' situation, a
> > > >>'constant protection agent' is a good idea. But a server is not, one
> > > >>hopes, receiving and opening email attachments all the time, or forever
> > > >>having new software from dubious sources installed on it. It probably
> > > >>lives behind a firewall, too. Of course, a periodic -but manual- running
> > > >>of an antivirus scanning program might not be a bad idea in a
> > > >>maintenance moment if you have one. But continual monitoring is not a
> > > >>good idea for a production system, I think.
> > > >
> > > >
> > > > Have to totally disagree.
> > >
> > > With what? I didn't say "no AV". I said "no continuous AV, but periodic
> > > manual scans".
> > >
> > > I don't know whether your comments therefore still apply.
> >
> > Well, unless by periodic manual scans you mean you have someone
> > sitting at every server 24/7 manually scanning, you must have missed
> > the point. .doc viruses are trivial to create and defend, but
> > infrastructure attacks are not, and are much more dangerous. Anything
> > less than continuous monitoring inevitably leads to downtime. And
> > there is still a problem even with companies dedicated to watching
> > such attacks propagate and stopping them. Unix is certainly not
> > immune to such things, but there are large economic, social and
> > political incentives to go after Windows servers, ie, spammers
> > harvesting, criminals blackmailing, and who knows what political
> > motivations. And some of the worst attacks have been kids trying to
> > implement the long-discredited notion of a "good virus" that removes
> > the "bad virus."
> >
> > Sit down with a network admin sometime and count the knocks on your
> > door.
> >
> > jg
> > --
> > @home.com is bogus.
> > http://www.pdos.lcs.mit.edu/%7Ertm/papers/117.pdf
>
> Although.... there's two typical virus patterns - 1 comes in on email, 1
> attacks an open port.

Well, yeah, but the typical AV product doesn't distinguish between viruses and worms for the user.

>
> Oracle servers shouldn't be checking email, and open ports...well, what
> were you thinking having open ports :-)

OK, once you bring in the open port argument, you have to deal with two possible situations: Someone is manually responsible for configuring the ports, or a program is responsible. As regards the latter, someone programmed the program.

So either way, there _will_ be error. It only takes one error anywhere on a network, _including places configurable by users_. And given that virus writers now working with spammers can get into a network through mere email (without even clicking on it) or web browsing (must have java enabled these days to do anything useful), the error can come from anywhere. http://www.sans.org/top20/ - Most places have not even bothered looking at such a list until something happens.

Note also that router manufacturers have been compromized, and check out the last question at
http://download-west.oracle.com/docs/cd/B10464_02/web.904/b10381/faq.htm#sthref1778

So you have to run AV on Windows servers if your business accesses the outside world. If it doesn't, well, I think the Amish are hiring :-)

jg

--
@home.com is bogus.  "Linux has been the victim of fewer attacks than
Windows because (1) it actually is more secure, but also (2) most
attackers think hitting Windows offers a bigger bang for the buck so
Windows simply gets attacked more. As I did 20 years ago, I still
fervently believe that the only way to make software secure, reliable,
and fast is to make it small. Fight Features." - Andy Tanenbaum