The New Virus Blues

By Roger on August 9, 2004 4:17 PM |

A new version of bagel came out today, and whether it was a result of heavy seeding or the virus had actually spread, we got a lot of copies of it. The first copy of it was detected at 11:54 am although I didn't notice until about an hour later.

Fortuantely the virus was caught by Message Labs. The virus writer was using a javascript exploit that several AV venders were already detecting (you'd think they'd scan these things before releasing them).

There are several lessons to be learned from this. They are the same lessons that aren't learned each time a virus comes out. The additctive virus definition update model doesn't work all that well. If you are going to use it, you are better off using several vendors. While CA and McAfee could detect this virus with no updates, other vendors didn't have an update available for more than 3 hours. By using several layers with a different vendor at each layer, you have a good chance of catching new viruses. If you dont have effective email antivirus, you need to cripple your own systems, pretty much reducing email to text only in order to avoid virus infection.

Categories

Antivirus

About this Entry

This page contains a single entry by Roger published on August 9, 2004 4:17 PM.

Everything Old is New Again? was the previous entry in this blog.

AOL Instant Mayhem is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search