How can i get infected?

[merid14]

Ok so let me explain. I am part of the IT staff at a college where there are virus' running rampant... I would like to find out where these virus' are coming from so that I can prevent them from infecting future machines. We have antivirus software but it doesn't seem to be catching any of the new virus' like antivirus 2010 or thinkpoint virus... any help is appreciated. Thanks!

 

[Chiefcrowe]

First of all are these machines regularly patched and is there a firewall system in place?

Also, i've found that if a lot of users routinely use accounts with admin access, it is much more likely to get some kind of malware.

Thirdly, if a lot of stuff is being downloaded through things like limewire, that could explain it as well.

 

[ShadowVVL]

If your talking about a network I would ban access to sites like pirates bay, demonoid and apps such as limewire and torrent apps.Even still google images is loaded with images linked to sites That are dangerous.

But blocking shareware apps and pirate sites you should reduce the chances of infection.

 

[Murloc]

just block everything, in my school I can't access most settings or install programs.
Using a secure browser and blocking websites and limewire should help.

Viruses might be coming with USB devices too.

 

[postmortemIA]

you should forbid users from running executable files besides ones whitelisted. This and others security settings are what works for public computers

 

[merid14]

Thank you all for your input. We have group policy setup to force windows updates. Torrent sites and the like are blocked as well as limewire. We have turned autorun off on all machines on campus.

A big problem we have is people with admin access. We "can't" take that away from them due to other issues.

The main thing I wanted to do was try and block the sites that keep giving the virus' I mentioned. I don't have any clue how they are actually getting the virus. Everytime I ask one of them they say I hadn't done anything it just popped up...

 

[sourceninja]

I work for a community college as their systems architect. There are no users on campus that run as administrators. Not a single user. Not even the CIO or President. I'm not even an admin on the machine I'm using right now.

It was a small challenge to find ways to make all the software required for classes run, but there were many tools out there that helped. We get a virus now and then, mostly from mobile users who don't bring their notebooks in enough to keep virus definitions updated, but for the most part we are doing very well (and are about to address that loophole). We have also implemented more VDI and that has allowed us to 'rollback' users who screw up their computers in other ways or get malware that we are not protecting against.

There is no way to really 'block sites' that give viruses. There are just too many out there and even useful sites can get ads on them that give you antivirus 2010 and it's brothers. In fact, we don't do any real content filtering. We use openDNS and have it set to block only porn and piracy. This is done purely for political reasons (myself and my CIO believe that we shouldn't filter at all).

 

[merid14]

sourceninja, Would you care to list some of the tools you use to get the software to run as admin?

 

[sourceninja]

Some programs we adjust the folder permissions, other's we use encrypted runas or UAC trust. That is on it's way out for us however as we move to more applications delivered over the network via thinapp.

 

[Bill Brasky]

Viruses might be coming with USB devices too.

This was a big problem at my old university. Make sure auto-run is disabled on the windows machines so that usb drive viruses have a more difficult time spreading.

 

[Modelworks]

One thing you might consider doing is running a proxy server for all internet traffic. Depending on how much traffic there is will determine if that is feasible for you. If you filter the traffic for viruses before it reaches the pc over the network then you have a good chance of stopping it. The problem with this approach is depending on traffic it can require a fairly beefy server to handle the load.

http://www.kaspersky.com/anti-virus_proxy_server

 

[LiuKangBakinPie]

Make sure Adobe and your java is updated and the older versions removed.
Adobe don't update just 1 part of it. Update the whole suite. Flash, pdf reader writer etc etc.
If you got a lot of pcs think about a hardware firewall. Have the logs monitored for a month or two and use the data to set up strong rules. Security ain't fire and forget. It needs some to look over it on a regular basis.
Microsoft releases patches every tuesday. Set your updates for Tuesday 5pm or around that time.
Use a strong password to lock up the admin account.
Disable the guest accounts and all unused accounts.

Use a offline scanner from a cold boot to scan all the computers.
Make use of gpo to set restrictions over the network.
Remember your worst enemy ain't infected sites on the internet or some exploit. Its the users inside it normally doing idiotic and stupid things.
Also the harder your trying to block things the more extreme measures their going to use to bypass it.

Blocking like piratebay won't get you much anywhere as you can search from with a torrent program.
P2P protocol is not illegal its the users actions over it thats wrong. One thing clearly wrong in this world as some stupid isps shows trying to do all things to P2P traffic. But a lot of games use the same protocol and its traffic look the same as the torrents will. Then encryption all bets are off.

Get a decent antivirus product. Decent I mean a enterprise suite and get some sort of hardware firewall.

 

[Jeff7181]

Make sure Adobe and your java is updated and the older versions removed.
Adobe don't update just 1 part of it. Update the whole suite. Flash, pdf reader writer etc etc.
If you got a lot of pcs think about a hardware firewall. Have the logs monitored for a month or two and use the data to set up strong rules. Security ain't fire and forget. It needs some to look over it on a regular basis.
Microsoft releases patches every tuesday. Set your updates for Tuesday 5pm or around that time.
Use a strong password to lock up the admin account.
Disable the guest accounts and all unused accounts.

Use a offline scanner from a cold boot to scan all the computers.
Make use of gpo to set restrictions over the network.
Remember your worst enemy ain't infected sites on the internet or some exploit. Its the users inside it normally doing idiotic and stupid things.
Also the harder your trying to block things the more extreme measures their going to use to bypass it.

Blocking like piratebay won't get you much anywhere as you can search from with a torrent program.
P2P protocol is not illegal its the users actions over it thats wrong. One thing clearly wrong in this world as some stupid isps shows trying to do all things to P2P traffic. But a lot of games use the same protocol and its traffic look the same as the torrents will. Then encryption all bets are off.

Get a decent antivirus product. Decent I mean a enterprise suite and get some sort of hardware firewall.

Huh?

 

[LiuKangBakinPie]

That happens with a outdated Java and Adobe