Manualshelf

User`s guide

ManualsBrandsAMSTRAD ManualsComputer equipmentPC-ECD
11121314151617181920
VIRUS BULLETIN ©1991 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England. Tel (+44) 235 555139.
/90/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted
by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers.
VIRUS BULLETINPage 18 August 1991
Write-protect the floppy disk.
To access the network, switch the PC off, boot from the
floppy disk and then run IPX first, followed by NET3. Run
LOGIN from the floppy disk.
Check that the system login script or the user login script does
not contain the command
COMSPEC= ...
since this causes a potentially infected COMMAND.COM to
be loaded from the network when needed. If that statement is
present, issue the command
COMSPEC=A:\COMMAND.COM
If the login script contains any programs which are automati-
cally run from the network whenever a user logs in, the script
will have to be changed so that no software residing on the
server is used. If the network requires a particular package to
be used during the login process, a positively clean copy of
that package should be added to the floppy disk and the login
script on the server should be modified so that the package is
executed from the floppy disk.
TIGHTENING NETWARE 3.11 SECURITY
NetWare 3.11 allows the setting of file attributes to execute-
only. This prevents file modification or reading by any user,
including the system supervisor - the only thing that he can do
(apart from executing them) is to delete them.
Setting the execute-only attributes has mixed blessings. On
the one hand it prevents the modification of executables, but
on the other hand it makes them unreadable (and unverifiable)
by anti-virus software. We recommend that this attribute is
not used and that instead write-rights are removed from
directories containing executable files.
SUMMARY
NetWare 3.11 Administration
Set NetWare 3.11 directory and user rights correctly.
Do not rely on default NetWare 3.11 attribute settings.
Do not use NetWare 3.11 execute-only attributes
unless absolutely necessary.
Use secure bootstrap procedure before running anti-
virus software.
NetWare 3.11 Virus Infections
NetWare 3.11 seems to cause more memory-resident
viruses to malfunction than NetWare 2.12.
Some memory-resident parasitic viruses interact with
IPX and NET3 losing the ability to infect. Some
memory-resident parasitic viruses crash the worksta-
tion if IPX and NET3 are already loaded when the
virus-infected application is run.
Most parasitic viruses will infect NetWare 3.11 files
protected with a Read-Only attribute.
Parasitic viruses do not infect NetWare 3.11 files when
the user’s effective rights do not include ‘write’
rights. Supervisor has ‘write’ rights to all directories.
Parasitic viruses do not infect NetWare 3.11 files with
execute-only attributes set, regardless of the user.
Boot sector viruses do not infect NetWare 3.11 drives.
Multi-partite viruses will infect unprotected NetWare
3.11 executables.
Parasitic and Multi-partite viruses will infect
executables regardless of protection levels (execute-
only files excepted) if the user is logged in as a
supervisor.
Other Considerations
Consider using diskless workstations
Use remote bootstrap ROMs in workstations
It is very important clearly to distinguish between
NetWare rights and attributes. Attributes are part of
NetWare’s workstation environment emulation, while
rights are NetWare’s own security and access control
system. Attributes provide no protection against viruses,
while the proper use of rights offers substantial protec-
tion against network virus infection and propagation.
Bibliography and References
F. Skulason, 4K, A New Level Of Sophistication, Virus Bulletin, May 1990
J. Bates, A Novell-Specific Virus, Virus Bulletin, June 1991
R. Burger, Computer Viruses, a High-Tech Disease, Abacus, 1988
Dr. F. Cohen, A Short Course on Computer Viruses, ASP Press, 1991
Editorial, Virus Bulletin, February 1990
Editorial, Virus Bulletin, December 1990
R. Glath, Virus Propagation on Novell, Virus Bulletin, December 1990
Dr. H. J. Highland, Computer Virus Handbook, Elsevier, 1990
Prof. L. J. Hoffman, Rogue Programs: Viruses, Worms and Trojan Horses,
Van Nostrand, 1990
Dr. J. Hruska, Computer Viruses and Anti-Virus Warfare, Ellis
Horwood, 1990