[Towertalk] Klez
Guy Olinger, K2AV
k2av@contesting.com
Tue, 7 May 2002 23:01:28 -0400
An alternate some may wish to consider is a program called WinProxy
from a company called Ositis. It is a firewall. I have it on the
computer that talks to the DSL modem.
It filters incoming html, email, downloads, inside zip files, and some
other stuff as well. It also filters outgoing. It does not appear to
slow down the effective line download speed, which PCPitStop measures
at 1250K, from any of the boxes behind the firewall. 1250 is what I
get plugged directly into the modem. I have never gotten the 1500 max
here. It also handles user lists, DHCP and a bunch of other heavy duty
stuff.
Every half hour it pings its virus definition site and receives a CRC
in return. If the return is different from the CRC that goes with its
current file, it upgrades, immediately. It updated tonight at 9:33 pm.
It does not mess around with virus content. It is removed and replaced
with a note. It will also send an email to a specified address
indicating the action, which I have enabled.
I have Norton AV 2002 on my box with the email, browser, etc, which
scans every hard and removable drive in the house every night (has
them all defined as network drives). This because some files get
brought from work. Norton also scans incoming and outgoing email.
So far the WinProxy has never passed a virus on to Norton. Norton has
found stuff on incoming floppies.
I am up to four or five hits a day on average. I got 16 once. Klez is
the most frequent player these days, although the Snow White thing
still shows up.
If I take any significant number of my family out for dinner, I spend
a lot more money than these programs and their subscriptions.
Having in the past had to clean up the mess a virus made, I would
estimate the anger, upset, loss of time and data well into the $1000
range, with some loss non-estimable.
WinProxy and NAV pay for themselves every day.
I find it nearly incomprehensible that they are not as common as mice
and monitors.
73, y'all
Guy.
----- Original Message -----
From: "Stu Greene" <wa2moe@firstinter.net>
To: "jsschuster" <jsschuster@snet.net>; <towertalk@contesting.com>
Sent: Tuesday, May 07, 2002 4:29 PM
Subject: Re: [Towertalk] Klez
> At 04:08 PM 5/7/02 +0000, jsschuster wrote:
> >I just got hit for the second time with W32.klez.gen@mm...at least
> >that's what my Norton Antivirus calls it. When I started
downloading
> >email, I got the Norton alert, went thru the recommended steps to
clear
> >it, and then tried to download mail again after Norton said it was
> >successfiul in quarantining it. The same thing happened. I did not
open
> >it. I had to have my ISP delete that first email at the Server to
clear
> >the problem. 73 JACK
>
> Why quarantine? I'd choose delete.
>
> Eventually, quarantined files have to be removed because the virus
is in an
> electronic cage on your hard drive ready to leap.
>
> Delete. Norton will get upset and warn you, once deleted, gone.
Isn't
> that what you want?
>
>
> _______________________________________________
> Towertalk mailing list
> Towertalk@contesting.com
> http://lists.contesting.com/mailman/listinfo/towertalk
>