Loading ...
Sorry, an error occurred while loading the content.

Re: [fhctech] Question about FHC AntiVirus

Expand Messages
  • Russell Hltn
    I would have to check, but I believe it will automatically scan files as they are accessed. It probably doesn t scan the drive itself as it s connected. If
    Message 1 of 11 , Nov 14, 2008
    • 0 Attachment
      I would have to check, but I believe it will automatically scan files
      as they are accessed. It probably doesn't scan the drive itself as
      it's connected. If it does, it will be a background task so as not to
      interfere with what you are doing.


      On Fri, Nov 14, 2008 at 6:10 PM, Skip Taylor <ctrskip@...> wrote:
      > Hello,
      >
      > I know that the FHC systems use a version of Symantec/Norton. I am
      > unfamiliar with that program as it proved less than satisfactory for
      > me quite some time ago.
      >
      > What I'm wondering is if the stock configuration scans USB Flash
      > drives when they are plugged into the computer. If it doesn't already
      > do this, can it be set to do it?
      >
      > Any info is a help!
      >
      > ------------------------------------
      >
      > Home Page: http://fhctech.org/
      > Community email addresses:
      > Post message: fhctech@yahoogroups.com
      > Subscribe: fhctech-subscribe@yahoogroups.com
      > Unsubscribe: fhctech-unsubscribe@yahoogroups.com
      > List owner: Rick@...
      > Shortcut URL to Yahoo! group page:
      > http://groups.yahoo.com/group/fhctechYahoo! Groups Links
      >
      >
      >
      >
    • Skip Taylor
      It might be a good idea for me to explain why I m asking these questions. One of our FHC computers has somehow been infected with a root-kit virus. I m
      Message 2 of 11 , Nov 15, 2008
      • 0 Attachment
        It might be a good idea for me to explain why I'm asking these questions.

        One of our FHC computers has somehow been infected with a root-kit virus. I'm attempting to figure out how it was delivered. I know that USB Thumb drives move from machine to machine and I know the FHC has somewhat restricted Internet access. It seems to make more sense to me that the payload was brought in from outside. Perhaps delivered via USB Thumb drive or (less likely) a cd/dvd burnt at home. I probably need to refresh myself on root-kits.

        How often does the A/V update itself?  Maybe the definitions weren't updated?

        I'll probably wind up with some time on the machine to see what settings are what.

        Would Deep Freeze be of any value in this scenario?

        Thanks!
        Skip

        On Fri, Nov 14, 2008 at 9:14 PM, Russell Hltn <RussellHltn@...> wrote:
        I would have to check, but I believe it will automatically scan files
        as they are accessed.  It probably doesn't scan the drive itself as
        it's connected.  If it does, it will be a background task so as not to
        interfere with what you are doing.


        On Fri, Nov 14, 2008 at 6:10 PM, Skip Taylor <ctrskip@...> wrote:
        > Hello,
        >
        > I know that the FHC systems use a version of Symantec/Norton.  I am
        > unfamiliar with that program as it proved less than satisfactory for
        > me quite some time ago.
        >
        > What I'm wondering is if the stock configuration scans USB Flash
        > drives when they are plugged into the computer.  If it doesn't already
        > do this, can it be set to do it?
        >
        > Any info is a help!
      • Terri J.
        Deep Freeze would have stopped it cold (pardon the pun) as it would not have allowed anything written to the harddrive to be saved after the computer is
        Message 3 of 11 , Nov 15, 2008
        • 0 Attachment
          Deep Freeze would have stopped it cold (pardon the pun) as it would not have allowed anything written to the harddrive to be saved after the computer  is turned off or rebooted. Rebooting will restore the computer to a fixed state, set up by you, and any changes made by users while the computer is on will not be saved while Deep Freeze is active.

          The only negative about this is the admin has to deactivate Deep Freeze in order to update or install programs, but the return in time savings in not having to chase every little problem (icons moving/disappearing, installing undesirable apps, whatever) is totally worth it in my experience. :)

          Plus, once you know how, you can configure some updates to run automatically and one such utility is provided for you in the download package to run the AV update.

          -Terri J.

          Skip Taylor wrote:
          It might be a good idea for me to explain why I'm asking these questions.

          One of our FHC computers has somehow been infected with a root-kit virus. I'm attempting to figure out how it was delivered. I know that USB Thumb drives move from machine to machine and I know the FHC has somewhat restricted Internet access. It seems to make more sense to me that the payload was brought in from outside. Perhaps delivered via USB Thumb drive or (less likely) a cd/dvd burnt at home. I probably need to refresh myself on root-kits.

          How often does the A/V update itself?  Maybe the definitions weren't updated?

          I'll probably wind up with some time on the machine to see what settings are what.

          Would Deep Freeze be of any value in this scenario?

          Thanks!
          Skip

        • Dan
          Deep Freeze would have avoided this completely. Deep freeze will reduce your service calls at the fhc by 95%... you can go literally weeks or months with no
          Message 4 of 11 , Nov 15, 2008
          • 0 Attachment
            Deep Freeze would have avoided this completely. Deep freeze will reduce your service calls at the fhc by 95%... you can go literally weeks or months with no service calls. In more than a year of running deep freeze on 11 computers in our FHC, I have not had a single incident of a patron or staff member messing anything up on the computers. This compares to having computers messed up daily prior to installing Dep Freeze.
             
            With Deep freeze the AV is updated as often as you want it updated... but the truth is, Deep Freeeze almost eliminates the need for AV...to the best of my knowledge, there are no known viruses that can survive a reboot when the infected machine has deep freeze properly installed and the machine is running in the frozen state at the time the machine became infected.
             
            Dan Vester, STS
            Prescott Az FHC


            From: fhctech@yahoogroups.com [mailto:fhctech@yahoogroups.com] On Behalf Of Skip Taylor
            Sent: Saturday, November 15, 2008 8:52 AM
            To: fhctech@yahoogroups.com
            Subject: Re: [fhctech] Question about FHC AntiVirus

            It might be a good idea for me to explain why I'm asking these questions.

            One of our FHC computers has somehow been infected with a root-kit virus. I'm attempting to figure out how it was delivered. I know that USB Thumb drives move from machine to machine and I know the FHC has somewhat restricted Internet access. It seems to make more sense to me that the payload was brought in from outside. Perhaps delivered via USB Thumb drive or (less likely) a cd/dvd burnt at home. I probably need to refresh myself on root-kits.

            How often does the A/V update itself?  Maybe the definitions weren't updated?

            I'll probably wind up with some time on the machine to see what settings are what.

            Would Deep Freeze be of any value in this scenario?

            Thanks!
            Skip

            On Fri, Nov 14, 2008 at 9:14 PM, Russell Hltn <RussellHltn@ gmail.com> wrote:
            I would have to check, but I believe it will automatically scan files
            as they are accessed.  It probably doesn't scan the drive itself as
            it's connected.  If it does, it will be a background task so as not to
            interfere with what you are doing.


            On Fri, Nov 14, 2008 at 6:10 PM, Skip Taylor <ctrskip@gmail. com> wrote:
            > Hello,
            >
            > I know that the FHC systems use a version of Symantec/Norton.  I am
            > unfamiliar with that program as it proved less than satisfactory for
            > me quite some time ago.
            >
            > What I'm wondering is if the stock configuration scans USB Flash
            > drives when they are plugged into the computer.  If it doesn't already
            > do this, can it be set to do it?
            >
            > Any info is a help!



            __________ NOD32 3615 (20081115) Information __________

            This message was checked by NOD32 antivirus system.
            http://www.eset.com
          • Skier
            Or another option is the free application SteadyState from Microsoft -
            Message 5 of 11 , Nov 15, 2008
            • 0 Attachment
              Or another option is the free application SteadyState from Microsoft -
              <http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx>



              Dan wrote:
              > Deep Freeze would have avoided this completely. Deep freeze will reduce
              > your service calls at the fhc by 95%... you can go literally weeks or
              > months with no service calls. In more than a year of running deep freeze
              > on 11 computers in our FHC, I have not had a single incident of a patron
              > or staff member messing anything up on the computers. This compares to
              > having computers messed up daily prior to installing Dep Freeze.
            • Russell Hltn
              Unless it s a blended threat, I think the rootkit would have to be installed by someone with administrator rights. You may want to assess who knows the admin
              Message 6 of 11 , Nov 15, 2008
              • 0 Attachment
                Unless it's a blended threat, I think the rootkit would have to be
                installed by someone with administrator rights. You may want to
                assess who knows the admin password and just how "helpful" they might
                be to a patron who says they need to make a change to the machine to
                making something better.


                In my center, the Symantec updates itself automatically each day
                within a few minutes of the PC being turned on. I haven't done
                anything special. It's always been that way.

                Keep in mind that a program on a thumb drive just can't leap onto a
                computer. It has to be "invited" somehow. So the default
                scan-on-access should be sufficient protection.

                However, I would check your BIOS options and make sure the computer
                can't be booted off anything but the hard drive. (I'd also password
                protect the BIOS) If this is a "boot virus" I don't know as even deep
                freeze can protect from that.
              • Bob Hegerich
                Since we re on the subject of Deep Freeze, here s a curiosity question. If Deep Freeze returns the machine to its boot-up state, how does that reconcile with
                Message 7 of 11 , Nov 15, 2008
                • 0 Attachment
                  Since we're on the subject of Deep Freeze, here's a curiosity question.
                   
                  If Deep Freeze returns the machine to its boot-up state, how does that reconcile with running Inventory Manager once a day?  Would the staff have to be trained to turn Deep Freeze off and on when running IM?
                   
                  -----Bob H-----
                   
                • slw
                  When you set up Deep Freeze it has the provision to make a drive that is always thawed, In the set up there is a batch file that copies Inventory Manager files
                  Message 8 of 11 , Nov 15, 2008
                  • 0 Attachment
                    When you set up Deep Freeze it has the provision to make a drive that is always thawed,
                     
                    In the set up there is a batch file that copies Inventory Manager files to the thawed drive when it shuts down and copies it from that drive when you start IM up so there is nothing the staff has to do. Works fine
                     
                    Sterrie
                     
                    Newport News FHC


                    From: fhctech@yahoogroups.com [mailto:fhctech@yahoogroups.com] On Behalf Of Bob Hegerich
                    Sent: Saturday, November 15, 2008 4:06 PM
                    To: fhctech@yahoogroups.com
                    Subject: [fhctech] Question about Deep Freeze

                    Since we're on the subject of Deep Freeze, here's a curiosity question.
                     
                    If Deep Freeze returns the machine to its boot-up state, how does that reconcile with running Inventory Manager once a day?  Would the staff have to be trained to turn Deep Freeze off and on when running IM?
                     
                    -----Bob H-----
                     

                  • Dan
                    What I stated earlier is that if Deep Freeze is PROPERLY installed it will prevent all viruses. Proper installation, according to the Deep Freeze instructions,
                    Message 9 of 11 , Nov 15, 2008
                    • 0 Attachment
                      What I stated earlier is that if Deep Freeze is PROPERLY installed it will prevent all viruses. Proper installation, according to the Deep Freeze instructions, includes passwording the bios and disabling all methods of booting the machine except the primary hard drive. this step does protect against bot viruses.
                       
                      Dan Vester, STS
                      Prescott Az FHC


                      From: fhctech@yahoogroups.com [mailto:fhctech@yahoogroups.com] On Behalf Of Russell Hltn
                      Sent: Saturday, November 15, 2008 1:52 PM
                      To: fhctech@yahoogroups.com
                      Subject: Re: [fhctech] Question about FHC AntiVirus

                      Unless it's a blended threat, I think the rootkit would have to be
                      installed by someone with administrator rights. You may want to
                      assess who knows the admin password and just how "helpful" they might
                      be to a patron who says they need to make a change to the machine to
                      making something better.

                      In my center, the Symantec updates itself automatically each day
                      within a few minutes of the PC being turned on. I haven't done
                      anything special. It's always been that way.

                      Keep in mind that a program on a thumb drive just can't leap onto a
                      computer. It has to be "invited" somehow. So the default
                      scan-on-access should be sufficient protection.

                      However, I would check your BIOS options and make sure the computer
                      can't be booted off anything but the hard drive. (I'd also password
                      protect the BIOS) If this is a "boot virus" I don't know as even deep
                      freeze can protect from that.



                      __________ NOD32 3615 (20081115) Information __________

                      This message was checked by NOD32 antivirus system.
                      http://www.eset.com
                    • Dan
                      I used Steady State (and it s predecessor Shared Computer toolKit ) for a year, and Deep Freeze now for more than a year, and hands down Deep Freeze is by far
                      Message 10 of 11 , Nov 15, 2008
                      • 0 Attachment
                        I used Steady State (and it's predecessor 'Shared Computer toolKit') for a year, and Deep Freeze now for more than a year, and hands down Deep Freeze is by far the best of the two applications. Steady state involves placing some pretty serious restrictions on the user to keep the user from messing up the machine, plus Steady State is not compatible with Landesk. Deep Freeze allows you to open the machine totally up to the user, including giving them admin rights, and when the machine is rebooted, it returns the machine to the configuration set by the Deep Freeze administrator... everytime, without fail. Steady State is no longer an approved application to be run on any FHC computer, due to it's non-compatibility with Landesk.
                         
                        If you choose to run Steady State despite this, the usage information and inventory information for your FHC's computers gathered by HQ will not be able to be collected, and as a result, your antivirus won't stay up to date, plus your computers won't be in the HQ inventory, and will not be eligible for replacement or upgrading as it becomes necessary to function with the Church programs. Additionally, your computers and patrons will be unable to access the databases that HQ is paying for and providing free of charge to FHC's.
                         
                        Finally, Deep Freeze is available free to all FHC's, since Church HQ has already negotiated the fees with Faronics (Deep Freeze) and HQ pays those license fees for all FHC's that decide to run Deep Freeze.
                         
                        Bottom line, Steady State simply isn't a viable alternative for Family History Centers any more, and it makes no sense to run it on FHC computers.
                         
                        I've been so impressed with Deep Freeze that I purchased a copy for my personal use, and I have it on the Laptop that my son uses at High school. While other parents, and school administrators, are pulling their hair out trying to keep other student laptops working properly,  ours just keeps playing flawlessly, day in and day out.
                         
                        Dan Vester, STS
                        Prescott Az FHC


                        From: fhctech@yahoogroups.com [mailto:fhctech@yahoogroups.com] On Behalf Of Skier
                        Sent: Saturday, November 15, 2008 1:48 PM
                        To: fhctech@yahoogroups.com
                        Subject: Re: [fhctech] Question about FHC AntiVirus

                        Or another option is the free application SteadyState from Microsoft -
                        <http://www.microsof t.com/windows/ products/ winfamily/ sharedaccess/ default.mspx>

                        Dan wrote:
                        > Deep Freeze would have avoided this completely. Deep freeze will reduce
                        > your service calls at the fhc by 95%... you can go literally weeks or
                        > months with no service calls. In more than a year of running deep freeze
                        > on 11 computers in our FHC, I have not had a single incident of a patron
                        > or staff member messing anything up on the computers. This compares to
                        > having computers messed up daily prior to installing Dep Freeze.



                        __________ NOD32 3615 (20081115) Information __________

                        This message was checked by NOD32 antivirus system.
                        http://www.eset.com
                      Your message has been successfully submitted and would be delivered to recipients shortly.