Disaster imminent



  • I received the following joyous email from our company's network admin this morning:

     

    Hi All,

    There is a new rule at [company name] in future around server access.

    As the server Operating Systems are not able to run MSE, all external drives/memsticks are to be scanned by me before inserting into servers directly.

    Alternately – you can plug the drive into your local PC (which has updated MSE installed and running) and copy it via the network to the server.

    Thanks,
    [network administrator]

    Fearing the worst, I replied with the following:

     

    So what you’re saying is that there is no antivirus software installed on our servers?

    Sounds like a recipe for disaster...

    and got the following response:

     

    Correct.
    But if the dev PCs are the only path for virus’s to get to the servers we’ll be fine.
    Sadly there are no free (or even reasonably priced) server AV software out there and with [company name] having many servers it will be a massive increase in costs.

    Ah, the joys of working for a company that's too cheap to buy AV software for servers... the servers that host the domain controller, all the company's source code, weekly code and email backups from all the dev PCs, ...

    This is also a company that's too cheap to buy proper server-grade equipment - for the past month we've been sitting with a primary database server that was behaving erratically. Only recently was it discovered that half the server's memory is faulty, hence causing the stability issues. Now everyone who was using that server has to (a) find a new server to work on (hint: we don't have a backup server, so we're all pretty much screwed) and (b) redo a month's worth of testing.

    I suggested that maybe, just maybe, buying ECC RAM might have given advance warning, and that it might be a good idea to buy ECC RAM for all the servers going forward. Naturally, I was ignored.

    Next time a server crashes due to faulty memory, I'm going to print "I TOLD YOU SO" in 72pt font and stick the paper up above the server... maybe that will get the message across.

     

    mod: fixed pre tags. -dh



  •  RUN



  • @dhromed said:

     RUN

    _File: <blink reason="Had to try">█</blink>



  • A future rule is no direct insertion of removable media in the server? Why was this not in effect already?

    Also how would a virus be activated by inserting removable media?
    If the way would be to copy it to the server and then activate it by hand somehow,... the same problem exists with a client without AV. The problem would be that arbitrary clients can run arbitrary programs on the server.
    If it would somehow auto-run then, wel... TRWTF right there.



  • @The_Assimilator said:

    I'm going to print "I TOLD YOU SO" in 72pt font and stick the paper up above the server... maybe that will get the message across.
    While this is vastly more satisfying, I find that a calculation of income lost is usually more effective. Calculate total person hours, multiply by cost per hour and put result in column A. Then put software/hardware cost in column B. Casually show comparison to management.

    In the meantime implement your own independent backup strategy. 



  • @pbean said:

    A future rule is no direct insertion of removable media in the server? Why was this not in effect already?

    Also how would a virus be activated by inserting removable media?

     

     AutoRun and AutoPlay, maybe? They already run no AV so that stuff is most likely still enabled ...



  • If they really want to save some money and stress, see if you can get them to drop the consumer-grade malware-friendly OS for something that WON'T make you sick and kill you.



  • @The_Assimilator said:

    Ah, the joys of working for a company that's too cheap to buy AV software for servers.
    We use ClamAV.



  • Heh, I had to Google what "MSE" was. Second result was Mental status examination. I guess it's apt: you'll need your head read to trust Microsoft with your security! (For the record my office doesn't really use AV either, but we are mostly Mac/Linux...)



  • @DOA said:

    @The_Assimilator said:

    I'm going to print "I TOLD YOU SO" in 72pt font and stick the paper up above the server... maybe that will get the message across.
    While this is vastly more satisfying, I find that a calculation of income lost is usually more effective. Calculate total person hours, multiply by cost per hour and put result in column A. Then put software/hardware cost in column B. Casually show comparison to management.

     

     Ah, but the expenses of recovering from the server failure have already been incured, and it's much cheaper to send out a memo delcaring that, by fiat, this will not happen again, than to actually buy better equipment.

     



  • @Zemm said:

    I guess it's apt: you'll need your head read to trust Microsoft with your security! (For the record my office doesn't really use AV either, but we are mostly Mac/Linux...)
    I'd trust Microsoft well before I trusted a guy in a penguin t-shirt two sizes too small.



  • @Tyler said:

    it's much cheaper to send out a memo delcaring that, by fiat, this will not happen again
    That's the FEMA strategy that has kept New Orleans safe from hurricanes since Katrina.  Too bad they didn't mention oil spills in that memo, too.



  • @The_Assimilator said:

    Sadly there are no free (or even reasonably priced) server AV software out there and with [company name] having many servers it will be a massive increase in costs.

    Fantastic. Work out one of the many ways that a system-killing virus could get on there, and then get written instructions to go and do one of those things - after spending a month only pretending to work, of course...



  • @bstorer said:

    @Tyler said:

    it's much cheaper to send out a memo delcaring that, by fiat, this will not happen again
    That's the FEMA strategy that has kept New Orleans safe from hurricanes since Katrina.  Too bad they didn't mention oil spills in that memo, too.

    Actually, the oil spill was created by us to protect against future hurricanes.  Our reasoning is that so long as oil fills the delta God wouldn't possibly be cruel enough to send another hurricane causing crude-slicked storm surges.  As with most of our policies, this one is heavily predicated on prayer and on us being able to do more damage than Nature, thus making the natural disaster look less bad by comparison.

     

    Love,

    FEMA



  •  Tell him about NOD32 Business Edition, it's about 60-100$ for one year and runs on servers too. The Enterprise version is more expensive but you get discounts for several servers.



  • @pbean said:

    A future rule is no direct insertion of removable media in the server? Why was this not in effect already?

    Also how would a virus be activated by inserting removable media?
    If the way would be to copy it to the server and then activate it by hand somehow,... the same problem exists with a client without AV. The problem would be that arbitrary clients can run arbitrary programs on the server.
    If it would somehow auto-run then, wel... TRWTF right there.

    And how are these people even physically getting to the server? It's in an unlocked room? The company won't pay for locks?



  • @blakeyrat said:

    @pbean said:
    A future rule is no direct insertion of removable media in the server? Why was this not in effect already?

    Also how would a virus be activated by inserting removable media?
    If the way would be to copy it to the server and then activate it by hand somehow,... the same problem exists with a client without AV. The problem would be that arbitrary clients can run arbitrary programs on the server.
    If it would somehow auto-run then, wel... TRWTF right there.

    And how are these people even physically getting to the server? It's in an unlocked room? The company won't pay for locks?

    Well, they have locks on the outside of the building.  Sadly, there are no free or reasonably priced server door locks out there and with [company name] having many doors it will be a massive increase in cost.  Instead, there is a new rule that anyone wishing to open a door must clear it with [network administrator] first.



  • @bstorer said:

    @blakeyrat said:

    @pbean said:
    A future rule is no direct insertion of removable media in the server? Why was this not in effect already?

    Also how would a virus be activated by inserting removable media?
    If the way would be to copy it to the server and then activate it by hand somehow,... the same problem exists with a client without AV. The problem would be that arbitrary clients can run arbitrary programs on the server.
    If it would somehow auto-run then, wel... TRWTF right there.

    And how are these people even physically getting to the server? It's in an unlocked room? The company won't pay for locks?

    Well, they have locks on the outside of the building.  Sadly, there are no free or reasonably priced server door locks out there and with [company name] having many doors it will be a massive increase in cost.  Instead, there is a new rule that anyone wishing to open a door must clear it with [network administrator] first.

    They're like $50! How many billions of doors do you have?!

    To clarify: you don't need to get awesome-wicked-cool RFID locks, just use a key if you're short on cash.



  • @blakeyrat said:

    @bstorer said:

    @blakeyrat said:

    @pbean said:
    A future rule is no direct insertion of removable media in the server? Why was this not in effect already?

    Also how would a virus be activated by inserting removable media?
    If the way would be to copy it to the server and then activate it by hand somehow,... the same problem exists with a client without AV. The problem would be that arbitrary clients can run arbitrary programs on the server.
    If it would somehow auto-run then, wel... TRWTF right there.

    And how are these people even physically getting to the server? It's in an unlocked room? The company won't pay for locks?

    Well, they have locks on the outside of the building.  Sadly, there are no free or reasonably priced server door locks out there and with [company name] having many doors it will be a massive increase in cost.  Instead, there is a new rule that anyone wishing to open a door must clear it with [network administrator] first.

    They're like $50! How many billions of doors do you have?!

    First of all, they're all dutch doors, so now you're up to $100 per door.  Second, most of them are double doors, so now you're up to $200.  Third, each lock has to be installed, which gets you to $250 a door.  And then, after all of that, you have to buy a keychain, and maybe a hook to put the keychain on, and probably a place to store the backup copies, which will need its own door and keys and key chains and hook and own place to store it ad infinitum.  Congratulations, you've just spent $Infinity dollars.@blakeyrat said:
    To clarify: you don't need to get awesome-wicked-cool RFID locks, just use a key if you're short on cash.
      What if someone were to insert a malicious key?  We'd still need a new rule forbidding anyone to insert a key into a lock until the key had been scanned.



  • @bannedfromcoding said:

    @dhromed said:

     RUN

    _File: █

    You win.



  • @cklam said:

    @pbean said:

    A future rule is no direct insertion of removable media in the server? Why was this not in effect already?

    Also how would a virus be activated by inserting removable media?

     

     AutoRun and AutoPlay, maybe? They already run no AV so that stuff is most likely still enabled ...

     

    Yup. The past month or so my virus scanner detected 2 of those. Apparently, this is one of the more popular attack vectors these days.



  • @Lingerance said:

    @The_Assimilator said:
    Ah, the joys of working for a company that's too cheap to buy AV software for servers.
    We use ClamAV.

    We're a completely Microsoft shop, which makes the whole scenario even more ridiculous because as an MSDN Gold Partner we get all our OSes and development tools for next to nothing You'd think all that saved cash could be spent on decent AV protection, but nooo.

    @blakeyrat said:

    @pbean said:
    A future rule is no direct insertion of removable media in the server? Why was this not in effect already?

    Also how would a virus be activated by inserting removable media?
    If the way would be to copy it to the server and then activate it by hand somehow,... the same problem exists with a client without AV. The problem would be that arbitrary clients can run arbitrary programs on the server.
    If it would somehow auto-run then, wel... TRWTF right there.

    And how are these people even physically getting to the server? It's in an unlocked room? The company won't pay for locks?

    The servers are stored in a locked room with a fireproof door, but (a) this room is unlocked by the network admin when he gets to work and remains unlocked until he leaves (assuming he remembers to re-lock it), (b) the spare key to said room is hung by the receptionist's desk "in case of emergency" and everyone in the company knows about it.



  • @blakeyrat said:

    They're like $50! How many billions of doors do you have?!
     

    There's this white corridor with lots and lots of teal doors.

    Last time, lots of idiots in black suits came through. We don't want that to happen again, but we do want a reasonable price for infinity dollars doors.



  • @The_Assimilator said:

    @Lingerance said:
    @The_Assimilator said:
    Ah, the joys of working for a company that's too cheap to buy AV software for servers.
    We use ClamAV.

    We're a completely Microsoft shop, which makes the whole scenario even more ridiculous because as an MSDN Gold Partner we get all our OSes and development tools for next to nothing You'd think all that saved cash could be spent on decent AV protection, but nooo.

    Isn't there a Windows port?


  • http://www.clamwin.com/

    But I personally believe this is not just a case of them being cheap, they are being extremely ignorant. They might even ignore this possibility, because they apparently don't see the advantages of AV.

    If they don't have an idea of what an infection might cost in lost productivity or data or damage to customers, not even free software can help them.



  • @cklam said:

    @pbean said:

    A future rule is no direct insertion of removable media in the server? Why was this not in effect already? Also how would a virus be activated by inserting removable media?
     

     AutoRun and AutoPlay, maybe? They already run no AV so that stuff is most likely still enabled ...

    Autorun only runs for a session attached to a local console. Now, why would they allow local non-administrative login on a server?

     More likely infection scenario is that a compromised user machine infects the files on the server writeable for that user. Most of the time, it's some dump of software install packages, etc.



  •  I had a similar experience as OP:

    Job was too cheap to buy us monitors. So we were stuck with 10 inch monitors on shitty laptops as our primary dev environment. We had to fight over who gets a monitor when someone leaves. I was blessed with a 12-inch monitor whith tons of dead pixels.

    Job was too cheap to buy high quality sd ram, so every other week my computer would go crazy, I would lose 1-2 days of work effort and get my ram replaced to an equally shitty 10 dollar stick of ram. Cost savings on Ram: 100 dollars. Developers siting around doing nothing because the computer can't do anything: a few grand. Wooh good savings.

     

    Wait if you think that is all, you have got to be shitting me.

     

    The laptops were intended so that we can work from home or any time, thus we have to carry them all the time. The laptop was hurting my back constantly being carried along with other crap. However since I didn't have a key to any lock on my desk I could not leave it in my desk. But wait. Theres More. See if I was to actually work from home, which was the "intention" of the laptop since we used clearcase it was 100% unfeasable. Did you ever try using clearcase over cable connection? Trust me unless you are on lan don't bother. Right clicking took 30 seconds to 2 minutes.

     

    Well thats it I guess...

     

     

    GOTCHA!

     

    They were too cheap to get us keyboards/mice/mouse pads.



  • @astonerbum said:

    Job was too cheap to buy us monitors. So we were stuck with 10 inch monitors on shitty laptops as our primary dev environment. We had to fight over who gets a monitor when someone leaves. I was blessed with a 12-inch monitor whith tons of dead pixels.

    Job was too cheap to buy high quality sd ram, so every other week my computer would go crazy, I would lose 1-2 days of work effort and get my ram replaced to an equally shitty 10 dollar stick of ram. Cost savings on Ram: 100 dollars. Developers siting around doing nothing because the computer can't do anything: a few grand. Wooh good savings.

    How do they have any employees at all? The economy isn't that bad.



  • @blakeyrat said:

    How do they have any employees at all? The economy isn't *that* bad.
     

    4yr ago. I was intern -> part time -> jr dev. I didn't know any better. Turnover rate was very high.



  • @astonerbum said:

    @blakeyrat said:

    How do they have any employees at all? The economy isn't *that* bad.
     

    4yr ago. I was intern -> part time -> jr dev. I didn't know any better. Turnover rate was very high.

    Why are you complaining, then?  The high turnover rate would make up for just about any other shortcomings.  Turnovers are delicious.


  • @bstorer said:

    Turnovers are delicious.
     

    What, as in, you're working her, and then you say, Turn over, baby. And then you continue working her.

    Like that?



  • @dhromed said:

    @bstorer said:

    Turnovers are delicious.
     

    What, as in, you're working her, and then you say, Turn over, baby. And then you continue working her.

    Like that?

    Exactly like that, only with a delicious fruit filling.


  • @bstorer said:

    delicious fruit filling.
     

    Cucumber, squash, eggplant, or multiples thereof.



  • @dhromed said:

    @bstorer said:

    delicious fruit filling.
     

    Cucumber, squash, eggplant, or multiples thereof.

    Considering my size, I was thinking more along the lines of watermelon.


  • @bstorer said:

    my
     

    +1 subtle

     @bstorer said:

    watermelon

    -100 subtle

     


  • :belt_onion:

    @bannedfromcoding said:

    @dhromed said:

     RUN

    _File: █

     

    C:\Dos\Run █


Log in to reply