BigNick
Thinks s/he gets paid by the post
I believe you but I suspect you were very lucky, or you were infected, and never knew it. I worked in and out of IT and Finance and every place I worked got infected with viruses even though thousands of intrusions were blocked. Did you leave IT before thumb drives were invented?
I'm glad you asked that because a colleague and I (he had the idea, I dug around and found the mechanism) actually developed a method of keeping worms on USB storage from getting onto PCs that worked better than Microsoft's, and was recognised as so doing by Computerworld and US-CERT. The blog post I wrote about it at the time (almost exactly 10 years ago, funnily enough) got enough hits (in its original location; it's moved since) to get me a check for $100 from Google for the advertising it generated; 10 years later, my credit balance from all my subsequent blog posts is up to about $50...
How we kept our network free from viruses more generally: we wrote scripts that checked the integrity of various bits of Windows, and ran them twice a day. This checked in on all of the major registry locations used by malware. The list of those is many orders of magnitude shorter than the list of known problems. A bonus was that we often detected people who were bringing in unauthorised devices and installing their drivers. However, this required a conscious decision by us to take responsibility for every copy of Windows. We (re-)installed it on all our PCs from scratch when we bought them, and if we had any doubt about an installation, we reformatted and reinstalled. This only took about a dozen keystrokes from the tech, so we could do this in bulk if necessary.
We got hit twice by major e-mail worms (one time because our chief executive took his laptop home, making it the only PC outside the firewall that weekend, but hey, he's the boss so the rules about security don't apply to him), but because our scripts were also able to remove undesirable entries, it usually only took a couple of hours to remove them, even from quite a large number of computers. We were also fanatical about patching, and we read a lot of literature to keep current. Many of the worst worms could be prevented by immunisation, like the memory stick solution above - just create a certain magic file and the worm would pass the PC by.
Last edited: