Many users don't get the point of why systems administrators have a zero-tolerance policy about installing "harmless" applications on their computers at the office. The point, of course, is security. With the demise of the Napster network, many systems administrators breathed a sigh of relief. Not only did the problem of users sucking up expensive network bandwidth by trading files on the best-known peer-to-peer (P2P) network go away, but the number of files that might introduce viruses to the network diminished.
Many systems administrators try to enforce a zero-tolerance policy by blocking the ports that P2P file transfers use. Of course, this step doesn't stop users who use laptops from installing P2P software at home on their own time, but that isn't really something that a local administrator can easily control. So, company systems remain vulnerable when users bring their laptops back to work.
Although Napster might be little more than a painful memory for systems administrators, other P2P file-sharing networks have cropped up. One of the most popular of these newer services is Sharman Networks' KaZaA Media Desktop. Unfortunately, but unsurprisingly, KaZaA has attracted its first virus, Worm.Kazaa.Benjamin, written explicitly to exploit the way users use the KaZaA software to share files. Kaspersky Lab has added Worm.Kazaa.Benjamin to its virus library and explains in detail how the worm works.
As with many of today's exploits, Worm.Kazaa.Benjamin requires user interaction. Users need to launch the worm locally on their own machines to cause a security threat. If users bring infected files to the office on their laptops, such "harmless" applications can put the company's systems at risk. Fortunately, all Worm.Kazaa.Benjamin seems to do is launch a German Web page that displays an advertisement. Because the Web page that the worm points to merely reveals a message that says that the domain has been closed down because of massive bandwidth abuse, other major antivirus software vendors haven't yet bothered to announce definition files for Worm.Kazaa.Benjamin.
Although Worm.Kazaa.Benjamin might be harmless, KaZaA and similar software add a new entry vector for potentially harmful attacks. Training users not to install unapproved software on their work computers is difficult—especially users who use laptops and have higher access levels than network-attached users have. What are you doing to educate your users and counteract the antivirus threat unapproved software causes? I'd like to hear from systems administrators who've dealt successfully with this user-behavior problem. Even users who tell me that their companies have a zero-tolerance policy in place can relate stories about what happens when that policy catches a senior executive. (I'll bet you can guess the results.) So, let me know what you do to control your mobile users: I'll organize the responses and present the results in a future Windows Client UPDATE.
