Virus attack on MDB

[gear]

Yesterday, my Access MDB didnt work properly. On scanning, I found a virus infected Access EXE file. After cleaning, my MDB works fine and data was intact. This has prompted me to ask these questions.
1. Can a virus attack an MDB?
2. Is it possible for data to get corrupted if I work (unknowingly) with infected Access EXE?
Grateful if members could share their experiences.

 

[Ron_dK]

On scanning, I found a virus infected Access EXE file.

Did the virus had a name ?

I have never experienced a virus in one of our Acces Dbases. This is new to me.

 

[The_Doc_Man]

I used to teach this stuff for the Dept. of Defense. You have obviously been less than fully vigilant in your mal-ware protection.

Any .EXE file can be infected with any virus that affects .EXE files. Older versions of Access have old versions of the MDAC API, which is also highly susceptible. In fact, in the last decade, MDAC has been in the SANS Institute top 20 applications vulnerabilities list. (Windows itself has been on the top 20 O/S vulnerabilities list. Makes you think, doesn't it?) Your .DLL files are just as vulnerable as the .EXE files. Macro viruses have long been known that can attack any Office product with VBA abilities - which, these days, is most of them.

However, there is good news. For money and a little bit of dedicated time, you can attack this problem to head it off.

If your sub-net has a proxy server or other common entry point that is your interface to the Internet, you can put a good firewall there. If you have a local mail server, put a good content-checking anti-virus there. Look up the topic of Intrusion Detection systems on the web, you'll get lots of good hits from commercially available products. I have had very good results from many different products.

For small sub-nets, I recommend either the Defender (Kapersky Labs) or McAfee packages. For larger sub-nets, McAfee and Symantec have good track records. Zone Alarm and Black Ice also have decent reputations. For mail server checking, McAfee and Guinevire (spelling?) are good. Each has strengths and weaknesses, so read up on whatever you are considering. You want a firewall with a simple interface, you want anti-virus and anti-spyware that is signature based, and if possible, you want the latter two packages to be configurable for auto-update and auto-scan. An anti-virus package with heuristic behavior checking would be good, too.

Now the soul-searching issue. In the last decade, the seven biggest cases of "gotcha" were attacks on known vulnerabilities that could have been closed by patching beforehand. Ever hear of NIMDA or Code Red? What about Michaelangelo? Or things in the category of the "Morris worm"...?

Patching is a pain in the patootie. But flushing your system to reload the software from the ground up and HOPE you can recover your data and HOPE you remembered to load all the layered products and HOPE you can get your sub-net back into operation before your revenue tanks... that is far worse. Patching on a regular basis and keeping up anti-intrusion software (firewall, anti-virus, anti-spyware) are the sine qua non of a healthy computer sub-net. The hackers don't sleep. They don't give up. And that means neither can you. But with a good mix of commercially available security software, you can reclaim at least some hours of sleep per week that would otherwise be lost due to recovery activities at inconvenient hours (are there any other kind in this business?).

 

[Ron_dK]

Thanks for the elaboration Doc.
Here at the office, our IT guys do the worm/virus catching with the numerous firewalls they have, So I don't need to worry.
At home I have Kapersky installed and frequently updated , but never catched a virus in any of my Office programs or mde Dbases. So I was surprised to learn that there are relatively many of those which may affect office or other programs. Thanks for notifying.

Btw : a patootie is that a worm as well ?

 

[gear]

Thanks to everybody. I will seriously look into the firewall thing. I have Norton but I dont know how it didnt detect the virus. Thanks once again.

 

[boblarson]

I have Norton but I dont know how it didnt detect the virus.

Because it's Norton. (can you tell I don't like Norton?)

 

[neileg]

Thanks to everybody. I will seriously look into the firewall thing. I have Norton but I dont know how it didnt detect the virus. Thanks once again.

The last Norton that was any good was 2002. I'd rather have viruses than the more recent versions of Norton.

At home I use AVG for anti virus, Zone Alarm as a firewall, and run frequent checks using AdAware and SpyBot. Almost 100% effective (one problem in the last 30 months).

 

[The_Doc_Man]

All I'll say is that on my home system, I used the Defende 15-in-1 package, with the anti virus, anti spy, firewall, utility tools, and a couple of the other parts of that package.

The first time you set up the firewall, it is a little wordy because it wants to ask you about every frimpin' new connection attempt. Once it has been on your system a few weeks, you hardly EVER see it again - until you are actually attacked.

The Anti Spy can be tedious when you force it into an update cycle, but it is hardly noticeable any other time. The scan takes longer to set up than it does to do the "real" scan.

If you set the anti-virus to auto-update at least once/week and auto-scan at least once/week, you'll probably never have big problems with the A/V.

The utilty tools do a good job of drive cleaning, registry cleaning, and internet cache. Also works well for startup file cleaning.

I don't have any recent experience with Norton. The Navy uses McAfee or Symantec depending on the individual machine. I use Defender at home. I'm sorry to hear that Norton has taken a swan dive into the tank since I last used it.

 

[ByteMyzer]

For anyone reading this who may not be aware of the fact, Norton Anti-Virus is a Symantec product. Also, the only NAV variants I have found not to turn your computer into a tortoise are the client-server installations; the home versions in the newer releases cause your computer to run like molasses in January.

Now, if you REALLY want to turn your computer into a doorstop, get Norton Internet Security. It checks EVERY single thing that you do, regardless of whether it might actually be related to an on-line exchange of data. (C-R-A-W-W-W-W-W-L). I tried it and was so frustrated with it that I ended up removing it in less than a week after I installed it.

 

[The_Doc_Man]

I usually advise people that it is more important that you use any package than that you get the most thorough package in the world and then don't use it. But when performance changes enough to make your machine that slow, maybe I'll take that back. But ByteMyzer, before I do, let me ask you one thing.

Does the Norton IS package have a firewall AND (this IS a compound question) are you running WinXP that has its own firewalls? The one thing about havng two great firewalls is that they hate each other's guts. So if you are running both, turn one off. If that's not what has you slowed down, then you are probably right to demean NIS.

 

[ByteMyzer]

This was on a system with Win 2K Pro, on which I attempted to install Norton Internet Security 2006. It didn't come with a firewall at the time (which it does now), but because I was also working from home and had to connect to my company's VPN, there were many transactions involved which required exchange of data between my computer and the company servers.

It was bad enough that NIS was checking EVERY single thing that I was doing, but many other features did not work, such as reverse DNS and name resolution, and any of the WAN database transactions I was required to test which required UNC path reference did not work; even IP-reference ony worked to a limited extent.

That aside, it was taking my machine 6 minutes JUST to display the desktop (let alone load all OS components); without NIS my machine boots up completely in roughly a minute. Also, every application instance freshly loaded into memory took at LEAST a minute to completely resolve.

I 86'ed the NIS installation (and did a THOROUGH manual clean-up in addition) and now run McAfee AV, and my computer is MUCH happier with me now.

 

[The_Doc_Man]

I understand, ByteMyzer. However, it is possible that part of your problem was hidden somewhere else. If reverse DNS doesn't work, you are going to get a lot of timeouts on the network stuff. That'll eat your socks every time. (Literally every time, since each network-related act tries all over again.) I'd bet that 75% of your 6 minutes was network-related. Network FAILURE related.

 

[ByteMyzer]

All I can tell you for sure is that my computer was happy until I installed NIS, and between me and a colleague, who is an I.T. admin's admin, we couldn't get it to cooperate. Then when I uninstalled NIS and went with McAfee, my computer was happy again. That's enough to put me off of Norton's line of product.

 

[The_Doc_Man]

Before I took the "train the trainer" courses for that security course I taught, I would probably have used the Norton product line myself. Back in my DOS days, Peter Norton had some really great products available. But the security gurus at my shop told me they no longer liked the Norton stuff because we wanted automatic, enforceable update from a local update server, and the Norton product (at the time) didn't allow that. It also wasn't very flexible in setting up automated scan schedules. I can say without too much fear of contradiction that the McAfee and Defender products are more flexible.

Another good thing is that once I found out about the massive "gotcha" of having two firewalls running at once on the same machine, I have never again had trouble with my machine. And the Defender firewall is pretty easy to set up once you have the license set up. Further, you can set up a renewal on line with very little difficulty.