The Sasser worm, which afflicted Windows users earlier this month, exploited a security hole in the Windows authentication service, which came to light when Microsoft issued its monthly patch update in April. After the patch was released, users had just over two weeks to test and install the patch before virus writers engineered and released Sasser.
But Peavey escaped Sasser by deploying a mixed workstation and server environment combined with a network that limits the damage caused by infected laptops. The IT set-up at Peavey comprises workstations operating Windows 2000 together with Linux, Unix and Novell servers.
Peavey has also chosen not to roll out Microsoft's Outlook e-mail client because of what it sees as constant security attacks targeting Outlook users. Instead, Peavey has deployed Novell Groupwise.
Additionally, the company has adopted a wait-and-see approach to patch management and has not yet installed the April patch from Microsoft (MS04-011) to fix the flaw exploited by Sasser.
Jock Shannon, Peavey Electronics' IT manager, said, "We will see what happens in the next few days before deciding whether to use the patch or not. We only like installing what we actually need, instead of downloading everything like some users."
His patch management strategy is to avoid downloading the automatic Microsoft patch updates. "I only heard about Sasser at the weekend when it started spreading, but we were not tempted to download any of the automatic patches from Microsoft because in the past we have had problems with them," he said.
"On one occasion, we could not run certain applications as a result [of installing the Microsoft patch]."
Shannon said the company's network has also been configured to protect against virus infections such as Sasser coming from laptop users logging their machines onto the company's network.
"We have built a sub-net for laptops which is protected by the Linux-based Smoothwall firewall device," Shannon said. Laptops connecting to the network are restricted to only part of the network and closed off to the rest.
Furthermore, Shannon has also considered the risk of the virus getting into the network over the company's wireless Lan. The Lan is configured to block external internet access and is mainly used for logistics purposes.
This was first published in May 2004