Share via


Haiku #56

No thanks, Theraflu.

I'll use file filtering to

Thwart those viruses.

Remember computer viruses? Well, of course, you do; sadly, computer viruses are still around, and probably will be for a long time to come. People always say that, in the event of an all-out nuclear war that totally wipes out all humanity, the one thing that would survive is the cockroach. The truth is, however, that there are probably two things that will survive: cockroaches, and some 15-year-old kid who writes computer viruses in his spare time.

Note. The big question is whether that 15-year-old kid will be able to survive on Twinkies. Some people say yes: there have long-been rumors that Twinkies have an indefinite shelf life, that they "will last longer than the cellophane they're wrapped in." For better or worse, however, that does not appear to be true. Instead, Twinkies only have a shelf life of 25 days.

And sorry, but, just by biting into one, we don’t know how to tell the difference between a good Twinkie and a bad Twinkie. We'll look into that for you.

Oh and, on the bright side, if you microwave a Twinkie for 45 seconds (on high) it will explode. Do we recommend that you try this at home? Well, we definitely don't recommend that you try it at your home. Or, we hasten to add, at our home.

But while computer viruses are still around, they're definitely not as much … fun … as they used to be. Remember the ILOVEYOU virus, which infected some 50 million computers back in the year 2000? Those were the days, huh? But those days are largely a thing of the past.

One reason that computer viruses aren't quite as big a threat as they used to be is because software makers (including us here at Microsoft) have taken a number of steps to prevent the easy propagation of viruses. For example, the ILOVEYOU virus was actually a VBScript script (a .VBS file) that was sent via Outlook. People would double-click the script attachment (thinking it was a text file) and the virus would immediately set to work, deleting files and sending copies of itself to everyone in your address book.

Note. In case you're wondering, no, the author of today's haiku was not a victim of the ILOVEYOU viruses. He gets so many emails from people telling him how they love him that, by the year 2000, he'd already given up even bothering to look at them.

Nowadays, the ILOVEYOU virus would run into a few roadblocks: you can't send a .VBS file through Outlook; you can't execute a .VBS file from within Outlook; and you can't run a script that will automatically send an email to everyone in your address book. (Instead, you must answer yes to a pop-up that asks if you really want to send that email to everyone in your address book.) All in all, it's a lot harder for a virus to get through to people, and a lot harder for people to actually activate that virus. It's not impossible but, at the same time, it's definitely tough to be a computer virus writer these days.

Note. But don't feel too bad for the virus writers. They all seem to have found gainful employment writing Facebook scams instead.

Of course, as a Lync Server administrator you might be thinking, "Hmmm, Microsoft Lync allows users to transfer files; in fact, you can easily transfer a file to everyone in a conference. Does Lync do something to help lessen the chance that someone sitting in a meeting might send a virus to everyone else sitting in that meeting?"

Funny you should ask: you bet it does. With file transfer filtering, and the CsFileTransferFilterConfiguration cmdlets (Get-CsFileTransferFilterConfiguration, New-CsFileTransferFilterConfiguration, Remove-CsFileTransferFilterConfiguration, and Set-CsFileTransferFilterConfiguration) you can take the same approach to file attachments that Outlook does: you can restrict the type of files that can be transferred based on the file extension of those files. For example, by default users are allowed to use Microsoft Lync to transfer Windows PowerShell script files (.PS1 files). You say you're a little uncomfortable with that? That's fine; you can just add the .PS1 file extension to the list of file types that can't be transferred using Microsoft Lync:

Set-CsFileTransferFilterConfiguration -Identity global -Extensions @{Add=".ps1"}

Pretty easy, huh? If you later change your mind and decide that it's OK to transfer .PS1 files after all, well, just remove that file extension from the list of prohibited file types:

Set-CsFileTransferFilterConfiguration -Identity global -Extensions @{Remove=".ps1"}

And, of course, you can use this same approach to block any file extension, not just file extensions that might be used by a virus writer. For example, we don't know of too many viruses that use either the .WMA or the .MP3 file extension. Nevertheless, you might not want people sending 500-megabyte video clips to everyone else in a meeting, or you might not want people distributing illegally-downloaded .MP3 files to all their colleagues. That's fine; all you have to do is add the .WMA and the .MP3 file extensions to the list of prohibited extensions. In fact, you can add both those extensions with a single command:

Set-CsFileTransferFilterConfiguration -Identity global -Extensions @{Add=".wma",".mp3"}

And if you don't like the idea of people transferring files at all, then just set the Action property to BlockAll:

Set-CsFileTransferFilterConfiguration -Identity global –Action BlockAll

That will disable all file transfers using Microsoft Lync.

Note. In case you're wondering, by default the Action property is set to Block. In that case, Lync will block any file extensions that appear in the list of prohibited file types. If an extension isn’t on that list, however, then Lync will allow you to transfer files of that type.

Ah, good question: how do you know which file extensions are in the list of prohibited file types? Well, if you just run the Get-CsFileTransferFilterConfiguration cmdlet without any parameters you'll be a bit disappointed; you'll get back output similar to this:

Identity : Global

Extensions : {.ade, .adp. .app, .asp…}

Enabled : True

Action : Block

As you can see, in that case Get-CsFileTransferFilterConfiguration shows you only the first few extensions on the list; that's probably not what you had in mind. To see the complete list, use a command similar to this one:

Get-CsFileTransferFilterConfiguration -Identity global | Select-Object –ExpandProperty Extensions

Give that a try and see what happens.

Now, admittedly, until software makers figure out a way to do away with users altogether you'll never be 100% protected from computer viruses or from people overloading the network by sharing videos of their cat. Still, the CsFileTransferFilterConfiguration cmdlets can help, and will definitely give you fewer things to worry about when it comes to Lync Server administration.

Note. Oh, and you shouldn't worry about cockroaches, either. Cockroaches can go a month without food, can got 45 minutes without air, and have been known to go as long as 7.5 minutes without sending a text message or checking their email (!). Cockroaches will be just fine.