what is the best antivirus solution, for CNC machine connected to the internet.

if you would like to advertise or buy a link from this blog it’s hard times so I’ll probably sell one.
what OS and virus issues are optimal for my CNC machine.
Answer:
thanks to my readers for contributing their thoughts and suggestions on this solution.
Virus programs look for a specific bite sequence say 12-14-18-99 to identify a virus. These codes are like a plan where 12 = go to the store, 14 fix breakfast, etc. If you rewrite the code so that you fix breakfast first then the store, you have a totally different program undetectable to any virus program. There’s it is quite simple if you have the code. Swap a line or too and bingo you’ve got a totally different program.In order to find a virus the program has to know that you have one. Each company finds different ones at different times. Say today I’m McAfee and I found 3 but Avast might have located 3 totally different or even 3 of the same just different strands. It might be a week and it might never happen when all 6 are detected by both programs. So I watch my computer speed, task manager and memory usage, test with 3-5 antivirus different programs most of the time once a month.  Spybot search and destroy particularly is a good program to invest your memory usage in to run it all the time because it will alert you each time a change to the registry is about to be made.An interesting trick is CTRL-ALT-DELETE and when the screen comes up press print screen. Then load a paint program and paste the results then save. Also run regedit and search for runonce. Check in runonce and everything in the run direcory above it. I know all programs that are loaded. That catches most bugs but there are some that are allot smarter than that.
Also check the Run Folders in Regedit and delete anything that is not supposed to be there these won’t harm your machine, as these are the programs that run at startup. 1) My office machine (XP) runs the CAD/CAM, and post and the file goes to flash after it’s been tested in a virtual mill.This machine has no AV since it’s backed up and I don’t want the penalty hit, but that’s up to the individuals preference.
AntiVir, AVG, Ad Aware, Spybot S&D, and AVAST are all good Free AntiVirus programs. If you are using McAfee supplied by Cox Cable I would suggest getting it off your computer as fast as possible. I used CA security software for almost 10 years. The last 2 years it was free with Cox Cable until they switched to McAfee without even telling their customers. I do have all my CNC systems on the net (that server is also the firewall, with two net adapters on it). I send the G-code files back and forth from my main desktop, and also back up anything I want to keep from the CNC machines at the desktop. There is plenty of web server software for Linux. With the possible exception of EMC, what’s available for CNC control? What do the Heidenhains and Faucs of the world use? Could any of us even afford their stuff? I’m guessing not?Most of those “name brand” controls are quite proprietary, although some may have Windows or something under them for net and floppy connectivity. (I know Bridgeport Ez-Trak runs on Windows.) EMC is not a “possible” exception.
Most (over 99%) home and small business users are behind a nat connection using some form of xdsl (cable modems are a form of xdsl). This cuts down on 99.9xx % of all possible hack-in attempts. That why the windows boxes stay lice-free 😉 If you put a straight connection ie direct routed ip connection to a windows box, it is almost always possible to break in to a windows box. Automated scripts that scan all ip address spaces run continuously, and will enter the windows box and set up a backdoor of some kind. Average break-in time to a windows box directly hooked up to the net is under 10 minutes, as was said.The exchange servers etc and web servers usually use a routed port to allow external connections. A direct routed connection is rare, unless you have public server (rare) and a direct T1 line or better.If an exchange server is compromised, chances are You would not know it. Zonelarm, McAfee and most antivirus software will not see any of the good hacks, because there are so many variations with virus’s and antivirus software only recognizes trojans that they have logged in their database. as stated before it only takes a little tweaking to make a completely new virus. Really good break-ins use private rootkits. McAfee etc commercial stuff will not detect these, as the exact root-kit is private and has never been seen my McAfee, Norton, etc. They wont have the check sums. Using an app called process explorer can help with tracking down the dll and other files that are the cause of the virus, if you have a file that you can not delete, besides downloading unlocker. this is the best you can do.

One of the most the most effective thing to do is for your router to direct ports to different PC’s on your network.  Only a few ports should be allowed, all others should be blocked. (Verified by a couple of free outside scanning services) Use filter/watchdog software on the server that detects situations on the Exchange server that should not be happening. (IE Hacks) A few years back on my friends server a few strange things occurred. It was probably hacked, the software was corrupted, and it had to be reloaded. However the server software knew that something was wrong. Reloading the PC and applying some newer Exchange updates fixed those problems and started throwing errors.  All of this can run as part off the shelf MS software. MS Exchange and IIS are fairly solid. Use a router, putting a PC directly on the net without a router. Is like parking a car in NYC with the keys in it and wondering why it was stolen? Your router is your first line of defense in antivirus and acts as the most effective type of firewall. Some may say thinking Linux is necessary to run a server or CNC successfully on the net, this is not necessarily true is nonsense Coldwellbanker.com and NFL.com are both runningon standard MS server software. The MS software does the job. The downside is that it is not free. The upside is that it is pretty easy to configure.
Getting your CNC online
Although in theory hooking up CNC machines to a network should streamline the manufacturing process, as well as provide operators and manufacturers with a fast way to communicate with each other and directly with the machine, several issues may need to be addressed. Very few CNC machines come with built in Ethernet capabilities. Instead they continue to be manufactured with RS-232 ports, and those that do come with optional Ethernet ports don’t appear to work well with even simple connectivity options—instead of making the most of the ability to link with other machines, the Ethernet port is simply being used to download programs and store them on the machine.
If CNC machines use Ethernet to assert their presence in a network, much like a computer, possibilities begin to take shape. An operator could communicate directly with the machine and get necessary feedback regarding programming or processing errors. The is already an increasing demand for CNC machines to be made Ethernet ready so they can appear on a company-wide network, and, ultimately, the internet.
Current Solutions
Despite the fact that many manufacturers work with older R2-232 connected machines, it is still possible to connect these machines to the internet. Modern Machine Shop Online (hyperlink: http://www.mmsonline.com/article.aspx?id=13808) offers the following three tips for making older machines Ethernet-ready:
1.      Using a PC that is already connected to the internet, run an RS-232 cable to the PC RS-232 port.
2.      To connect multiple CNC machines, run RS-232 cables to a switchbox that is connected to an internet-active PC
3.      Connect directly to a network by using an RS-232 cable to connect to an Ethernet-to-RS-232 converter—then connect the converter to a PC that is actively connected to the network or internet, or connect the converter directly to the network.

Advertisements

3 thoughts on “what is the best antivirus solution, for CNC machine connected to the internet.

  1. there are some good resources here for, free security and antivir software, for me the open source, unlocker is a must, because i can’t stand having a process run and not being able to turn it off. when that does not work i use process explorer to track down the bug. this pretty much breaks down what my thoughts as far as connecting my CNC to the internet, it’s a risk, but the payoff is huge.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s