horse, what type of environments do you looks after, purely unix or windows in the mix?
horse, what type of environments do you looks after, purely unix or windows in the mix?
Horsey; We've been good friends for a long time now, and so I don't have any reason to kiss any ass, and you know damn well I wouldn't anyway, because you know exactly what I am lol.
However, with that being said; I can tell you all this much; If TheHorse tells you something, it's probably a good idea. He's one of the BEST Computer Security people I've ever met in my entire life. And I've met a lot of people. But when it comes down to it, he's one of the VERY few people, who I actually listen to when it comes to advice.
So for whatever that may be worth; TheHorse is in general, one of the best.
I think the problem with Believing what he's telling you, is probably based on how it's being said; I personally think he's 100% correct. I have my reasons. I don't just listen to what people say and assume they're right. I'm not that way.
When it comes to the security of my little Network, I take precautions to prevent things before they happen.
I'm WAY more Comfortable in a Unix based Environment, but, to keep up my skill set, and not forget everything I know, I try to keep at least one Windows machine.
I don't do this because I want to, I mean, really, when it comes down to it, if more companies wrote Linux or BSD versions of games, I would rarely boot Windows period.
I'll give them Windows 7, that's an alright OS. But other than that and Windows 2000, all the OSs Microsoft has ever released have been ****. I'm sorry to say this, but if you use Windows on a Server, you are ASKING for it. even Script Kiddies will tell you that breaking Windows is to easy.
I've got a book here I bought YEARS ago, and in it, are a bunch of "Haxx0r Groups", and not one of them didn't forget to mention that "We wanted to do more than break into Windows Boxes, because we needed to prove we were the best, and anyone can break into Windows"..... Those are script kiddies.
When I personally have Data of great Value to me, I sure as hell don't trust Windows to look after it.
Anyone here remember Negative? Remember when he tried installing Linux? He was telling us how stupid Linux was, and the screen shot he uploaded CLEARLY showed Hardware issues. Not Software.
I pointed out that the error messages he was seeing were Hardware. He said "Well Windows has been running on this for a long time and hasn't had any problems" and I pointed out that Windows WOULDN'T tell him....
I mean when it comes down to it, Windows won't say a word. But Linux, or BSD, if they see Hardware is about to fail, or, Hardware is having trouble, it tells you.
I may not be in charge of some fortune 500 companies Network, and I may not be in charge of some middle sized Companies' Network, but I AM the BOFH of THIS network.
AV is going to probably phase out really soon. There just isn't enough reason to keep it going.
For everyone in this thread saying they run AV, ask yourself this:
When is the last time you actually saw a REAL Virus? I mean seriously. I doubt even ONE of you have seen a REAL Virus "In the wild" in at least 8 years.
This is coming from me, who used to collect them. I know it's a weird thing to collect and all that, but I used to collect Viruses. And other than the few I still have backed up, I've not seen one in a long time.
Now, after you've thought about this and answered my question, think about this:
When is the last time you saw a Worm? When is the last time you read about one?
When is the last time you heard something about, or, had to deal with yourself, some type of Malware, Spyware, or other Malicious Code that wasn't a real Virus?
Why am I asking? Because I can bet that about 100% of you are going to say the same damn thing; You haven't seen a real virus in some time now, but you may have read about a Worm making the rounds, and you all have probably had to deal with Spyware, Malware, Adware, and other annoyances.
Again, this is one reason that I can say, within the next few years, AV companies are going to have to either start doing more than one product, or sink.
I don't think it's ANY Coincidence that Norton and Mcafee all make "Internet Security Suites" and no longer sell JUST Anti Virus Software much anymore.
The Market for pure AV software, is dying out. And I will state here and now; Within 5 years, we probably won't even see it on the Shelf anymore.
I DO think that Norton and McAfee will continue their Internet Security Suites that bundle their shitty Anti Virus Software along with Spyware and Root Kit Scanners, along with the Identity Theft Protection, and Firewalls they do already, but I don't think the AV itself will last the decade.
The only reason I have AVG installed, which, again, that's an Anti Virus Product, but my reasons for having it outside of my testing, is that it can check for Root Kits, and it can check for Tracking Cookies.
I use Spybot for the same reasons basically. The reason I have both installed on my one, and only one Windows Partition, is that I'm a dude, and so I just might sometimes be on Web Sites that could infect my machine with something, and I'd like to prevent that lol.
Anyway, this Computer I'm typing this message from, has Windows 7 Home Premium 64 bit edition, and Slackware, in a dual boot scenario. I boot Windows up basically to play a few games I can't play on anything else.
All the REAL work I do, is done on BSD and Linux. I make music too, but I do all of that on BSD or Linux.
Anyway, I still say, that in the very near future, we won't see AV much anymore. They're going to have to keep up with the times and do more than just that, or, sink.
Hell, I can take the FreeBSD 8.2-RELEASE installation I did not long ago, and install ClamAV on it, but really, other than using it for a Mail Server I could set up, it only really checks for Windows Viruses.
I'm looking forward to a day where someone out there invents a Program that will allow you to play ALL games on Linux and BSD. Then, I can finally say I have no use for Windows.
IMO firewalls, IDS and IPS are anti-virus/anti-malware components.
This argument is solely about semantics, not functional protection.
Everyone protects their network in some fashion.
Semantics? lol. That's pretty cute.
My functional protection resides in cloud architecture with "functional protection" baked into the SLA from the vendor. They are much better at data centric protection than you and I combined.
Well, I don't think that there are many organisations of any size that don't run an AV product, and I don't think that there are that many admins who think that they do much good. They are a CYA insurance policy, or as TH puts it: they let you check a box on a security questionnaire.
True security comes from policies and their enforcement by whatever means.
User education is a good start, but unfortunately is something of a Holy Grail in many cases. :(
TH mentions 18% which I am guessing includes all forms of attack? I do recall posting on here quite a while back about a UK security outfit who hired coders to write around 3500 new and obfuscated malwares. These were items that you would reasonably expect an AV to detect.
They then tested against 10 of the most common AVs and I don't think that any got more than 50% and most were under 30%.
Traditional AV is hindered in that it is reactive and retrospective, and looks for the malicious code of traditional malware. These days malware isn't so much what it is, but what it does. These are the days of cybercriminals, the days of lulz are pretty much over.
AV is simply a dated checkbox that poorly written legislation requires. It is the sole reason it remains in my environments.
The statistic comes from all types of attacks, including trojans and root kits, which strangely get omitted from the stats produced by AV vendors. That's a pretty nasty trick if you ask me. I setup my own testing and it lines up perfectly with professionals around the globe who took part in this unpublished study. We knew better than to release the results because corporations are not interested in the truth, they're interested in profit. We shared the knowledge with select security pros around the globe. Those who need to know were provided with the results.
* WAN Access ControlI'm sure that most of the policies from the 80's and 90's are still in use. The only difference is the technology used to enforce those policies.Access was controlled in both directions using a combination of bastion hosts and radius servers.* LAN and Application Access Control
A callback system was used with dial-up and sat phones.Access was controlled by mac address, IP, S/Key and/or SecurID.* PC/Workstation Control
Application passwords were centrally assigned and expired frequently.Access to all resources was logged and audited for policy compliance.* User Control
Removable media and external ports were disabled.
All devices were hard wired to the LAN.Each user was vetted according to policies applicable to their position.
Each user agreed in writing to follow all policies and was given initial access codes, passwords, access devices, etc.
Policy violations resulted in immediate, non-discretionary dismissal.
Back then most threats were perceived to be from internal sources so that is where the money was spent. Today external threats are deemed more dangerous. Last week I discovered that a domain in Fuzhou, Fujian, China was using one or more of Internet.com's IP addresses for some unknown purpose. That issue was handled by IT.
A "one size fits all" approach to IT security doesn't work. The use of anti-virus/anti-malware devices and software is inexpensive and simply another tool in the network security toolbox.