May 21st, 2008, 11:04 PM
Antivirus is "completely wasted money."
Quotes are from John Stewart, Cisco's chief security officer...
Originally from ZDNet
"If patching and antivirus is where I spend my money, and I'm still getting infected and I still have to clean up computers and I still need to reload them and still have to recover the user's data and I still have to reinstall it, the entire cost equation of that is a waste.
"It's completely wasted money" [...]
"There are too many companies in the world that actually believe infection is just a cost of doing business and are getting used to doing it--as opposed to stopping it completely. That's dangerous."
May 22nd, 2008, 04:57 AM
Scripting lays waste to the best of security plans.
Having said that, Stewart protests too much. No way around patching.
It's stupid not to patch, unless you're running a honeypot. The worst
virus outbreaks I've seen in an enterprise environment were ALL attributeable
to a failure to patch, whether it was the OS or the AV app (Symantec).
Funny how he mentions nothing about training or policy. I used to have
users bring me their laptops crammed with warez or spyware from sex
sites. Personally, I would've written them up. But the company would
do n-o-t-h-i-n-g about it. Some security issues are just out-and-out personnel
issues. If companies don't want to enforce AUP's, they're asking for it.
Last edited by brokencrow; May 22nd, 2008 at 04:59 AM.
“Everybody is ignorant, only on different subjects.” — Will Rogers
May 22nd, 2008, 06:43 AM
I entirely agree with brokencrow, as his experience is the exact same as my own.
There is no point in having an AUP if you don't enforce it; or a security policy if you don't apply it.
There is a possible way forwards IMHO. You need to advise the senior management that there is such a thing as regulatory compliance. Now if they have the policies it is a clear indication that they are aware of their duties............. failure to implement and impose these policies is clearly reckless indifference or criminal negligence.
I have known that approach to work as a wake up call
As for patching............... it is a fact of life, and outside your control unless you have written your own operating system and applications (which CISCO have). Patching vulnerable applications and operating systems is certainly not a waste of money, it isn't even optional IMO. If you know that you have a vulnerable system there is no excuse. OK you could argue that you shouldn't have to spend money on it but hey, welcome to the real World John
Hmmmm, John Stewart...... CISCO
Perhaps he should read this thread:
It seems that CISCO are going to have to do some patching of their own PDFQ
"People in glasshouses shouldn't throw stones"
And then there is this:
As for AV products I guess that it all depends on what they do. These days they are more along the lines of security suites, so they do rather more than scan against pattern files. Stuff like blocking executables in incoming e-mails is still useful. There is also the concept of CYA. You wouldn't last long if you let your system get trashed by some old malware, and most IT managers are aware of that. Basically if you are running the latest updated security suite and something doesn't get detected you are much less likely to get the blame.
It’s Patch Day in the land of Cisco. The network routing and switching giant today released three security bulletins with patches for multiple vulnerabilities affecting the Cisco Voice Portal and the Secure Shell server (SSH) implementation in Cisco IOS.
The most serious of the vulnerabilities carries a CVSS Base Score of 9.0 and can lead to privilege escalation attacks against businesses using the Cisco Unified Customer Voice Portal (CVP).
When it comes to whitelists and blacklists I think that he oversimplifies. Sure, a whitelist of approved applications is a fine idea in theory but it can be an horrendous task setting it up in a large and complex environment. Even when you have bitten that bullet, there is still the issue of the approved applications themselves getting compromised.
Also, where you allow internet access you should have a content filter, which is basically blacklist technology, so you would need both.
That would also apply where you have to give users certain privileges and a blacklist is the only way to block the worst of their possible excesses.
Last edited by nihil; May 22nd, 2008 at 11:12 AM.
By dalek in forum Spyware / Adware
Last Post: December 15th, 2005, 10:37 PM
By TSR in forum AntiVirus Discussions
Last Post: July 3rd, 2004, 09:19 PM
By SDK in forum Miscellaneous Security Discussions
Last Post: May 25th, 2004, 03:06 PM
By hellforgedangel in forum Newbie Security Questions
Last Post: April 29th, 2004, 10:58 PM
By muffinman in forum AntiOnline's General Chit Chat
Last Post: May 29th, 2003, 04:52 PM