Results 1 to 3 of 3
  1. #1
    Join Date
    Aug 2001

    Antivirus is "completely wasted money."

    Originally from ZDNet

    "If patching and antivirus is where I spend my money, and I'm still getting infected and I still have to clean up computers and I still need to reload them and still have to recover the user's data and I still have to reinstall it, the entire cost equation of that is a waste.

    "It's completely wasted money" [...]

    "There are too many companies in the world that actually believe infection is just a cost of doing business and are getting used to doing it--as opposed to stopping it completely. That's dangerous."
    Quotes are from John Stewart, Cisco's chief security officer...

  2. #2
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Shawnee country
    Scripting lays waste to the best of security plans.

    Having said that, Stewart protests too much. No way around patching.
    It's stupid not to patch, unless you're running a honeypot. The worst
    virus outbreaks I've seen in an enterprise environment were ALL attributeable
    to a failure to patch, whether it was the OS or the AV app (Symantec).

    Funny how he mentions nothing about training or policy. I used to have
    users bring me their laptops crammed with warez or spyware from sex
    sites. Personally, I would've written them up. But the company would
    do n-o-t-h-i-n-g about it. Some security issues are just out-and-out personnel
    issues. If companies don't want to enforce AUP's, they're asking for it.

    Last edited by brokencrow; May 22nd, 2008 at 04:59 AM.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    I entirely agree with brokencrow, as his experience is the exact same as my own.

    There is no point in having an AUP if you don't enforce it; or a security policy if you don't apply it.

    There is a possible way forwards IMHO. You need to advise the senior management that there is such a thing as regulatory compliance. Now if they have the policies it is a clear indication that they are aware of their duties............. failure to implement and impose these policies is clearly reckless indifference or criminal negligence.

    I have known that approach to work as a wake up call

    As for patching............... it is a fact of life, and outside your control unless you have written your own operating system and applications (which CISCO have). Patching vulnerable applications and operating systems is certainly not a waste of money, it isn't even optional IMO. If you know that you have a vulnerable system there is no excuse. OK you could argue that you shouldn't have to spend money on it but hey, welcome to the real World John

    Hmmmm, John Stewart...... CISCO

    Perhaps he should read this thread:


    It seems that CISCO are going to have to do some patching of their own PDFQ

    "People in glasshouses shouldn't throw stones"

    And then there is this:


    It’s Patch Day in the land of Cisco. The network routing and switching giant today released three security bulletins with patches for multiple vulnerabilities affecting the Cisco Voice Portal and the Secure Shell server (SSH) implementation in Cisco IOS.
    The most serious of the vulnerabilities carries a CVSS Base Score of 9.0 and can lead to privilege escalation attacks against businesses using the Cisco Unified Customer Voice Portal (CVP).
    As for AV products I guess that it all depends on what they do. These days they are more along the lines of security suites, so they do rather more than scan against pattern files. Stuff like blocking executables in incoming e-mails is still useful. There is also the concept of CYA. You wouldn't last long if you let your system get trashed by some old malware, and most IT managers are aware of that. Basically if you are running the latest updated security suite and something doesn't get detected you are much less likely to get the blame.

    When it comes to whitelists and blacklists I think that he oversimplifies. Sure, a whitelist of approved applications is a fine idea in theory but it can be an horrendous task setting it up in a large and complex environment. Even when you have bitten that bullet, there is still the issue of the approved applications themselves getting compromised.

    Also, where you allow internet access you should have a content filter, which is basically blacklist technology, so you would need both.

    That would also apply where you have to give users certain privileges and a blacklist is the only way to block the worst of their possible excesses.
    Last edited by nihil; May 22nd, 2008 at 11:12 AM.

Similar Threads

  1. Antispyware vs Antivirus
    By dalek in forum Spyware / Adware
    Replies: 9
    Last Post: December 15th, 2005, 11:37 PM
  2. New Version 3.15 of F-Prot Antivirus for Windows
    By TSR in forum AntiVirus Discussions
    Replies: 0
    Last Post: July 3rd, 2004, 09:19 PM
  3. Symantec Norton AntiVirus 2004 ActiveX Control Vulnerability
    By SDK in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: May 25th, 2004, 03:06 PM
  4. Learning to program from a security point of view
    By hellforgedangel in forum Newbie Security Questions
    Replies: 13
    Last Post: April 29th, 2004, 10:58 PM
  5. I thought this was funny( note the antivirus part)
    By muffinman in forum AntiOnline's General Chit Chat
    Replies: 0
    Last Post: May 29th, 2003, 04:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts