Can you really get by with no av on a windows box - Page 3
Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 45

Thread: Can you really get by with no av on a windows box

  1. #21
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    horse, what type of environments do you looks after, purely unix or windows in the mix?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #22
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Horsey; We've been good friends for a long time now, and so I don't have any reason to kiss any ass, and you know damn well I wouldn't anyway, because you know exactly what I am lol.

    However, with that being said; I can tell you all this much; If TheHorse tells you something, it's probably a good idea. He's one of the BEST Computer Security people I've ever met in my entire life. And I've met a lot of people. But when it comes down to it, he's one of the VERY few people, who I actually listen to when it comes to advice.

    So for whatever that may be worth; TheHorse is in general, one of the best.

    I think the problem with Believing what he's telling you, is probably based on how it's being said; I personally think he's 100% correct. I have my reasons. I don't just listen to what people say and assume they're right. I'm not that way.

    When it comes to the security of my little Network, I take precautions to prevent things before they happen.

    I'm WAY more Comfortable in a Unix based Environment, but, to keep up my skill set, and not forget everything I know, I try to keep at least one Windows machine.

    I don't do this because I want to, I mean, really, when it comes down to it, if more companies wrote Linux or BSD versions of games, I would rarely boot Windows period.

    I'll give them Windows 7, that's an alright OS. But other than that and Windows 2000, all the OSs Microsoft has ever released have been ****. I'm sorry to say this, but if you use Windows on a Server, you are ASKING for it. even Script Kiddies will tell you that breaking Windows is to easy.

    I've got a book here I bought YEARS ago, and in it, are a bunch of "Haxx0r Groups", and not one of them didn't forget to mention that "We wanted to do more than break into Windows Boxes, because we needed to prove we were the best, and anyone can break into Windows"..... Those are script kiddies.

    When I personally have Data of great Value to me, I sure as hell don't trust Windows to look after it.

    Anyone here remember Negative? Remember when he tried installing Linux? He was telling us how stupid Linux was, and the screen shot he uploaded CLEARLY showed Hardware issues. Not Software.

    I pointed out that the error messages he was seeing were Hardware. He said "Well Windows has been running on this for a long time and hasn't had any problems" and I pointed out that Windows WOULDN'T tell him....

    I mean when it comes down to it, Windows won't say a word. But Linux, or BSD, if they see Hardware is about to fail, or, Hardware is having trouble, it tells you.

    I may not be in charge of some fortune 500 companies Network, and I may not be in charge of some middle sized Companies' Network, but I AM the BOFH of THIS network.

    AV is going to probably phase out really soon. There just isn't enough reason to keep it going.

    For everyone in this thread saying they run AV, ask yourself this:

    When is the last time you actually saw a REAL Virus? I mean seriously. I doubt even ONE of you have seen a REAL Virus "In the wild" in at least 8 years.

    This is coming from me, who used to collect them. I know it's a weird thing to collect and all that, but I used to collect Viruses. And other than the few I still have backed up, I've not seen one in a long time.

    Now, after you've thought about this and answered my question, think about this:

    When is the last time you saw a Worm? When is the last time you read about one?

    When is the last time you heard something about, or, had to deal with yourself, some type of Malware, Spyware, or other Malicious Code that wasn't a real Virus?

    Why am I asking? Because I can bet that about 100% of you are going to say the same damn thing; You haven't seen a real virus in some time now, but you may have read about a Worm making the rounds, and you all have probably had to deal with Spyware, Malware, Adware, and other annoyances.

    Again, this is one reason that I can say, within the next few years, AV companies are going to have to either start doing more than one product, or sink.

    I don't think it's ANY Coincidence that Norton and Mcafee all make "Internet Security Suites" and no longer sell JUST Anti Virus Software much anymore.

    The Market for pure AV software, is dying out. And I will state here and now; Within 5 years, we probably won't even see it on the Shelf anymore.

    I DO think that Norton and McAfee will continue their Internet Security Suites that bundle their shitty Anti Virus Software along with Spyware and Root Kit Scanners, along with the Identity Theft Protection, and Firewalls they do already, but I don't think the AV itself will last the decade.

    The only reason I have AVG installed, which, again, that's an Anti Virus Product, but my reasons for having it outside of my testing, is that it can check for Root Kits, and it can check for Tracking Cookies.

    I use Spybot for the same reasons basically. The reason I have both installed on my one, and only one Windows Partition, is that I'm a dude, and so I just might sometimes be on Web Sites that could infect my machine with something, and I'd like to prevent that lol.

    Anyway, this Computer I'm typing this message from, has Windows 7 Home Premium 64 bit edition, and Slackware, in a dual boot scenario. I boot Windows up basically to play a few games I can't play on anything else.

    All the REAL work I do, is done on BSD and Linux. I make music too, but I do all of that on BSD or Linux.

    Anyway, I still say, that in the very near future, we won't see AV much anymore. They're going to have to keep up with the times and do more than just that, or, sink.

    Hell, I can take the FreeBSD 8.2-RELEASE installation I did not long ago, and install ClamAV on it, but really, other than using it for a Mail Server I could set up, it only really checks for Windows Viruses.

    I'm looking forward to a day where someone out there invents a Program that will allow you to play ALL games on Linux and BSD. Then, I can finally say I have no use for Windows.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  3. #23
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Quote Originally Posted by ua549 View Post

    Do you lock you house? Door locks are not secure so why have them?

    Do you leave the keys in your car? They aren't very effective so why bother to remove them?
    Those are just annoying deterrents. If a criminal wants something, especially in computing, they will have it. If you believe that a bastion host protects you, I have a stockpile of bridges that you can buy. Same goes for AV. It only stops stupid. Nothing more.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #24
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Quote Originally Posted by thehorse13 View Post
    Those are just annoying deterrents. If a criminal wants something, especially in computing, they will have it. If you believe that a bastion host protects you, I have a stockpile of bridges that you can buy. Same goes for AV. It only stops stupid. Nothing more.
    Fair enough, but wouldnt you rather be protected against stupid? Anyhow I am interested in your insight , please share more. What do you use? Firewalls, IDS / IPS?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  5. #25
    Senior Member
    Join Date
    Mar 2008
    Posts
    262
    IMO firewalls, IDS and IPS are anti-virus/anti-malware components.

    This argument is solely about semantics, not functional protection.

    Everyone protects their network in some fashion.

  6. #26
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Quote Originally Posted by ua549 View Post
    IMO firewalls, IDS and IPS are anti-virus/anti-malware components.

    This argument is solely about semantics, not functional protection.

    Everyone protects their network in some fashion.
    ok, lets move abit off topic ... how does everyone protect their networks? No need to go vastly into detail, but if you choose to not use AV I would like to know what you use to counter not having it.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  7. #27
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Semantics? lol. That's pretty cute.

    My functional protection resides in cloud architecture with "functional protection" baked into the SLA from the vendor. They are much better at data centric protection than you and I combined.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #28
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Well, I don't think that there are many organisations of any size that don't run an AV product, and I don't think that there are that many admins who think that they do much good. They are a CYA insurance policy, or as TH puts it: they let you check a box on a security questionnaire.

    True security comes from policies and their enforcement by whatever means.

    User education is a good start, but unfortunately is something of a Holy Grail in many cases.

    TH mentions 18% which I am guessing includes all forms of attack? I do recall posting on here quite a while back about a UK security outfit who hired coders to write around 3500 new and obfuscated malwares. These were items that you would reasonably expect an AV to detect.

    They then tested against 10 of the most common AVs and I don't think that any got more than 50% and most were under 30%.

    Traditional AV is hindered in that it is reactive and retrospective, and looks for the malicious code of traditional malware. These days malware isn't so much what it is, but what it does. These are the days of cybercriminals, the days of lulz are pretty much over.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #29
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Quote Originally Posted by nihil View Post
    Well, I don't think that there are many organisations of any size that don't run an AV product, and I don't think that there are that many admins who think that they do much good. They are a CYA insurance policy, or as TH puts it: they let you check a box on a security questionnaire.

    True security comes from policies and their enforcement by whatever means.

    User education is a good start, but unfortunately is something of a Holy Grail in many cases.

    TH mentions 18% which I am guessing includes all forms of attack? I do recall posting on here quite a while back about a UK security outfit who hired coders to write around 3500 new and obfuscated malwares. These were items that you would reasonably expect an AV to detect.

    They then tested against 10 of the most common AVs and I don't think that any got more than 50% and most were under 30%.

    Traditional AV is hindered in that it is reactive and retrospective, and looks for the malicious code of traditional malware. These days malware isn't so much what it is, but what it does. These are the days of cybercriminals, the days of lulz are pretty much over.
    User education doesn't work. In fact, the higher up in the organizational chart that the person resides, the greater frequency of problems you will have. I've seen this first hand. The standing argument is that it only takes one successful attack for the entire notion of user education to go down the toilet.

    AV is simply a dated checkbox that poorly written legislation requires. It is the sole reason it remains in my environments.

    The statistic comes from all types of attacks, including trojans and root kits, which strangely get omitted from the stats produced by AV vendors. That's a pretty nasty trick if you ask me. I setup my own testing and it lines up perfectly with professionals around the globe who took part in this unpublished study. We knew better than to release the results because corporations are not interested in the truth, they're interested in profit. We shared the knowledge with select security pros around the globe. Those who need to know were provided with the results.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #30
    Senior Member
    Join Date
    Mar 2008
    Posts
    262
    Quote Originally Posted by Cider View Post
    ok, lets move abit off topic ... how does everyone protect their networks? No need to go vastly into detail, but if you choose to not use AV I would like to know what you use to counter not having it.
    I retired in the 90's and my personal site is a Windows site with some embedded Android and *nix devices thrown in. Before I retired my client sites - all very large - were typically composed of Unisys and IBM mainframes with Sun and HP servers attached. There were some Windows servers and Windows PC's were at the user level. AV software was so dysfunctional that it was not used. At many of my client sites the following was in place.
    * WAN Access Control
    Access was controlled in both directions using a combination of bastion hosts and radius servers.
    A callback system was used with dial-up and sat phones.
    * LAN and Application Access Control
    Access was controlled by mac address, IP, S/Key and/or SecurID.
    Application passwords were centrally assigned and expired frequently.
    * PC/Workstation Control
    Access to all resources was logged and audited for policy compliance.
    Removable media and external ports were disabled.
    All devices were hard wired to the LAN.
    * User Control
    Each user was vetted according to policies applicable to their position.
    Each user agreed in writing to follow all policies and was given initial access codes, passwords, access devices, etc.
    Policy violations resulted in immediate, non-discretionary dismissal.
    I'm sure that most of the policies from the 80's and 90's are still in use. The only difference is the technology used to enforce those policies.

    Back then most threats were perceived to be from internal sources so that is where the money was spent. Today external threats are deemed more dangerous. Last week I discovered that a domain in Fuzhou, Fujian, China was using one or more of Internet.com's IP addresses for some unknown purpose. That issue was handled by IT.

    A "one size fits all" approach to IT security doesn't work. The use of anti-virus/anti-malware devices and software is inexpensive and simply another tool in the network security toolbox.

Similar Threads

  1. Windows and lack of Email and Media clients
    By gore in forum Operating Systems
    Replies: 13
    Last Post: May 29th, 2009, 06:11 PM
  2. May 06 security patches
    By mohaughn in forum Microsoft Security Discussions
    Replies: 9
    Last Post: May 13th, 2006, 11:17 PM
  3. Replies: 6
    Last Post: October 5th, 2004, 09:26 AM
  4. Windows 2003 Server Vulnerability
    By warl0ck7 in forum Microsoft Security Discussions
    Replies: 7
    Last Post: August 14th, 2003, 01:23 PM
  5. OS History and other info.
    By Remote_Access_ in forum Security Archives
    Replies: 9
    Last Post: January 12th, 2002, 03:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •