Hey catch-
What OS do you run in operations, and how strict of a policy have you put on users (in general)? They must hate you. ;)
Printable View
Hey catch-
What OS do you run in operations, and how strict of a policy have you put on users (in general)? They must hate you. ;)
A blend of:
Win2k on the desktops and a few servers
Trusted operating systems (Argus Pitbull, Trusted Solaris) on a few servers
A few high security network appliances (HYDRA, Sidewinder G2, etc)
The users has essentially the exact permissions required for their role and nothing more. We don't restrict things like internet access or anything like that.
cheers,
catch
With programs like AVG, Avast etc available for free why not have AV installed?
It's not worth taking any risk when the cost is pretty much £0
The cost is never $0.
Open source fans make the same error. Time is money, the time to install, the time to upkeep and the cost of the potential issues it might cause.
cheers,
catch
not to mention system resources, compatibility issues, etc.
I agree with XTC46 that the AV is not preventing a virus from hitting your sys but rather detect and destroy viruses that have been attained your sys, so there is a big difference between prevention applications and aftermath reconstruction applications ...................
Common sense plays a role in the prevention arena ONLY. For instance, it is not, to certain folks, common to download files and attachment from an unknown sources, whilst the opposite is common for the majority of people. It is also common sense not to conduct the normal application on an admin account, like navigating the internet and executing .exe files, again the rest are executing everything on the admin account .... that leads to an aftermath and havoc ... For this kind of people an AV is as necessary as antibiotic for an infected person .... it is really vital to have an AV installed in conjunction with anti-spyware and a well-configured firewall ........ these tools can harden your immune system ....
For me I have a real-time AV activiated ... a firewall .. and anti-spyware .... I spare no effort to make them always updated .................
For unknown file types and files from unknown sources it is ALWAYS better to be skeptical .......
MY thougths
I guess I should mention that my use of AV programs vary from box to box. On my "network auditing" laptop i have no AV running, I have better uses for the CPU. On my test boxes i uninstall and reinstall depending on the current test. on my main box I have mcafee running scheduled scans but not activly scanning. I cant remember the last time I had a virus. The company I work for makes it a requirement for all systems we tend to have an uptodate AV running at all times, I agree with this becasue of the user element.
I never said it was £0 just close to it.Quote:
Open source fans make the same error. Time is money, the time to install, the time to upkeep and the cost of the potential issues it might cause.
The point I was making that the software is available for free (to the home user) the time to install and the impact on the perfomance of an average machine (ignoring Norton) carrying out average tasks is minimal compaired to the costs of cleaning up an infected system. I.E. me going to your house and charging you by the hour to clean it out.
It should be, for Joe Average, a no brainer to get the AV installed.
The cost isn't close to 0, remember, 0.00000000000000000001 is infinitely more than 0. :)
There is still a cost in the time required to install and the time required to upkeep and remember as systems increase in complexity for the same cost the decrease in assurance and consequently become less predictable and less secure.
cheers,
catch
Well catch what you need to do is spend some time in General Audit, learn how to "massage" your expense claims, gain access to the partners' stationery cupboard, and a bit of "creative accountancy".............that is where you take a six-pack to the job (you were going to drink them anyway, so there is no marginal oncost) and you charge it all to "staff hospitality".............you see...........no cost at all.......... :DQuote:
Open source fans make the same error. Time is money, the time to install, the time to upkeep and the cost of the potential issues it might cause.
OK, seriously:
My question for some time has been the effectiveness of these softwares given that they are using an old technology maybe even philosophy?
1. Pattern matching is very old conceptually; by its very definition, it is reactive and too late.
2. "Heuristics" ummm, yes, a little better, but you have to have seen it before?
3. Behavioural analysis........even better............is it "trying something"?
I am actually quite a fan of the "sandbox" concept, but even that is flawed if the malware has a "timer" in it?
My real drift is not, what about the stuff we have today................more what should we be looking for in the future?
It seems to me that current security offerings tend to be "marketing packages" rather than true solutions. The marketeers try to sell "single solutions" to a non-technical, if not gullible population? These packages are based on an historical situation, not the current IT environment.
They become more integrated, more complex, and more cumbersome.
That suggests to me that they become progressively more inefficient and more vulnerable?
So, my question is:
"If you were building a security suite from scratch, what would you have it do?"