Security Basics mailing list archives
Re: Anti-Virus Updates - How?
From: "George J. Jahchan" <securityfocus () compucenter org>
Date: Sun, 02 Aug 2009 09:04:12 +0300
If you configure your AV to report suspect files and notify the administrators, you should be safe against systems or files being trashed should your AV vendor release a faulty signature update. This approach requires vigilance on the part of both the administrators and the users. This is also the recommended setting if you are enabling heuristics, and deep scanning - both of which are prone to false positives. AV should be one of several measures to mitigate the risk of being infected by malware. You should have an arsenal of independent measures in place for a strong anti-malware posture (defense in depth concept). Any one measure, no matter how "strong" is bound to fail or end up being circumvented at some point or another. When that happens, you better have secondary (independent) measures in place to mitigate the risk of infection, or if it is unavoidable - limit the damage. Try to prevent first, if that does not work, then rely on detection and response. IMHO the human factor can be a great asset in any security strategy, or a &^%$#@! curse. Humans are also the most unpredictable factor. -----Original Message----- From: Francois Yang <francois.y () gmail com> Cc: security-basics () securityfocus com Subject: Re: Anti-Virus Updates - How? Date: Mon, 13 Jul 2009 12:48:26 -0500 In the past I've setup the a group of power users to get the updates first then everyone else a day after. The hope was for the power users to let you know if something went wrong with the update. This setup might or might not work for you, but you could consider doing something similar. Frank On Fri, Jul 10, 2009 at 9:49 AM, Ian Bradshaw<ian () ianbradshaw net> wrote:
Hi, Just wondering if anyone has a plan for deployment of AV updates? There have been a couple of AV updates that have trashed systems recently (one from CA and one from McAfee). Neither of these have affected me (fortunately) but we do have all our systems set to update to the latest definitions - so guess it will happen at some point. The problem is, in a small IT department (4 staff with ~5,000 pcs/laptops over 10 geographic locations - we don't have much spare time!), what is the best way to deploy AV updates? Given the number of updates sent out, it's not feasible to test them all when they are released. So, leave auto-update on or hold back and test say once a week and update then, or what? Any thoughts? / how do people do it at the moment? Cheers I. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Fwd: Anti-Virus Updates - How? Captain Bock (Aug 04)
- <Possible follow-ups>
- Re: Anti-Virus Updates - How? George J. Jahchan (Aug 04)
- nmap script feature Youngquist, Jason R. (Aug 05)
- Re: Anti-Virus Updates - How? Chris Brenton (Aug 05)