Re: Anti-Virus Updates - How?

["George J. Jahchan" <securityfocus () compucenter org>]

If you configure your AV to report suspect files and notify the
administrators, you should be safe against systems or files being
trashed should your AV vendor release a faulty signature update. This
approach requires vigilance on the part of both the administrators and
the users.

This is also the recommended setting if you are enabling heuristics, and
deep scanning - both of which are prone to false positives.

AV should be one of several measures to mitigate the risk of being
infected by malware. You should have an arsenal of independent measures
in place for a strong anti-malware posture (defense in depth concept).

Any one measure, no matter how "strong" is bound to fail or end up being
circumvented at some point or another. When that happens, you better
have secondary (independent) measures in place to mitigate the risk of
infection, or if it is unavoidable - limit the damage. Try to prevent
first, if that does not work, then rely on detection and response.

IMHO the human factor can be a great asset in any security strategy, or
a &^%$#@! curse. Humans are also the most unpredictable factor.

-----Original Message-----
From: Francois Yang <francois.y () gmail com>
Cc: security-basics () securityfocus com
Subject: Re: Anti-Virus Updates - How?
Date: Mon, 13 Jul 2009 12:48:26 -0500

In the past I've setup the a group of power users to get the updates
first then everyone else a day after.
The hope was for the power users to let you know if something went
wrong with the update.
This setup might or might not work for you, but you could consider
doing something similar.

Frank

On Fri, Jul 10, 2009 at 9:49 AM, Ian Bradshaw<ian () ianbradshaw net> wrote:
> Hi,
>
> Just wondering if anyone has a plan for deployment of AV updates?
>
> There have been a couple of AV updates that have trashed systems recently
> (one from CA and one from McAfee).
>
> Neither of these have affected me (fortunately) but we do have all our
> systems set to update to the latest definitions - so guess it will happen at
> some point.
>
> The problem is, in a small IT department (4 staff with ~5,000 pcs/laptops
> over 10 geographic locations - we don't have much spare time!), what is the
> best way to deploy AV updates?
>
> Given the number of updates sent out, it's not feasible to test them all
> when they are released.
>
> So, leave auto-update on or hold back and test say once a week and update
> then, or what?
>
> Any thoughts? / how do people do it at the moment?
>
> Cheers
>
> I.
>
>
>
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------





------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------