Full Disclosure mailing list archives
Re: Anti virus installations on Windows servers
From: don bailey <don.bailey () gmail com>
Date: Wed, 29 Apr 2009 11:16:11 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Valdis, Being overly verbose and using a plethora of asterisks does not enhance the validity of your statement. I didn't bother reading your statement due to its unnecessary length. Simply focus less on speaking for the "community" and confine your scope to your personal opinion. Thanks. Sincerely, D Valdis.Kletnieks () vt edu wrote:
On Wed, 29 Apr 2009 10:34:55 MDT, don bailey said:Please don't speak for all security professionals. "We" do not do the same thing(s) you do. Also, it surprises me that you think Linux/OSX/etc are not virus capable.Notice I never actually mentioned an operating system. You're the one that hopped on the Linux/OSX bandwangon. ;) I never said Linux/*BSD/Solaris/etc weren't virus capable. What I *said* was that you want systems that have security designs that *already* include the things you need to stop viruses and you don't need a separate anti-virus. For example - if you have something that's creating a new executable in the /bin directory and you don't know what it is, you have a problem, whether it's a virus or somebody trying to trojan /bin/login. And once you've done whatever hardening you want to keep a hacker from trojaning /bin/login, you've *also* now stopped a virus from scribbling in /bin. It's a change in mindset - you shouldn't be thinking about "I need to stop the viruses", you should be thinking about "I need to close off the attack surfaces so they can't be used by attackers, whether they're viruses or something else". This applies to Windows too: Installing anti-virus tools that try to minimize the damage a virus can do when a user is running as Administrator is just papering over the issue - the *problem* is that the user is running as Administrator inappropriately. And lo and behold - once you deal with that issue, you no longer need a special anti-virus widget for that case. Don't think "malware types". Think "attack vectors". If you can deal with the attack vectors, the malware types become irrelevant. And if you *can't* deal with the attack vector, the malware type is *still* irrelevant - you have a hole that can be used to pwn you.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkn4i1sACgkQM8x1V+fkydNuNQCffKOukfYhMEZqwJmqKL2qJebG IVgAnR32I7cynBn7ZhbUp3f8TsrrEyl/ =v6NK -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Anti virus installations on Windows servers mbs (Apr 29)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 29)
- Re: Anti virus installations on Windows servers T Biehn (Apr 29)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 29)
- Re: Anti virus installations on Windows servers don bailey (Apr 29)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 29)
- Re: Anti virus installations on Windows servers don bailey (Apr 29)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 29)
- Re: Anti virus installations on Windows servers don bailey (Apr 29)
- Re: Anti virus installations on Windows servers Kurt Buff (Apr 29)
- Re: Anti virus installations on Windows servers T Biehn (Apr 29)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 29)
- Re: Anti virus installations on Windows servers T Biehn (Apr 29)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 29)
- Re: Anti virus installations on Windows servers T Biehn (Apr 30)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 30)