PaulDotCom mailing list archives
Pauldotcom Digest, Vol 20, Issue 10
From: lazydj98 at gmail.com (Joshua Smith)
Date: Wed, 26 May 2010 12:54:57 -0400
Kaspersky has a good detection rate (so I'm told), but has, ummm, some undesirable features. I can't elaborate, but those in the intelligence community are not fond of it... On Thu, May 13, 2010 at 8:00 AM, <pauldotcom-request at mail.pauldotcom.com>wrote:
Send Pauldotcom mailing list submissions to pauldotcom at mail.pauldotcom.com To subscribe or unsubscribe via the World Wide Web, visit http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom or, via email, send a message with subject or body 'help' to pauldotcom-request at mail.pauldotcom.com You can reach the person managing the list at pauldotcom-owner at mail.pauldotcom.com When replying, please edit your Subject line so it is more specific than "Re: Contents of Pauldotcom digest..." Thank you for subscribing to the PaulDotCom Mailing list digest. Please visit our site, http://pauldotcom.com, for more hacking entertainment. Today's Topics: 1. Re: Corporate AV suggestions (Gregory Baker) 2. Re: Corporate AV suggestions (Raffi Jamgotchian) 3. Re: Corporate AV suggestions (Michael Salmon) 4. Re: windows7 hardening checklist (Jody & Jennifer McCluggage) 5. Re: Corporate AV suggestions (Francois Lachance) 6. Encrypted Disks (Grymoire) 7. Corporate AV (Grymoire) 8. Re: Corporate AV suggestions (Chris Keladis) 9. Re: Corporate AV suggestions (Chris Keladis) 10. Re: Corporate AV suggestions (Raffi Jamgotchian) 11. Re: Corporate AV suggestions (xgermx) 12. HTTPS Question (Craig Freyman) 13. Sniffer Options (Michael Allen) 14. Re: Sniffer Options (Will Metcalf) 15. Re: Sniffer Options (Matt Nelson) 16. Non-fiction audio books for the hacker type (Adrian Crenshaw) 17. Re: HTTPS Question (Bacon Zombie) ---------------------------------------------------------------------- Message: 1 Date: Wed, 12 May 2010 02:54:50 -0700 (PDT) From: Gregory Baker <travelingregbaker at yahoo.com> Subject: Re: [Pauldotcom] Corporate AV suggestions To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Message-ID: <162027.92991.qm at web30801.mail.mud.yahoo.com> Content-Type: text/plain; charset=us-ascii Sorry for the tardy reply - traveling. A vote for a very effective solution worth a looksee is Sunbelt's Vipre Enterprise. We just transitioned 1100 nodes and are very happy. The footprint is 1/3 of SAV 11.x and 1/4 of Sophos and its catching everything. The beancounters loved the lower license fees. --- On Tue, 5/11/10, xgermx <xgermx at gmail.com> wrote:From: xgermx <xgermx at gmail.com> Subject: [Pauldotcom] Corporate AV suggestions To: "PaulDotCom Security Weekly Mailing List" <pauldotcom at mail.pauldotcom.com>Date: Tuesday, May 11, 2010, 9:32 AM So, it's license renewal time for our A/V and I'm open for suggestions/recommendations/horror stories. (I'll be covering roughly 500 Windows based machines). _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com------------------------------ Message: 2 Date: Wed, 12 May 2010 07:15:15 -0400 From: Raffi Jamgotchian <raffi at flossyourmind.com> Subject: Re: [Pauldotcom] Corporate AV suggestions To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Message-ID: <511D51EC-5E23-4C41-BA5B-F9C28698740B at flossyourmind.com> Content-Type: text/plain; charset=us-ascii I like Sophos and Panda. On May 11, 2010, at 3:14 PM, xgermx wrote:Thanks for all of the replies. If anyone else has info, feel free toshare.On Tue, May 11, 2010 at 1:45 PM, Pommerening, Jeremy <jpommerening at symbion.com> wrote:I was having an issue with Sophos not catching Fake-AV too until Iturned on HIPS. I'm catching most of it now with HIPS. Environment is approx 1000 nodes. I will agree that the online database is slim but I'm much happier than when we used Symantec EP. As a bonus Sophos includes a lot of functionality at no extra cost with Data Control (DLP) and Device Control.Jeremy Pommerening MGR, Information Security Symbion, Inc. 615-234-8912 Direct 615-429-6883 BB GIAC - GCFA,GPEN, GAWN & GCFW, GIAC Advisory Board Member MCSE Win2K, MCSE NT4, CompTia SERVER+, HP APS -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Josh LittleSent: Tuesday, May 11, 2010 12:15 PM To: pauldotcom at mail.pauldotcom.com Subject: Re: [Pauldotcom] Corporate AV suggestions I'm on the fence regarding our Sophos EP distribution. I have a feeling that it is a little less resource intensive on the clients than the Symantec 10 system we replaced, but not by a whole lot. Logging and reporting isn't that strong, especially if you are looking at offloading events to a SIM or centralized log collector. Their online database of threats is very slim on information, especially when compared with Symantec's offering at http://www.sarc.com . It also doesn't deal very well with fast morphing threats like the rash of fake security products that have blown up in the last year. Almost all of the incidents I respond to are fake AV crap. The management console is still fairly nice, beyond being weak with reporting. One strong point is deployment - it was very easy to deploy out using SMS. Hope that helps... ZT On 5/11/2010 9:42 AM, Pommerening, Jeremy wrote:I've been very pleased with Sophos Endpoint protection both from apricing perspective and support perspective.Jeremy Pommerening MGR, Information Security Symbion, Inc. 615-234-8912 Direct 615-429-6883 BB GIAC - GCFA,GPEN, GAWN & GCFW, GIAC Advisory Board Member MCSE Win2K, MCSE NT4, CompTia SERVER+, HP APS -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of xgermxSent: Tuesday, May 11, 2010 8:33 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] Corporate AV suggestions So, it's license renewal time for our A/V and I'm open for suggestions/recommendations/horror stories. (I'll be covering roughly 500 Windows based machines). _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Disclaimer: The email and files transmitted with it are confidentialand are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for the delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you received this email in error, please delete it from your system without copying it, and notify the sender by reply email so that our address record can be corrected. Thank you. Symbion, Inc._______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Disclaimer: The email and files transmitted with it are confidential andare intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for the delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you received this email in error, please delete it from your system without copying it, and notify the sender by reply email so that our address record can be corrected. Thank you. Symbion, Inc._______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com------------------------------ Message: 3 Date: Tue, 11 May 2010 23:09:25 -0400 From: Michael Salmon <lonestarr13 at gmail.com> Subject: Re: [Pauldotcom] Corporate AV suggestions To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Message-ID: <AANLkTiltylLqQgmZEzyg2JgZZ1TybSy8qLX5hNYpWR4T at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" My previous environment was McAfee w EPO. It was pretty good and the client wasn't a not a huge resource hog. It did catch a lot of malware, but it also let in the fake A/V. Now my current environment has SEP, I'm not that happy with it personally. The client seems to be a resource hog and it seems worse at catching fake a/v than Mcafee. What about Malwarebytes corporate? I haven't really looked into it but the free scanner seems better than Mcafee and Norton. On May 11, 2010 9:18 PM, "Matt Nelson" <mattnels at gmail.com> wrote: I've got to put a vote in for McAfee w/ ePO for the central console. The reporting capability is great and it has functionality beyond the Virus Scan product. It comes with Rogue System detection capability, and you can set up Agent Handlers in segmented networks for central management without punching tons of holes through the firewall. You can use it as a quasi network inventory tool, with Rogue System detection, it will detect and record all the devices that it finds. You can then tag the systems with whatever Tag you want. (i.e. router, or bob's machine) -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounce... So, it's license renewal time for our A/V and I'm open for suggestions/recommendations/horror storie... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100511/30b5e64a/attachment.html ------------------------------ Message: 4 Date: Wed, 12 May 2010 06:52:28 -0400 From: "Jody & Jennifer McCluggage" <j2mccluggage at adelphia.net> Subject: Re: [Pauldotcom] windows7 hardening checklist To: "'PaulDotCom Security Weekly Mailing List'" <pauldotcom at mail.pauldotcom.com> Message-ID: <000701caf1c1$375749d0$a605dd70$@adelphia.net> Content-Type: text/plain; charset="us-ascii" Don't forget to check out resources from the manufacturer itself. Microsoft has a free tool called the Microsoft Security Compliance Manager (http://technet.microsoft.com/en-us/library/cc677002.aspx). You can import baselines for several of its products and OSs, including Windows 7. The Win 7 baseline includes a "Windows 7 Security Guide Doc" and several different group policy templates covering different scenarios. This is a great tool for getting started on building a group policy baseline. Though not perfect, to be fair, Microsoft has put a lot of effort the past several years into better securing their products. Sometimes I think they do not get the credit they deserve on that front. Jody From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Juan Cortes Sent: Tuesday, May 11, 2010 2:08 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] windows7 hardening checklist This awsome i was bout ask the same question. Gotta love the mailing list. On May 11, 2010 12:53 PM, "Tidball, Christopher" <Christopher.Tidball at qwest.com> wrote: You might want to check out the Center for Internet Security (http://cisecurity.org/en-us/?). They provide hardening benchmarks for many OS including Windows 7. Chris _____ From: pauldotcom-bounces at pdc-mail.pauldotcom.com [mailto:pauldotcom-bounces at pdc-mail.pauldotcom.com] On Behalf Of Andrew Anderson Sent: Tuesday, May 11, 2010 11:01 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] windows7 hardening checklist Anyone have suggestions re: checklist, framework, or other gotchas when it comes to hardening Window... _____ This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100512/0b4c6aa4/attachment-0001.htm ------------------------------ Message: 5 Date: Tue, 11 May 2010 20:33:35 -0600 From: Francois Lachance <digitallachance at gmail.com> Subject: Re: [Pauldotcom] Corporate AV suggestions To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Message-ID: <AANLkTinbvTokXfq1mZjoyMqdi6Zdu1keJfZ23oKq34e6 at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Yes, we have put AV on the Macs of our creative team. The rest of the enterprise is running Windows, and of course they too have AV. The developers have the same complaint, but they are on Windows. Bottom line, no matter what AV you put on, it will impact performance (some AV are worst than other, of course). AV is a necessary evil, because we don't have anything that is clearly better yet (unless you want to implement application whitelisting, but that has its own set of problems I hear). On Tue, May 11, 2010 at 6:54 PM, Matthew Perry <mlperry at gmail.com> wrote:Is anyone running AV on macs in their enterprise? I am at a softwareshopand the developers claim that McAfee is really slowing down their compile times. On Tue, May 11, 2010 at 4:17 PM, leslie l <enlight2k at hotmail.com> wrote:I have been happy with LANDesk AV which uses the Kaspersky engine.Date: Tue, 11 May 2010 14:14:48 -0500 From: xgermx at gmail.comTo: pauldotcom at mail.pauldotcom.com Subject: Re: [Pauldotcom] Corporate AV suggestions Thanks for all of the replies. If anyone else has info, feel free toshare.On Tue, May 11, 2010 at 1:45 PM, Pommerening, Jeremy <jpommerening at symbion.com> wrote:I was having an issue with Sophos not catching Fake-AV too until Iturned on HIPS. I'm catching most of it now with HIPS. Environment is approx 1000 nodes. I will agree that the online database is slim butI'mmuch happier than when we used Symantec EP. As a bonus Sophos includesalot of functionality at no extra cost with Data Control (DLP) and Device Control.Jeremy Pommerening MGR, Information Security Symbion, Inc. 615-234-8912 Direct 615-429-6883 BB GIAC - GCFA,GPEN, GAWN & GCFW, GIAC Advisory Board Member MCSE Win2K, MCSE NT4, CompTia SERVER+, HP APS -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Josh LittleSent: Tuesday, May 11, 2010 12:15 PM To: pauldotcom at mail.pauldotcom.com Subject: Re: [Pauldotcom] Corporate AV suggestions I'm on the fence regarding our Sophos EP distribution. I have afeelingthat it is a little less resource intensive on the clients than the Symantec 10 system we replaced, but not by a whole lot. Logging and reporting isn't that strong, especially if you are looking atoffloadingevents to a SIM or centralized log collector. Their online databaseofthreats is very slim on information, especially when compared with Symantec's offering at http://www.sarc.com . It also doesn't dealverywell with fast morphing threats like the rash of fake securityproductsthat have blown up in the last year. Almost all of the incidents I respond to are fake AV crap. The management console is still fairly nice, beyond being weak with reporting. One strong point isdeployment-it was very easy to deploy out using SMS. Hope that helps... ZT On 5/11/2010 9:42 AM, Pommerening, Jeremy wrote:I've been very pleased with Sophos Endpoint protection both from apricing perspective and support perspective.Jeremy Pommerening MGR, Information Security Symbion, Inc. 615-234-8912 Direct 615-429-6883 BB GIAC - GCFA,GPEN, GAWN & GCFW, GIAC Advisory Board Member MCSE Win2K, MCSE NT4, CompTia SERVER+, HP APS -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of xgermxSent: Tuesday, May 11, 2010 8:33 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] Corporate AV suggestions So, it's license renewal time for our A/V and I'm open for suggestions/recommendations/horror stories. (I'll be coveringroughly500 Windows based machines). _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Disclaimer: The email and files transmitted with it areconfidentialand are intended solely for the use of the individual or entity to whomtheyare addressed. If you are not the original recipient or the person responsible for the delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you received this email in error, please delete it fromyoursystem without copying it, and notify the sender by reply email so thatouraddress record can be corrected. Thank you. Symbion, Inc._______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Disclaimer: The email and files transmitted with it are confidentialand are intended solely for the use of the individual or entity to whomtheyare addressed. If you are not the original recipient or the person responsible for the delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you received this email in error, please delete it fromyoursystem without copying it, and notify the sender by reply email so thatouraddress record can be corrected. Thank you. Symbion, Inc._______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Matthew Perry _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100511/354f5b10/attachment-0001.htm ------------------------------ Message: 6 Date: Wed, 12 May 2010 09:05:18 -0400 From: Grymoire <pauldotcom at grymoire.com> Subject: [Pauldotcom] Encrypted Disks To: <pauldotcom at pdc-mail.pauldotcom.com> Message-ID: <201005121305.o4CD5ICm001210 at mail.grymoire.com> I, too, am skeptical of any encrypted drive with a software driver. There is an alternative. I have used Apricorn Aegis Padlock. The key is entered on a keypad on the disk itself. No software needed. Workds for Windows, Max, Linux. AES encryption. 10 different passwords, and an account manager - built into the disk itself. If you forget the master password, you can reset it, and say goodbye to the data as well. Practical. http://www.apricorn.com/product_detail.php?type=family&id=58 $189 for 640GB w/AES-256, Save $20 if you will settle for AES-128. If you want a secure portable SSD, that's $779 for 256GB. The only problem I had was when I powered it with a single USB cable., They provide a Y-cable to get juice from two USB ports. Works. I think the new IronKey has a Linux driver. But that's not a disk, just flash. They do have their heads screwed on right. That would be my second choice. ------------------------------ Message: 7 Date: Wed, 12 May 2010 09:04:26 -0400 From: Grymoire <pauldotcom at grymoire.com> Subject: [Pauldotcom] Corporate AV To: <pauldotcom at pdc-mail.pauldotcom.com> Message-ID: <201005121304.o4CD4Q9d001122 at mail.grymoire.com> My HUGE unnamed company choose Sophos. I'm just a user (my IT work was 20 years ago, when our building had 1000 Sun workstations). Sophos updates the signatures inside and outside the corporate network, so clients are frequently updated several times a day, wherever they are. If I didn't also install Secunia PSI, I'd not notice the updates. ------------------------------ Message: 8 Date: Thu, 13 May 2010 00:00:49 +1000 From: Chris Keladis <ckeladis at gmail.com> Subject: Re: [Pauldotcom] Corporate AV suggestions To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Message-ID: <AANLkTiky0TvxAJ2ST6SSUrDtDBwPAB36FV18QdJG9qKZ at mail.gmail.com> Content-Type: text/plain; charset=UTF-8 Argh.. Damn keyboard of new PC :) Anyway. As i was saying, last i checked (a few years ago) their engine could unpack most packers used, to find re-packed variants, etc.. But as i said, i've never used it in an enterprise setting. It's long been my fave tho. Chris. On Wed, May 12, 2010 at 11:55 PM, Chris Keladis <ckeladis at gmail.com> wrote:Kaspersky have a good engine. Never used it in an enterprise setuphowever.Last i checked ( On Tue, May 11, 2010 at 11:32 PM, xgermx <xgermx at gmail.com> wrote:So, it's license renewal time for our A/V and I'm open for suggestions/recommendations/horror stories. (I'll be covering roughly 500 Windows based machines). _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com------------------------------ Message: 9 Date: Wed, 12 May 2010 23:55:51 +1000 From: Chris Keladis <ckeladis at gmail.com> Subject: Re: [Pauldotcom] Corporate AV suggestions To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Message-ID: <AANLkTikLUB8lVlCXMXB5H1qs-AntuZzjQ7o6iY8Wqzgt at mail.gmail.com> Content-Type: text/plain; charset=UTF-8 Kaspersky have a good engine. Never used it in an enterprise setup however. Last i checked ( On Tue, May 11, 2010 at 11:32 PM, xgermx <xgermx at gmail.com> wrote:So, it's license renewal time for our A/V and I'm open for suggestions/recommendations/horror stories. (I'll be covering roughly 500 Windows based machines). _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com------------------------------ Message: 10 Date: Wed, 12 May 2010 12:40:49 -0400 From: Raffi Jamgotchian <raffi at flossyourmind.com> Subject: Re: [Pauldotcom] Corporate AV suggestions To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Message-ID: <137036D8-FFA1-4C34-822F-553BA0CA7CC9 at flossyourmind.com> Content-Type: text/plain; charset=us-ascii I used Vipre but it was a resource hog in the past and once took out all of the essential Thinkpad drivers (similar to the recent McAfee fiasco). One of my coleagues just replaced Vipre with Trend and found a bunch of previously unrecognized malware. Guess what, they all suck at some point. get the one that is the lightest weight on your machines and the easiest to manage and maintain. On May 12, 2010, at 5:54 AM, Gregory Baker wrote:Sorry for the tardy reply - traveling. A vote for a very effectivesolution worth a looksee is Sunbelt's Vipre Enterprise. We just transitioned 1100 nodes and are very happy. The footprint is 1/3 of SAV 11.x and 1/4 of Sophos and its catching everything. The beancounters loved the lower license fees.--- On Tue, 5/11/10, xgermx <xgermx at gmail.com> wrote:From: xgermx <xgermx at gmail.com> Subject: [Pauldotcom] Corporate AV suggestions To: "PaulDotCom Security Weekly Mailing List" <pauldotcom at mail.pauldotcom.com>Date: Tuesday, May 11, 2010, 9:32 AM So, it's license renewal time for our A/V and I'm open for suggestions/recommendations/horror stories. (I'll be covering roughly 500 Windows based machines). _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com------------------------------ Message: 11 Date: Wed, 12 May 2010 14:52:38 -0500 From: xgermx <xgermx at gmail.com> Subject: Re: [Pauldotcom] Corporate AV suggestions To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Message-ID: <AANLkTinx9CkSiUaqDyRDq6sMOHdxugtDBsUkEYDjNhtO at mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Thanks for all of the replies. I'll be demoing Sophos in a few days. On Wed, May 12, 2010 at 11:40 AM, Raffi Jamgotchian <raffi at flossyourmind.com> wrote:I used Vipre but it was a resource hog in the past and once took out allof the essential Thinkpad drivers (similar to the recent McAfee fiasco). One of my coleagues just replaced Vipre with Trend and found a bunch of previously unrecognized malware.Guess what, they all suck at some point. get the one that is the lightestweight on your machines and the easiest to manage and maintain.On May 12, 2010, at 5:54 AM, Gregory Baker wrote:Sorry for the tardy reply - traveling. A vote for a very effectivesolution worth a looksee is Sunbelt's Vipre Enterprise. We just transitioned 1100 nodes and are very happy. The footprint is 1/3 of SAV 11.x and 1/4 of Sophos and its catching everything. The beancounters loved the lower license fees.--- On Tue, 5/11/10, xgermx <xgermx at gmail.com> wrote:From: xgermx <xgermx at gmail.com> Subject: [Pauldotcom] Corporate AV suggestions To: "PaulDotCom Security Weekly Mailing List" <pauldotcom at mail.pauldotcom.com>Date: Tuesday, May 11, 2010, 9:32 AM So, it's license renewal time for our A/V and I'm open for suggestions/recommendations/horror stories. (I'll be covering roughly 500 Windows based machines). _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com------------------------------ Message: 12 Date: Wed, 12 May 2010 14:41:30 -0600 From: Craig Freyman <craigfreyman at gmail.com> Subject: [Pauldotcom] HTTPS Question To: Pauldotcom at mail.pauldotcom.com Message-ID: <AANLkTimxRxvQj4Zj3Bfz_P5-ghgnDbkeGqY9Jk_jYc5G at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Is there some security benefit I am not aware of for using https connections within frames and presenting them over http to the user? This site http://webcentral.du.edu does such a thing and I don't understand why. If we spend time training people to look for https and certificate errors, why would they do this? When you click on "security information" at the bottom it says: *Is this Site Secure?* Yes, webCentral.du.edu <http://webcentral.du.edu/> uses a Security certificate provided by VeriSign. *Where is the little key or lock then?* webCentral uses frames throughout. The login page is actually a frame within a normal http: page. It is still secure, you just can't see the key or lock. Someone please enlighten me. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100512/9d2cc17d/attachment-0001.htm ------------------------------ Message: 13 Date: Wed, 12 May 2010 16:30:38 -0500 From: Michael Allen <sector876 at gmail.com> Subject: [Pauldotcom] Sniffer Options To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Message-ID: <AANLkTik0JWzH5hDUvOgvxy6ihqQkVm8lrezMvzrsgqv_ at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Hey All, Can anybody recommend a good sniffer preferably freeware that not only shows captured packets but also real time network usage. I am looking for something that is similar to Sniffer offered by the then Network Associates. It allowed real time analysis eg top 'talker' on the network by mac addy etc. I currently use Wireshark and Windump to capture/examine packets but need something with the above mentioned functionality. Any suggestions ? Much obliged. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100512/d78d175c/attachment-0001.htm ------------------------------ Message: 14 Date: Wed, 12 May 2010 16:50:26 -0500 From: Will Metcalf <william.metcalf at gmail.com> Subject: Re: [Pauldotcom] Sniffer Options To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Message-ID: <AANLkTim7xIAAo-DDI102Ua7JWNKMXsRDaJf_s16AKoH_ at mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 look at argus and ntop together they will probably do what you want. Regards, Will On Wed, May 12, 2010 at 4:30 PM, Michael Allen <sector876 at gmail.com> wrote:Hey All, Can anybody recommend a good sniffer preferably freeware that not onlyshowscaptured packets but also real time network usage. I am looking for something that is similar to Sniffer offered by the then NetworkAssociates.It allowed real time analysis eg top 'talker' on the network by mac addy etc. I currently use Wireshark and Windump to capture/examine packets but need something with the above mentioned functionality. Any suggestions ? Much obliged. _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com------------------------------ Message: 15 Date: Wed, 12 May 2010 17:12:27 -0500 From: "Matt Nelson" <mattnels at gmail.com> Subject: Re: [Pauldotcom] Sniffer Options To: "'PaulDotCom Security Weekly Mailing List'" <pauldotcom at mail.pauldotcom.com> Message-ID: <000001caf220$36315b40$a29411c0$@com> Content-Type: text/plain; charset="us-ascii" Ntop would be a good fit for this purpose and then some. ntop.org From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Michael Allen Sent: Wednesday, May 12, 2010 4:31 PM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] Sniffer Options Hey All, Can anybody recommend a good sniffer preferably freeware that not only shows captured packets but also real time network usage. I am looking for something that is similar to Sniffer offered by the then Network Associates. It allowed real time analysis eg top 'talker' on the network by mac addy etc. I currently use Wireshark and Windump to capture/examine packets but need something with the above mentioned functionality. Any suggestions ? Much obliged. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100512/e91491e1/attachment-0001.htm ------------------------------ Message: 16 Date: Wed, 12 May 2010 19:21:21 -0400 From: Adrian Crenshaw <irongeek at irongeek.com> Subject: [Pauldotcom] Non-fiction audio books for the hacker type To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Message-ID: <AANLkTimx40Kg776MieDQBici5HBhkPiCWBfjGxLWmYSr at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Hi all, A while back, I asked about good books for the hack/security loving geek. Now for something a little different. How about non-fiction audio books? For example, I liked listening to the SANS mp3s I had., and "The Hacker Crackdown" was a good book to listen to. Got anything to recommend? MP3s of classes, computer history, history of crypto, anything alike that? Thanks, Adrian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100512/e14ef1bf/attachment-0001.htm ------------------------------ Message: 17 Date: Thu, 13 May 2010 00:23:09 +0100 From: Bacon Zombie <baconzombie at gmail.com> Subject: Re: [Pauldotcom] HTTPS Question To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Message-ID: <AANLkTimlWkHxE6BP7boBHrmhGqxlpHhQQSxT3CKnxAxp at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" I ready like this function in the source code: *function keepFunction()* *{* * msg = "DO NOT REMOVE THIS FUNCTION";* *}* And to answer your question this is a really bad item. BaconZombie On 12 May 2010 21:41, Craig Freyman <craigfreyman at gmail.com> wrote:Is there some security benefit I am not aware of for using https connections within frames and presenting them over http to the user? This site http://webcentral.du.edu does such a thing and I don't understand why. If we spend time training people to look for https and certificate errors, why would they do this? When you click on "security information" at the bottom it says: *Is this Site Secure?* Yes, webCentral.du.edu <http://webcentral.du.edu/> uses a Security certificate provided by VeriSign. *Where is the little key or lock then?* webCentral uses frames throughout. The login page is actually a frame within a normal http: page. It is still secure, you just can't see thekeyor lock. Someone please enlighten me. _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100513/23ccb9ef/attachment-0001.htm ------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom End of Pauldotcom Digest, Vol 20, Issue 10 ******************************************
-- - Josh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100526/25fe7250/attachment.htm
Current thread:
- Pauldotcom Digest, Vol 20, Issue 10 Joshua Smith (May 26)