[Full-disclosure] Re: Av, spyware, ddl trojan assesment

From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 09/23/05

  • Next message: Kartik.Trivedi_at_Foundstone.com: "[Full-disclosure] OWASP SoCal Chapter Meeting - Sept 27, 2005"
    Date: Fri, 23 Sep 2005 14:21:14 +1200
    To: pen-test@securityfocus.com, bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
    
    

    Sherwyn Williams wrote:

    > Hey list, I know this is not a how to protect your pc list. But I would
    > like to know what are some good AV, spyware, adware, and software
    > firewalls to use. I have to come up with a plan for a few of my clients
    > who are always being infected.

    If your clients really are "always being infected" then none of these
    reactive, updated-to-detect/handle-the-thing-after-the-event approaches
    will actually help your clients much.

    If they really are "always being infected" then the problem is that
    they [double-]click on pretty much everything.

    If they really are "always being infected" then their behaviour and
    belief-sets are the problem, not the brand choice of anti-
    <whatever>ware is installed (or not) on their PCs.

    If they really are "always being infected" then they will continue to
    get infected regardless of which brand[s] of anti-<whatever>ware you
    install because they will continue to keep giving the new <whatever>s
    free reign on their machines before the recommended anti-<whatever>ware
    has been updated to detect/intercept/handle/block these new versions.

    Reactive solutions such as you have asked for recommendations for are
    continually sidestepped/deactivated/bypassed by new <whatever>s
    because, BY DESIGN, those reactive "solutions" let the bad guy play
    first.

    If your clients really are "always being infected" then they will
    continue to "always be infected" so long as they are allowed to use
    computers that trivially allow them to run arbitrary code from
    unauthorized sources.

    There is, today, no really useful anti-
    arbitrary_code_from_unauthorized_sources-ware, so you are stuck with
    clients that will always be infected.

    > All help is welcome.

    My pleasure...

    -- 
    Nick FitzGerald
    Computer Virus Consulting Ltd.
    Ph/FAX: +64 3 3267092
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/
    

  • Next message: Kartik.Trivedi_at_Foundstone.com: "[Full-disclosure] OWASP SoCal Chapter Meeting - Sept 27, 2005"

    Relevant Pages

    • Re: CA error and desperate for a solution.
      ... >When not using AD enrollment cannot be done from MMC. ... >> W2k clients too. ... >> as well as SP3 on both server and client. ... >> have AD) in accordance with Micsrosoft recommendations. ...
      (microsoft.public.platformsdk.security)
    • Re: Need inexpensive floodlight alternative
      ... and if prospective clients don't have electric power turned on ... will keep all your recommendations at hand, but until I learn the ropes on ... that I may be "switching gears". ... These work lights would have been a recommendation most everyone ...
      (rec.video.production)
    • Re: Voice Chat
      ... On Tue, 2005-03-15 at 10:38 -0600, Jacob S wrote: ... > I'm looking for some recommendations on a good voice chat program. ... > clients will be Sarge, to start, though I may add an OS X client later. ...
      (Debian-User)
    • NAS storage recommendations
      ... I'm looking for recommendations for NAS storage systems, ... The environment isn't large, probably 100-150 clients, and probably only a few ...
      (SunManagers)
    • Re: Voice Chat
      ... > I'm looking for some recommendations on a good voice chat program. ... > clients will be Sarge, to start, though I may add an OS X client later. ... support IAX like FWD does, ...
      (Debian-User)