[Full-disclosure] Re: Av, spyware, ddl trojan assesment
From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: Fri, 23 Sep 2005 14:21:14 +1200 To: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
Sherwyn Williams wrote:
> Hey list, I know this is not a how to protect your pc list. But I would
> like to know what are some good AV, spyware, adware, and software
> firewalls to use. I have to come up with a plan for a few of my clients
> who are always being infected.
If your clients really are "always being infected" then none of these
reactive, updated-to-detect/handle-the-thing-after-the-event approaches
will actually help your clients much.
If they really are "always being infected" then the problem is that
they [double-]click on pretty much everything.
If they really are "always being infected" then their behaviour and
belief-sets are the problem, not the brand choice of anti-
<whatever>ware is installed (or not) on their PCs.
If they really are "always being infected" then they will continue to
get infected regardless of which brand[s] of anti-<whatever>ware you
install because they will continue to keep giving the new <whatever>s
free reign on their machines before the recommended anti-<whatever>ware
has been updated to detect/intercept/handle/block these new versions.
Reactive solutions such as you have asked for recommendations for are
continually sidestepped/deactivated/bypassed by new <whatever>s
because, BY DESIGN, those reactive "solutions" let the bad guy play
If your clients really are "always being infected" then they will
continue to "always be infected" so long as they are allowed to use
computers that trivially allow them to run arbitrary code from
There is, today, no really useful anti-
arbitrary_code_from_unauthorized_sources-ware, so you are stuck with
clients that will always be infected.
> All help is welcome.
-- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3267092 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/