[Full-disclosure] Re: Av, spyware, ddl trojan assesment

From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 09/23/05

  • Next message: Kartik.Trivedi_at_Foundstone.com: "[Full-disclosure] OWASP SoCal Chapter Meeting - Sept 27, 2005"
    Date: Fri, 23 Sep 2005 14:21:14 +1200
    To: pen-test@securityfocus.com, bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
    
    

    Sherwyn Williams wrote:

    > Hey list, I know this is not a how to protect your pc list. But I would
    > like to know what are some good AV, spyware, adware, and software
    > firewalls to use. I have to come up with a plan for a few of my clients
    > who are always being infected.

    If your clients really are "always being infected" then none of these
    reactive, updated-to-detect/handle-the-thing-after-the-event approaches
    will actually help your clients much.

    If they really are "always being infected" then the problem is that
    they [double-]click on pretty much everything.

    If they really are "always being infected" then their behaviour and
    belief-sets are the problem, not the brand choice of anti-
    <whatever>ware is installed (or not) on their PCs.

    If they really are "always being infected" then they will continue to
    get infected regardless of which brand[s] of anti-<whatever>ware you
    install because they will continue to keep giving the new <whatever>s
    free reign on their machines before the recommended anti-<whatever>ware
    has been updated to detect/intercept/handle/block these new versions.

    Reactive solutions such as you have asked for recommendations for are
    continually sidestepped/deactivated/bypassed by new <whatever>s
    because, BY DESIGN, those reactive "solutions" let the bad guy play
    first.

    If your clients really are "always being infected" then they will
    continue to "always be infected" so long as they are allowed to use
    computers that trivially allow them to run arbitrary code from
    unauthorized sources.

    There is, today, no really useful anti-
    arbitrary_code_from_unauthorized_sources-ware, so you are stuck with
    clients that will always be infected.

    > All help is welcome.

    My pleasure...

    -- 
    Nick FitzGerald
    Computer Virus Consulting Ltd.
    Ph/FAX: +64 3 3267092
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/
    

  • Next message: Kartik.Trivedi_at_Foundstone.com: "[Full-disclosure] OWASP SoCal Chapter Meeting - Sept 27, 2005"