Re: Re: RE: Malware detection

[kartik.netsec () gmail com]

I guess the discussion is getting diverted into MSSE VS market leaders in AV. This is absolutely not the case. In none 
of the posts so far it is mentioned that MSSE is better than say ..XYZ. 

Few people (inc me) put a point fwd that there have been instances wherein MSSE detected a malware but market leaders 
in this particular 
technology were unable to detect the same until samples were submitted. Those instances does not actually allow MSSE to 
go neck-to-neck with market leaders as of now. (Expecting a robust MSSE in a very near future)

Sorry for the long writeup, but this is how sometimes an openion is made:

One fine day my CISO called me up and said that we were invited in CEO's office (i was like.. huh what did I do??) Once 
reached, we got to know that our CEO shared some documents to a CEO of another company (say ABC) in a USB drive. The 
CEO of ABC wrote an email to our CEO stating that a Trojan was detected in the USB drive, and they were using MSSE :D 
To add salt on our wounds, the CEO of ABC was Prime Minister's brother. 

The country where I work is geographically very small, yet it is considered as a banking hub. Small things get flashed 
in media so very quick esp when it comes to technology. So, for us the concern was more of a goodwill and integrity 
than a technology.

We called the business critical manager (AV Vendor) stating "even MSSE detected it but your AV could not. We give you 
$$$$ yearly etc". Eventually, we got the definitions after another 4-5 hours of time.

It was indeed frustrating to see on how our AV (A market leader, #1 or may be #2) failed to detect such a thing. 

I experienced such instances (against MSSE) thrice. For me, defeating my AV (A market leader for which we pay huge $$$$ 
) thrice in a year is a big thing and this is what I wanted to convey. MSSE may not be compared with market leaders as 
of now but I would never make a mistake to consider it as a piece of rubbish.

Thanks,
Kartik
CISSP, CISM

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------