Re: On the ultimate futility of server-based mail scanning

[David Kennedy CISSP <david.kennedy () acm org>]

At 05:07 PM 3/4/02 -0500, David F. Skoll wrote:
> Ultimately, the responsibility falls on the MUA and the end-user's OS
> vendor.  We either put secure end-user software onto the desktop, or
> we admit defeat.

I understand the complaints, but I don't admit defeat nor will I reject as
futile a solution that's working.  Server-based mail scanning has technical
limitations.  So?  If a server-based solution intercepts only 80% of the
inbound malicious code to an enterprise that still 80% less for the IS/IT
staff to worry about and 80% less for desktop scanners to catch or 80% less
for users to judge whether "new photos from my party" is a bad or good
thing.  Certainly there are ways to attack the scanner and cause a denial
of service, as there are ways to bypass some scanners.  The scanners must
keep up with the threats and so far most have.  Server-based scanning
provides a chokepoint in today's environments that is far easier to
maintain than thousands of Microsoft desktops with wide variations of
client anti-virus "solutions."

Ultimately we live with the deployed systems we have, and their
limitations.  I'm unaware of a solution available today that supports
management and user demands for "friendliness" and puts secure end-user
software on the desktop.  Server-based scanning provides a solution *today*
that, while imperfect, is manageable and effective in stopping most of the
malicious code in the wild.  "Most" is not "all," but it's a lot more than
"none."




-- 
Regards,

David Kennedy CISSP                         /"\
Director of Research Services,              \ / ASCII Ribbon Campaign
TruSecure Corp. http://www.trusecure.com     X  Against HTML Mail
Protect what you connect;                   / \
Look both ways before crossing the Net.