Educause Security Discussion mailing list archives
Re: In absentia BOF - Anti-virus in a Breach Disclosure World
From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 12 Apr 2006 09:42:48 -0400
Jim, We are wrestling with this issue to. It is one of the reasons we're moving to have our people operate their computers with non-administrator accounts for day to day use. It is also one of the reasons that we are ramping up our forensics capabilities. I see so much malware these days that is not detected by AV software that I've lost almost all confidence in it. We try to base our response on the known contents of the desktop and accounts used by the computer's operator. If its known to contain sensitive data, we'll image it and start a forensics investigation that includes available network traffic logs. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- In absentia BOF - Anti-virus in a Breach Disclosure World James H Moore (Apr 11)
- <Possible follow-ups>
- Re: In absentia BOF - Anti-virus in a Breach Disclosure World Gary Flynn (Apr 12)