Security Basics mailing list archives
RE: Real Time Antivirus on workstations
From: "Mark Brunner" <mark_brunner () hotmail com>
Date: Wed, 23 Nov 2005 00:14:34 -0500
I think the answer is in the details, but you'll have to do the math. First, how much value do you put on the data on these workstations? Are you reliant upon these systems? Second, what other resources do they connect to, and how valuable is that data? Third, how long would it take to replace or repair a compromised system and be back in business? Finally, what other countermeasures (firewalls, imaging, backup, etc) do you have in place? Think about what these systems are used for, and where are they connecting to? Do you have web-filtering? Email? Now consider how much it would cost to either upgrade or replace these systems. Consider replacing them over a span of time if the cost of a full-scale replacement is too high. If your users' data has any value and users are freely surfing the net, and using email, they should be protected from the myriad threats that are floating about, looking for a place to happen. What and how much protection is matter of cost versus value and risk. Cheers! Mark -----Original Message----- From: Christopher Carpenter [mailto:ccarpenter () dswa net] Sent: Monday, November 21, 2005 5:59 PM To: aj rembert; Depp, Dennis M. Cc: Thierry Zoller; george.peek () gmx net; security-basics () securityfocus com Subject: RE: Real Time Antivirus on workstations I haven't used Norton GoBack (and the website is short on details), but I'm assuming it's similar to Microsoft's System Restore. If you set a real-time antivirus program to scan only on writes, then resource utilization would probably approach that of GoBack.
From another perspective, what happens if a virus decides to overwrite
the GoBack file archive? Food for thought, I guess. Chris -----Original Message----- From: aj rembert [mailto:ajrembert.samscreen () gmail com] Sent: Monday, November 21, 2005 6:07 AM To: Depp, Dennis M. Cc: Thierry Zoller; george.peek () gmx net; security-basics () securityfocus com Subject: Real Time Antivirus on workstations Currently we have 10 workstations setup in our intranet, none if them with the resources required to handle applications such as Norton Antivirus's autoprotect and so on. I was debating on whether or not I should disable autoprotect and simply using Norton GoBack since I believe even if a virus is downloaded it would replace any altered files back to their original state, or recommend upgrading some of the hardware that is currently performing at sub standard levels. Any ideas would be appreciated. Regards, Andre Rembert
Current thread:
- Real Time Antivirus on workstations aj rembert (Nov 21)
- <Possible follow-ups>
- RE: Real Time Antivirus on workstations Jim Hull at 044 (Nov 22)
- RE: Real Time Antivirus on workstations Christopher Carpenter (Nov 22)
- RE: Real Time Antivirus on workstations Mark Brunner (Nov 23)
- RE: Real Time Antivirus on workstations Aditya Deshmukh (Nov 24)