Security Basics mailing list archives

RE: Real Time Antivirus on workstations

From: "Mark Brunner" <mark_brunner () hotmail com>
Date: Wed, 23 Nov 2005 00:14:34 -0500

I think the answer is in the details, but you'll have to do the math.

First, how much value do you put on the data on these workstations?  Are you
reliant upon these systems?
Second, what other resources do they connect to, and how valuable is that
data?
Third, how long would it take to replace or repair a compromised system and
be back in business?
Finally, what other countermeasures (firewalls, imaging, backup, etc) do you
have in place?
Think about what these systems are used for, and where are they connecting
to?  Do you have web-filtering?
Email?  

Now consider how much it would cost to either upgrade or replace these
systems.
Consider replacing them over a span of time if the cost of a full-scale
replacement is too high.

If your users' data has any value and users are freely surfing the net, and
using email, they should be protected from the myriad threats that are
floating about, looking for a place to happen.  What and how much protection
is matter of cost versus value and risk.

Cheers!
Mark


-----Original Message-----
From: Christopher Carpenter [mailto:ccarpenter () dswa net]
Sent: Monday, November 21, 2005 5:59 PM
To: aj rembert; Depp, Dennis M.
Cc: Thierry Zoller; george.peek () gmx net;
security-basics () securityfocus com
Subject: RE: Real Time Antivirus on workstations


I haven't used Norton GoBack (and the website is short on details), but
I'm assuming it's similar to Microsoft's System Restore.  If you set a
real-time antivirus program to scan only on writes, then resource
utilization would probably approach that of GoBack.

From another perspective, what happens if a virus decides to overwrite

the GoBack file archive?  Food for thought, I guess.

Chris

-----Original Message-----
From: aj rembert [mailto:ajrembert.samscreen () gmail com] 
Sent: Monday, November 21, 2005 6:07 AM
To: Depp, Dennis M.
Cc: Thierry Zoller; george.peek () gmx net;
security-basics () securityfocus com
Subject: Real Time Antivirus on workstations

Currently we have 10 workstations setup in our intranet, none if them
with the resources required to handle applications such as Norton
Antivirus's autoprotect and so on. I was debating on whether or not I
should disable autoprotect and simply using Norton GoBack since I
believe even if a virus is downloaded it would replace any altered
files back to their original state, or recommend upgrading some of the
hardware that is currently performing at sub standard levels. Any
ideas would be appreciated.
Regards,
Andre Rembert

Current thread:

Real Time Antivirus on workstations aj rembert (Nov 21)
- <Possible follow-ups>
- RE: Real Time Antivirus on workstations Jim Hull at 044 (Nov 22)
- RE: Real Time Antivirus on workstations Christopher Carpenter (Nov 22)
  - RE: Real Time Antivirus on workstations Mark Brunner (Nov 23)
  - RE: Real Time Antivirus on workstations Aditya Deshmukh (Nov 24)