Security Basics mailing list archives
Re: Antivirus- A Corrective Control?
From: Todd Haverkos <infosec () haverkos com>
Date: Wed, 10 Aug 2011 16:31:02 -0500
"Sandeep Cheema " <51l3n7 () live in> writes:
My 0.02$ Preventive. Corrective would be if the machine has been compromised and the next task is to clean it. But that's not how AV behaves ideally. An infected machine can never be cleaned fully but can be prevented completely from getting infected. If you got an AV in place, it should not get infected at all ( as per vandor's claims atleast
As this is security-basics, and because an alarming number of people
believe that there's even a shred of truth to the "should not get
infected at all" myth, as a public service, let's all repeat:
"No, AV won't protect you from all malware. Not even close."
Make sure everyone knows that AV is trivially evaded, and that
essentially all decent malware is tested against all the common AV's
before it's used. Some crimeware kits even come with support and a
guarantee of a new version should AV start detecting the current
version. Freely available exploitation frameworks are built from the
ground up to do AV and IDS evasion at several levels.
If a vendor makes a claim anywhere within 100 kilometers of "should
not get infected at all" they should be summarily discounted from
consideration as a vendor, and possibly flogged in the street.
If you aren't already, spread the word that AV's value (if any) is in
complying with mandates for AV, and for being at least something that
might detect older or more common malware absent any other more
advanced/more reliable detective measures you've been allowed to
purchase. Versus a targetted attack, be sure that decision makers are
aware that AV is very nearly worthless, and should never ever ever be
characterized as something that would keep a machine from getting
"infected at all."
Sandeep, by the way, this isn't directed at you...I suspect you are
well aware of the gulf between vendor claims and reality on this
front.
Best Regards,
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Current thread:
- Antivirus- A Corrective Control? kartik . netsec (Aug 10)
- Re: Antivirus- A Corrective Control? Todd Haverkos (Aug 10)
- Re: Antivirus- A Corrective Control? Sven von Kreyfeld (Aug 10)
- RE: Antivirus- A Corrective Control? Omar Salvador Alcalá Ruiz (Aug 10)
- RE: Antivirus- A Corrective Control? Mikesch, David A (Aug 10)
- RE: Antivirus- A Corrective Control? David Gillett (Aug 10)
- <Possible follow-ups>
- Re: Antivirus- A Corrective Control? Sandeep Cheema (Aug 10)
- Re: Antivirus- A Corrective Control? Todd Haverkos (Aug 10)
- Re: Antivirus- A Corrective Control? Femi Mogaji (Aug 10)
- Re: Antivirus- A Corrective Control? Jay Scalf (Aug 10)
- RE: Antivirus- A Corrective Control? Ong Chin Ching (Aug 11)
- RE: Antivirus- A Corrective Control? Mikhail A. Utin (Aug 11)
- Re: Antivirus- A Corrective Control? Todd Haverkos (Aug 10)
- Re: Antivirus- A Corrective Control? gold flake (Aug 11)
- RE: Antivirus- A Corrective Control? Curtis 4syth (Aug 11)
- Re: Antivirus- A Corrective Control? RobOEM (Aug 11)
- Re: Antivirus- A Corrective Control? John Morrison (Aug 11)