Re: In absentia BOF - Anti-virus in a Breach Disclosure World

[Gary Flynn <flynngn () JMU EDU>]

Jim,

We are wrestling with this issue to. It is one of the
reasons we're moving to have our people operate their
computers with non-administrator accounts for day to
day use. It is also one of the reasons that we are
ramping up our forensics capabilities.

I see so much malware these days that is not detected
by AV software that I've lost almost all confidence
in it.

We try to base our response on the known contents of
the desktop and accounts used by the computer's
operator. If its known to contain sensitive data,
we'll image it and start a forensics investigation
that includes available network traffic logs.

--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature