Full Disclosure mailing list archives
Re: Anti virus installations on Windows servers
From: Valdis.Kletnieks () vt edu
Date: Wed, 29 Apr 2009 13:04:17 -0400
On Wed, 29 Apr 2009 10:34:55 MDT, don bailey said:
Please don't speak for all security professionals. "We" do not do the same thing(s) you do. Also, it surprises me that you think Linux/OSX/etc are not virus capable.
Notice I never actually mentioned an operating system. You're the one that hopped on the Linux/OSX bandwangon. ;) I never said Linux/*BSD/Solaris/etc weren't virus capable. What I *said* was that you want systems that have security designs that *already* include the things you need to stop viruses and you don't need a separate anti-virus. For example - if you have something that's creating a new executable in the /bin directory and you don't know what it is, you have a problem, whether it's a virus or somebody trying to trojan /bin/login. And once you've done whatever hardening you want to keep a hacker from trojaning /bin/login, you've *also* now stopped a virus from scribbling in /bin. It's a change in mindset - you shouldn't be thinking about "I need to stop the viruses", you should be thinking about "I need to close off the attack surfaces so they can't be used by attackers, whether they're viruses or something else". This applies to Windows too: Installing anti-virus tools that try to minimize the damage a virus can do when a user is running as Administrator is just papering over the issue - the *problem* is that the user is running as Administrator inappropriately. And lo and behold - once you deal with that issue, you no longer need a special anti-virus widget for that case. Don't think "malware types". Think "attack vectors". If you can deal with the attack vectors, the malware types become irrelevant. And if you *can't* deal with the attack vector, the malware type is *still* irrelevant - you have a hole that can be used to pwn you.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Anti virus installations on Windows servers mbs (Apr 29)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 29)
- Re: Anti virus installations on Windows servers T Biehn (Apr 29)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 29)
- Re: Anti virus installations on Windows servers don bailey (Apr 29)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 29)
- Re: Anti virus installations on Windows servers don bailey (Apr 29)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 29)
- Re: Anti virus installations on Windows servers don bailey (Apr 29)
- Re: Anti virus installations on Windows servers Kurt Buff (Apr 29)
- Re: Anti virus installations on Windows servers T Biehn (Apr 29)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 29)
- Re: Anti virus installations on Windows servers T Biehn (Apr 29)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 29)
- Re: Anti virus installations on Windows servers T Biehn (Apr 30)
- Re: Anti virus installations on Windows servers Valdis . Kletnieks (Apr 30)