funsec mailing list archives
Re: No AV? Shock, horror!
From: <Blanchard_Michael () emc com>
Date: Tue, 29 Sep 2009 11:48:51 -0400
Yah, too bad many corporations turn off the built in FW in SP2 via GPO ;-( But the additions in SP2 were a GodSend for home users, agreed. Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 email: Blanchard_Michael () EMC COM -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Dan Kaminsky Sent: Tuesday, September 29, 2009 11:00 AM To: Michael Collins Cc: funsec () linuxbox org Subject: Re: [funsec] No AV? Shock, horror! "Any" security measure is a bit much. The collection of fixes that went alongside XPSP2 was pretty epic (firewall by default, massacre of SMB's anonymous surface, windows update) and almost entirely killed worms -- and their company-wide-compromises -- quantifiably. On Tue, Sep 29, 2009 at 4:15 PM, Michael Collins <mcollins () aleae com> wrote:
I've done some cursory searching, and I'm in the midst of a deeper lit review right now, but all signs point to there nit being empirical evidence for the effectiveness of any security measure. I'll say more when I've read more Sent from my iPhone On Sep 28, 2009, at 3:50 PM, Nick FitzGerald <nick@virus- l.demon.co.uk> wrote:Blanchard_Michael () emc com to Dan Kaminsky:Is there a source of data showing 10,000 machines with AV are less likely to be infected than 10,000 machines without?I'm sure there is, ...I'm not so sure there is -- in fact, I'm fairly sure there is no such study.... but I would have to say that machine platform would play a major factor for infection along with user.If you treat "infction" as a purely binary state, then maybe not so much... If you count each instance of "different" malware per machine, then probably so...If we're talking 10,000 windows home users without A/V, VS. 10,000 Windows home users with AV, I'd say for certain that those without are more likely to become infected. Would be interesting to see a formal study on this though....As I said, the results are much less certain depending on how you define "infected".For *nix platforms there is a greater chance of having a file that is infected stored on it waiting for a vulnerable box to grab it and run it than the *nix box itself getting infected.But if we add "owned" to the things we count as "infected"... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: No AV? Shock, horror!, (continued)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 28)
- Re: No AV? Shock, horror! Blanchard_Michael (Sep 28)
- Re: No AV? Shock, horror! Nick FitzGerald (Sep 28)
- Re: No AV? Shock, horror! Michael Collins (Sep 29)
- McAfee really DOES write new Malware! Wholey Moley! Blanchard_Michael (Sep 29)
- Re: McAfee really DOES write new Malware! Wholey Moley! Rich Kulawiec (Sep 29)
- Re: McAfee really DOES write new Malware! Wholey Moley! chris (Sep 29)
- Re: McAfee really DOES write new Malware! Wholey Moley! Blanchard_Michael (Sep 30)
- Re: McAfee really DOES write new Malware! Wholey Moley! Rich Kulawiec (Sep 30)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Blanchard_Michael (Sep 29)
- Re: No AV? Shock, horror! Kenneth L. Bechtel, II (Sep 29)
- Re: No AV? Shock, horror! Blanchard_Michael (Sep 29)
- Re: No AV? Shock, horror! Michael Collins (Sep 29)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Rich Kulawiec (Sep 30)
- Re: No AV? Shock, horror! Michael Collins (Sep 29)
- Re: No AV? Shock, horror! Toralv_Dirro (Sep 28)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 28)
- Re: No AV? Shock, horror! Charles Miller (Sep 28)
- Re: No AV? Shock, horror! Nick FitzGerald (Sep 28)