Re: No AV? Shock, horror!

[<Blanchard_Michael () emc com>]

Yah, too bad many corporations turn off the built in FW in SP2 via GPO ;-(  But the additions in SP2 were a GodSend for 
home users, agreed.


Michael P. Blanchard 
Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management 
EMC ² Corporation 
4400 Computer Dr. 
Westboro, MA 01580 
email:  Blanchard_Michael () EMC COM 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Dan Kaminsky
Sent: Tuesday, September 29, 2009 11:00 AM
To: Michael Collins
Cc: funsec () linuxbox org
Subject: Re: [funsec] No AV? Shock, horror!

"Any" security measure is a bit much.  The collection of fixes that
went alongside XPSP2 was pretty epic (firewall by default, massacre of
SMB's anonymous surface, windows update) and almost entirely killed
worms -- and their company-wide-compromises -- quantifiably.

On Tue, Sep 29, 2009 at 4:15 PM, Michael Collins <mcollins () aleae com> wrote:
> I've done some cursory searching, and I'm in the midst of a deeper lit
> review right now, but all signs point to there nit being empirical
> evidence for the effectiveness of any security measure.  I'll say more
> when I've read more
>
> Sent from my iPhone
>
> On Sep 28, 2009, at 3:50 PM, Nick FitzGerald <nick@virus-
> l.demon.co.uk> wrote:
>
> > Blanchard_Michael () emc com to Dan Kaminsky:
> >
> > > > Is there a source of data showing 10,000 machines with AV are less
> > > > likely to be infected than 10,000 machines without?
> > >
> > > I'm sure there is, ...
> >
> > I'm not so sure there is -- in fact, I'm fairly sure there is no such
> > study.
> >
> > > ... but I would have to say that machine platform
> > > would play a major factor for infection along with user.
> >
> > If you treat "infction" as a purely binary state, then maybe not so
> > much...
> >
> > If you count each instance of "different" malware per machine, then
> > probably so...
> >
> > >  If we're talking 10,000 windows home users without A/V, VS. 10,000
> > > Windows home users with AV, I'd say for certain that those without
> > > are more likely to become infected.  Would be interesting to see a
> > > formal study on this though....
> >
> > As I said, the results are much less certain depending on how you
> > define "infected".
> >
> > >  For *nix platforms there is a greater chance of having a file that
> > > is infected stored on it waiting for a vulnerable box to grab it and
> > > run it than the *nix box itself getting infected.
> >
> > But if we add "owned" to the things we count as "infected"...
> >
> >
> >
> > Regards,
> >
> > Nick FitzGerald
> >
> >
> > _______________________________________________
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.