> From: [email protected] [mailto:discuss- > [email protected]] On Behalf Of Ski Kacoroski > > I would love to know what your antivirus/malware strategy is and why?
In the past, when I've installed antivirus on macs and linux, I've seen it cause more harm than good. For that reason, I choose not to use antivirus on macs/linux. Likewise, on windows, all the mainstream commercial AV programs - mcaffee, norton in particular - I've seen cause more harm than good. I don't see any advantage to using anything other than the built-in free microsoft (security essentials or windows defender). It stays out of the way. For commercial products, I've liked eset, because it similarly stays out of the way, and reports issues back to me. The advice I always give people is this: Last I knew, credit fraud and identity theft was a $30-40B industry. Antivirus and anti-malware was a $3-4B industry. The job of the bad guys is to find any vulnerability, and exploit it, to rob you, or rob somebody else or do something illegal (child porn) under your identity. The job of the good guys is to find a way to defend against *every* possible vulnerability, and get you to pay preventively for protection, while competing against free products. The job of the good guys is fundamentally more difficult than the job of the bad guys, and the good guys have less resources and less reward. You cannot rely on the good guys as your sole line of defense. The one and only correct defense is to have backups, and run the good guys' antivirus programs to defend you in the situations where they work, and if you see any hint of a virus on the system, nuke the whole thing back to yesterday's backup. I have had hundreds of systems to clean from viruses, and I have literally 0% success. You may think that means I'm an incompetent IT person, but the reality is, anyone who claims higher just got to the point where the AV scan came back clean, and assumed they were done. They are failing to monitor the system after the fact, to learn that they've actually failed. Even when we know the exact virus that infected some system, and we know the exact vulnerability that was used to compromise the system, even when there's a tool created specifically to clean that virus, by a major company such as mcafee or synopsys or dell, we get the virus cleaned out, pass the AV scan, and apply updates to close the vulnerability... Even in the ideal situation as described above, some hours, days, or weeks later, it's back. Literally 100% of the time. I've never seen a single exception. The only thing that works is to use preventive measures (system updates and real-time protection), and when thos e fail, nuke the whole system and restore backup. There is a major problem with BYOD. You can't monitor users' backups, and when you tell them to nuke their system and restore from backup, they often don't have any, and it can be insurmountably difficult for them to nuke their own systems. _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
