On 2016-04-13 Edward Ned Harvey (lopser) wrote:
> > [email protected]] On Behalf Of Ski Kacoroski
> >
> > I would love to know what your antivirus/malware strategy is and why?
> You cannot rely on the good guys as your sole line of defense.
> The one and only correct defense is to have backups, and run the
> good guys' antivirus programs to defend you in the situations
^^ ^^^^^^ ^^^ ^^ ^^^ ^^^^^^^^^^
> where they work, and if you see any hint of a virus on the
^^^^^^^^^^^^^^^
> system, nuke the whole thing back to yesterday's backup.
Ed,
Totally agree. I spent a year qualifying 5 commercial
anti-malware packages. Signature-based detection is not
_completely_ useless but the utility is very low. Money spent on
it might be better applied to host-based defense and backup /
recovery. Since the anti-viru$ industry has made this a
checklist item you might end up installing something just to
mollify your manager.
I also encourage a battle posture: think about what can you
trust and defend during a security melt down. So, non-domain,
non-shared accounts to run backup servers, hardened central
logging, etc. The opposite of that sysadmin who recently trashed
their entire infrastructure including backups.
--
Charles Polisher
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
