Yah, too bad many corporations turn off the built in FW in SP2 via GPO ;-( But the additions in SP2 were a GodSend for home users, agreed.
Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 email: blanchard_mich...@emc.com -----Original Message----- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Dan Kaminsky Sent: Tuesday, September 29, 2009 11:00 AM To: Michael Collins Cc: funsec@linuxbox.org Subject: Re: [funsec] No AV? Shock, horror! "Any" security measure is a bit much. The collection of fixes that went alongside XPSP2 was pretty epic (firewall by default, massacre of SMB's anonymous surface, windows update) and almost entirely killed worms -- and their company-wide-compromises -- quantifiably. On Tue, Sep 29, 2009 at 4:15 PM, Michael Collins <mcoll...@aleae.com> wrote: > I've done some cursory searching, and I'm in the midst of a deeper lit > review right now, but all signs point to there nit being empirical > evidence for the effectiveness of any security measure. I'll say more > when I've read more > > Sent from my iPhone > > On Sep 28, 2009, at 3:50 PM, Nick FitzGerald <n...@virus- > l.demon.co.uk> wrote: > >> blanchard_mich...@emc.com to Dan Kaminsky: >> >>>> Is there a source of data showing 10,000 machines with AV are less >>>> likely to be infected than 10,000 machines without? >>> >>> I'm sure there is, ... >> >> I'm not so sure there is -- in fact, I'm fairly sure there is no such >> study. >> >>> ... but I would have to say that machine platform >>> would play a major factor for infection along with user. >> >> If you treat "infction" as a purely binary state, then maybe not so >> much... >> >> If you count each instance of "different" malware per machine, then >> probably so... >> >>> If we're talking 10,000 windows home users without A/V, VS. 10,000 >>> Windows home users with AV, I'd say for certain that those without >>> are more likely to become infected. Would be interesting to see a >>> formal study on this though.... >> >> As I said, the results are much less certain depending on how you >> define "infected". >> >>> For *nix platforms there is a greater chance of having a file that >>> is infected stored on it waiting for a vulnerable box to grab it and >>> run it than the *nix box itself getting infected. >> >> But if we add "owned" to the things we count as "infected"... >> >> >> >> Regards, >> >> Nick FitzGerald >> >> >> _______________________________________________ >> Fun and Misc security discussion for OT posts. >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >> Note: funsec is a public and open mailing list. > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
