The reality is that most IT environments are all using one of the 2-4 popular AV products. One of the 5-6 popular network firewalls. This makes it so that the ease at which an attacker can setup a test lab to mimic the average business and ensure their attack will be successful is a very easy thing.
In order to be successful in today's IT security environment you need to customize security to your specific environment. If you spend even a reasonable amount of time customizing your security at the OS and network level you can prevent the vast majority of attacks. This is not opinion but fact. Problem is that most people in IT have not been given the time or education by management to be able to do this successfully so alas everyone just installs a product and hopes it works. Likewise the attacker installs the product, makes sure their exploit works, and does not abide by hope. Now of course you could have the time and knowledge and not a product that allows for customization. But that is a different thing all together. -Marc Signed, Marc Maiffret Founder/CTO eEye Digital Security WEB: http://www.eEye.com BLOG: http://blog.eeye.com TWITTER: http://twitter.com/#!/marcmaiffret From: Alan Davies [mailto:adav...@cls-services.com] Sent: Monday, October 10, 2011 2:01 AM To: NT System Admin Issues Subject: RE: AV and malware protection? Huge +1 to that. Anyone who says product x is the best, is, at best, correct for a short period of time! All AV is poor - I seem to remember about 70% protection is as high as any product gets by some measurements. Why on earth would you encourage users not to use IE!? Again, FUD mostly - IE is one of, if not the most secure browser out there out of the box. Firefox not so great. Now I agree that you can add various addons to change the game, mostly at the expense of functionality, but these also require management and understanding - something that normal users will not have! Top browsers all managed well equal a fairly level playing ground. a ________________________________ From: Mike Gill [mailto:lis...@canbyfoursquare.com]<mailto:[mailto:lis...@canbyfoursquare.com]> Sent: 07 October 2011 19:50 To: NT System Admin Issues Subject: RE: AV and malware protection? I have seen exploits on systems with just about every (fully updated) AV product heard of. There is no product that will win every time playing this cat and mouse game. I run MSE on my personal systems. Vipre and Nod32 on client computers. I encourage users not to use IE. -- Mike From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]<mailto:[mailto:michealespin...@gmail.com]> Sent: Friday, October 07, 2011 11:26 AM To: NT System Admin Issues Subject: Re: AV and malware protection? Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as "a joke". I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi ************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin