Same answers as always: Harden the OS, impose separation of abilities and limit administrator access. Whitelisting apps, too, for that matter.
On Tue, Dec 13, 2011 at 08:15, Andrew S. Baker <asbz...@gmail.com> wrote: > Rootkits are largely already invisible to the end user. > > Of course, there is an element of risk to this, but doing nothing is not a > valid response to the existing threats, and you have yet to substantiate > any specific weakness that would allow malware writers to have a "field > day" with this. > > Allowing the end user to install or deploy technology early enough that it > can circumvent a rootkit is highly desirable, is it not? If you > disagree, please feel free to offer some viable alternatives... > > * * > > *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of > Technology for the SMB market… > > * > > > > On Tue, Dec 13, 2011 at 8:42 AM, Kurt Buff <kurt.b...@gmail.com> wrote: > >> Because once they corrupt it, it will be at least as invisible to the end >> user as a rootkit. And you know it's going to be a big fat target. >> >> >> On Tue, Dec 13, 2011 at 04:41, Andrew S. Baker <asbz...@gmail.com> wrote: >> >>> Why would they have a "field day" with this? >>> >>> * * >>> >>> *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of >>> Technology for the SMB market… >>> >>> * >>> >>> >>> >>> On Mon, Dec 12, 2011 at 5:13 PM, Kurt Buff <kurt.b...@gmail.com> wrote: >>> >>>> Yes, it will be very effective for malware writers, who are going to >>>> have a field day with this. It's just another layer of abstraction to >>>> obfuscate functionality, and make it even harder to troubleshoot >>>> problems. >>>> >>>> >>>> >>>> Kurt >>>> >>>> On Mon, Dec 12, 2011 at 11:27, David Lum <david....@nwea.org> wrote: >>>> > Anyone care to comment on this? >>>> > http://www.mcafee.com/us/resources/data-sheets/ds-deep-defender.pdf >>>> > >>>> > >>>> > >>>> > Note the requirements and specifications on the left. Looks like the >>>> Intel >>>> > purchase of McAfee is responsible for this one, the questions is will >>>> it >>>> > really be effective? >>>> > >>>> > David Lum >>>> > Systems Engineer // NWEATM >>>> > Office 503.548.5229 // Cell (voice/text) 503.267.9764 >>>> > >>>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin