awstats
Hi All anybody out there using awstats to monitor website statistics? i started using this to monitor the usage of a client's site last months stats went well, however when running this month's stats the awstats database files don't update i follow awstats FAQ-COM500 : HOW CAN I RESET ALL MY STATISTICS? but that doesn't work and any updates from September 11, the date i ran the updates last month, still aren't processed any ideas? or do you know of a dedicated list for awstats? thank you Laurence ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: SNMP Service Fails to Start - Instantly
Run: `netstat -ano |findstr 161` See if something else is running on that port... From: Phil Hershey [mailto:phers...@agia.com] Sent: Sunday, October 09, 2011 7:56 AM To: NT System Admin Issues Subject: SNMP Service Fails to Start - Instantly Howdy, All. Have a problem on a 2003 R2 64-bit server running SQL Server 2005 64-bit. Despite installing, uninstalling and reinstalling the SNMP service, the SNMP server service fails immediately to start, not with the typical 30-second period. The only errors I'm seeing in the event logs are 7009 7000, which haven't helped in troubleshooting. This happens set to run as the default Local System service with desktop interaction enabled. I have also in desperation tried running it under a domain admin equivalent account with no success. I have been unable to find any information on logs other than the System or Application event logs that would record more information about what the error might be. Any ideas out there? Thanks. Phil Hershey Carpitneria, CA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
It's worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 1:20 PM To: NT System Admin Issues Subject: Re: AV and malware protection? I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.commailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: It’s worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
FWIW, in some circles its considered an AV product. I hear it coming-up more and more as a point of discussion amongst engineers. -- Espi On Sun, Oct 9, 2011 at 9:23 AM, Alex Eckelberry alex.eckelbe...@gfi.comwrote: It’s worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Friday, October 07, 2011 1:20 PM *To:* NT System Admin Issues *Subject:* Re: AV and malware protection? I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
+1 -- Espi On Sun, Oct 9, 2011 at 10:27 AM, Ben Scott mailvor...@gmail.com wrote: And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
Hmmm Take a look at the Wildlist, which is the list of currently verified viruses. There's still a lot of nasty stuff out there. http://www.wildlist.org/WildList/201108.txt We see plenty of viruses out there, and relying on a product like Malwarebytes as your only line of defense is a serious mistake, IMHO. It's an excellent product (remember we partner with them and are very close to them, so this is not a slight in the least on their technology) but you really, really need an AV product as a complement. Alex -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issue Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: It's worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
Viruses (true file infectors) like Sality, Virut, XPAJ, xpiro, murofet, Mabezat and a few other true viruses are still quite common which Malwarebytes cannot deal with. Mabezat usually hauls in a variant of zbot/zues which is after banking/CC info... Malwarebytes might see the zbot files from mabezat but never fully remove it because the virus infected files put it back. Malwarebytes may see the infected hosts file temp files associated with virut or the rootkit driver associated with sality and/or some of sality's registry corruptions but it cannot disinfect files. Something like Bamital which attacks a select few files (and infects them) Malwarebytes cannot deal with either. It may see the Trojan dll involved try to pull it. If successful and since it cannot disinfect the infected explorer, winlogon, wininit, kernel32.dll, ntdll32.dll the machine ends up in a constant BSOD loop because wininit/winlogon is missing the dll it has been coded to depend on. And -- yes I have seen cases where things on a network are locked down quite well but a vendor come in to update some specialized software or re-install from his thumb drive infect the network with virut and other nasties.. Tammy -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issues Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: Its worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
Reactive AV is being phased out of our XenApp systems next week. We are going to maintain a sleeping AV component and do a deep scan once a week. Realtime monitoring is being turned off and we will rely entirely on the application management suite. We are not doing this blithely - currently app management stops about thirty or forty pieces of malware executing per week, and our AV catches precisely zero. In this environment, AV is just a waste of resources. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -Original Message- From: Alex Eckelberry alex.eckelbe...@gfi.com Date: Sun, 9 Oct 2011 17:55:58 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: AV and malware protection? Hmmm Take a look at the Wildlist, which is the list of currently verified viruses. There's still a lot of nasty stuff out there. http://www.wildlist.org/WildList/201108.txt We see plenty of viruses out there, and relying on a product like Malwarebytes as your only line of defense is a serious mistake, IMHO. It's an excellent product (remember we partner with them and are very close to them, so this is not a slight in the least on their technology) but you really, really need an AV product as a complement. Alex -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issue Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: It's worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
What's the name of the sleeping AV component? This thread is of particular interest since I'm plannning to pilot a VDI deployment and a few engineers have mentioned the need to not have local AV protection any longer. I tend to err on the side of caution, but it's a persuading assertion; either from a cost and technical perspective. On Sunday, October 9, 2011, kz2...@googlemail.com wrote: Reactive AV is being phased out of our XenApp systems next week. We are going to maintain a sleeping AV component and do a deep scan once a week. Realtime monitoring is being turned off and we will rely entirely on the application management suite. We are not doing this blithely - currently app management stops about thirty or forty pieces of malware executing per week, and our AV catches precisely zero. In this environment, AV is just a waste of resources. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -Original Message- From: Alex Eckelberry alex.eckelbe...@gfi.com Date: Sun, 9 Oct 2011 17:55:58 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: AV and malware protection? Hmmm Take a look at the Wildlist, which is the list of currently verified viruses. There's still a lot of nasty stuff out there. http://www.wildlist.org/WildList/201108.txt We see plenty of viruses out there, and relying on a product like Malwarebytes as your only line of defense is a serious mistake, IMHO. It's an excellent product (remember we partner with them and are very close to them, so this is not a slight in the least on their technology) but you really, really need an AV product as a complement. Alex -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issue Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: It's worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
We are just going to continue using Trend, just with realtime monitoring disabled. It will just do a scan once a week. But we could use any AV for that (personally I would not have chosen Trend). The heavy work is going to be done by AppSense Application Manager. Its greylisting technique means we get the power of a whitelist without the inflexibility. We've studied the two running together for months now and Trend is doing absolutely nothing, the AM component picks everything off first. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -Original Message- From: Harry Singh hbo...@gmail.com Date: Sun, 9 Oct 2011 14:32:16 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: AV and malware protection? What's the name of the sleeping AV component? This thread is of particular interest since I'm plannning to pilot a VDI deployment and a few engineers have mentioned the need to not have local AV protection any longer. I tend to err on the side of caution, but it's a persuading assertion; either from a cost and technical perspective. On Sunday, October 9, 2011, kz2...@googlemail.com wrote: Reactive AV is being phased out of our XenApp systems next week. We are going to maintain a sleeping AV component and do a deep scan once a week. Realtime monitoring is being turned off and we will rely entirely on the application management suite. We are not doing this blithely - currently app management stops about thirty or forty pieces of malware executing per week, and our AV catches precisely zero. In this environment, AV is just a waste of resources. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -Original Message- From: Alex Eckelberry alex.eckelbe...@gfi.com Date: Sun, 9 Oct 2011 17:55:58 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: AV and malware protection? Hmmm Take a look at the Wildlist, which is the list of currently verified viruses. There's still a lot of nasty stuff out there. http://www.wildlist.org/WildList/201108.txt We see plenty of viruses out there, and relying on a product like Malwarebytes as your only line of defense is a serious mistake, IMHO. It's an excellent product (remember we partner with them and are very close to them, so this is not a slight in the least on their technology) but you really, really need an AV product as a complement. Alex -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issue Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: It's worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To
RE: AV and malware protection?
I don't know how kz20fl does that, but in the case of Vipre, for example, it would simply be turning off the on-access scanning, and strictly using the on-demand scan, which can be scheduled or run manually. I have to agree with Alex and Tammy; there's still plenty of virus vectors out there, and an employee bringing a cd or usb stick, and/or clicking an attachment that's infected can still cream your network. As other's have mentioned, a layered approach including AV, malwarebytes-type scanners, IPS/IDS, firewalls, DNS filtering, and other methodology is still the only way we can hope to catch the bad stuff. Well, I supposed you could disconnect from the internet, and disable floppies, cds, usb sticks, etc, and make the PCs read-only, but that impacts productive work a little. -Original Message- From: Harry Singh [mailto:hbo...@gmail.com] Sent: Sunday, October 09, 2011 1:32 PM To: NT System Admin Issues Subject: Re: AV and malware protection? What's the name of the sleeping AV component? This thread is of particular interest since I'm plannning to pilot a VDI deployment and a few engineers have mentioned the need to not have local AV protection any longer. I tend to err on the side of caution, but it's a persuading assertion; either from a cost and technical perspective. On Sunday, October 9, 2011, kz2...@googlemail.com wrote: Reactive AV is being phased out of our XenApp systems next week. We are going to maintain a sleeping AV component and do a deep scan once a week. Realtime monitoring is being turned off and we will rely entirely on the application management suite. We are not doing this blithely - currently app management stops about thirty or forty pieces of malware executing per week, and our AV catches precisely zero. In this environment, AV is just a waste of resources. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -Original Message- From: Alex Eckelberry alex.eckelbe...@gfi.com Date: Sun, 9 Oct 2011 17:55:58 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: AV and malware protection? Hmmm Take a look at the Wildlist, which is the list of currently verified viruses. There's still a lot of nasty stuff out there. http://www.wildlist.org/WildList/201108.txt We see plenty of viruses out there, and relying on a product like Malwarebytes as your only line of defense is a serious mistake, IMHO. It's an excellent product (remember we partner with them and are very close to them, so this is not a slight in the least on their technology) but you really, really need an AV product as a complement. Alex -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issue Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: It's worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally,