RE: AV and malware protection?
Random factoid, anyone see that there was a vulnerability patched today that ONLY affected IE9? And it is reliable code execution. We are discussing it on eEye's VEF tomorrow, its pretty silly awesome. -Marc -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, October 10, 2011 9:02 PM To: NT System Admin Issues Subject: Re: AV and malware protection? On Mon, Oct 10, 2011 at 5:01 AM, Alan Davies adav...@cls-services.com wrote: Why on earth would you encourage users not to use IE!? Again, FUD mostly - IE is one of, if not the most secure browser out there out of the box. While I haven't seen MSIE 9 yet, I know MSIE 8 still had what I would consider woefully insecure defaults with regards to it's Security tab settings, especially regarding ActiveX controls. Now, I regard ActiveX as a really bad idea to begin with -- allowing a web page to push binary executables to my PC is *not* a good idea, IMO, and I think history would support me on this one -- but if you're going to allow it, you need something a bit better than just requiring a bit of crypto thrown at it. More reasonable would be denying install to anything but Trusted Sites. If the user can't type the site name that's a fair bet they shouldn't be installing it, one way or the other. There are a number of other things, too, such as the ability to run an EXE from the web in two clicks, or allowing scripts to manipulate the browser window (Firefox does that too, I might add). Currently, a lot of it is academic, since the popular vectors today are Flash and Acrobat, but if Adobe ever gets their act together I expect we'll see renewed interest in browser security design. Firefox not so great. Speaking of FUD, care to explain that? -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
All good, APT is a legitimate term like so many that start out legitimate and then are used and abused by security companies to the point where the term becomes confused and dirty. Even a lot of APT can actually be stopped rather easily. Aurora for example could have been defeated simply by enforcing all outbound network traffic to traverse through a web proxy. The malware used in Aurora was not proxy aware. Stuxnet is another that is easy to defeat with good technical security best practices. One of the privilege escalation vulnerabilities it used could be prevented, and therefore prevent the subsequent chain of events, simply by having good file permissions. And these are not magical permissions that you would have had to know about Stuxnet to implement but rather best practices that in fact some companies I know already had. For example one of our customers that is a bank with over a half million windows systems had this file permissions configuration in place and so when Stuxnet was discovered instead of having to drop everything and patch over a half million systems they were already mitigated and could patch as part of their regular cycle. Don't get me wrong there is plenty of APT, and even general cybercrime attacks, that are very difficult but there have been few attacks ever, APT included, that could not have been prevented in a generic and reasonable way. The problem is our industry celebrates people who break software more than people who help educate what you can do to be more secure (beyond a product). And that is not to say we should celebrate the researchers doing vulnerability research less but rather to celebrate people doing innovative and educational things around protection more. We actually have a white paper on the topic of security configuration best practices and examples of how some of these basic things can go very far in stopping even APT and other sophisticated attacks. You can grab that paper eEye Research Report: In Configuration We Trust from our website here: http://www.eeye.com/resources/literature/white-papers We also have a webinar with myself and one of my researchers giving a bit of an overview of the white paper that you can view here On the Frontline of the Threat Landscape http://www.eeye.com/resources/media-center/webinars-podcasts Your last point Alan is a good one on how are we going to get better... Sadly in the 13+ years I have been in this space it seems we only get better through pain. But then as I discuss in a keynote I have been giving at conferences lately, I do not think this is a IT/security problem but rather something rooted deeper in basic human nature and our inability to be proactive without pain etc... -Marc -Original Message- From: Alan Davies [mailto:adav...@cls-services.com] Sent: Tuesday, October 11, 2011 4:27 AM To: NT System Admin Issues Subject: RE: AV and malware protection? Agree wholeheartedly for the majority of threats. The only exception I'd make is for APT (sorry to mention buzzwords!!). Security through obscurity can be a very valid defence against undirected attacks (and probably most directed ones too), but a little social engineering, insider knowledge, etc. and it doesn't matter so much anymore. Stuxnet was a good example. What matters are the real controls in place, your people and your processes. On your last comment Marc, I do worry how we are ever going to get to a scenario where businesses in general are well protected since only very few, through either extraordinary diligence of their own doing, or through regulatory necessity, make that time or care about that level of knowledge (aka funds!). PCI perhaps is at least a start in terms of introducing some of these concepts to otherwise unregulated verticals. a From: Marc Maiffret [mailto:mmaiff...@eeye.com] Sent: 11 October 2011 01:28 To: NT System Admin Issues Subject: RE: AV and malware protection? The reality is that most IT environments are all using one of the 2-4 popular AV products. One of the 5-6 popular network firewalls. This makes it so that the ease at which an attacker can setup a test lab to mimic the average business and ensure their attack will be successful is a very easy thing. In order to be successful in today's IT security environment you need to customize security to your specific environment. If you spend even a reasonable amount of time customizing your security at the OS and network level you can prevent the vast majority of attacks. This is not opinion but fact. Problem is that most people in IT have not been given the time or education by management to be able to do this successfully so alas everyone just installs a product and hopes it works. Likewise the attacker installs the product, makes sure their exploit works, and does not abide by hope. Now of course you could have the time and knowledge and not a product
RE: AV and malware protection?
Ahhh .. good stuff. I wonder if your guys can hack Russian submarines off the coast of Cornwall by tapping the keyboard a bit until the first firewall falls, then just talking Russion to it! Mind you, we still haven't figured out how to bind an iBook to an alien spacecraft like your lot ... -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: 11 October 2011 21:22 To: NT System Admin Issues Subject: Re: AV and malware protection? On Tue, Oct 11, 2011 at 9:57 AM, Alan Davies adav...@cls-services.com wrote: A ... that must be like in Spooks where they search their master criminal mugshot collection via a terminal that graphically displays every mugshot they're comparing to one by one .. really quickly! [UK reference to BBC spy series Spooks for those scratching their heads!] It's okay -- spy computers work that way in Hollywood, too. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
On Wed, Oct 12, 2011 at 1:05 AM, Alan Davies adav...@cls-services.comwrote: Mind you, we still haven't figured out how to bind an iBook to an alien spacecraft like your lot ... Somewhere there is a vendor who has a class on how that is done. We're not allowed to teach it outside the US. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
At home, I'm running the following: *Host-based Security:* - Avira (free) on most desktop/laptop systems - MSE on one laptop - VIPRE on one desktop - ClamAV on one server (Most of my servers are not running any AV/AntiMalware) - UAC on all systems - Firewall disabled on LAN / Enabled when off network *Network-based Security:* - OpenDNS - Netgear-based router with DD-WRT firmware No issues. * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Fri, Oct 7, 2011 at 9:31 AM, Eric Brouwer ithelp.e...@gmail.com wrote: If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
Agree wholeheartedly for the majority of threats. The only exception I'd make is for APT (sorry to mention buzzwords!!). Security through obscurity can be a very valid defence against undirected attacks (and probably most directed ones too), but a little social engineering, insider knowledge, etc. and it doesn't matter so much anymore. Stuxnet was a good example. What matters are the real controls in place, your people and your processes. On your last comment Marc, I do worry how we are ever going to get to a scenario where businesses in general are well protected since only very few, through either extraordinary diligence of their own doing, or through regulatory necessity, make that time or care about that level of knowledge (aka funds!). PCI perhaps is at least a start in terms of introducing some of these concepts to otherwise unregulated verticals. a From: Marc Maiffret [mailto:mmaiff...@eeye.com] Sent: 11 October 2011 01:28 To: NT System Admin Issues Subject: RE: AV and malware protection? The reality is that most IT environments are all using one of the 2-4 popular AV products. One of the 5-6 popular network firewalls. This makes it so that the ease at which an attacker can setup a test lab to mimic the average business and ensure their attack will be successful is a very easy thing. In order to be successful in today's IT security environment you need to customize security to your specific environment. If you spend even a reasonable amount of time customizing your security at the OS and network level you can prevent the vast majority of attacks. This is not opinion but fact. Problem is that most people in IT have not been given the time or education by management to be able to do this successfully so alas everyone just installs a product and hopes it works. Likewise the attacker installs the product, makes sure their exploit works, and does not abide by hope. Now of course you could have the time and knowledge and not a product that allows for customization. But that is a different thing all together. -Marc Signed, Marc Maiffret Founder/CTO eEye Digital Security WEB: http://www.eEye.com BLOG: http://blog.eeye.com TWITTER: http://twitter.com/#!/marcmaiffret From: Alan Davies [mailto:adav...@cls-services.com] Sent: Monday, October 10, 2011 2:01 AM To: NT System Admin Issues Subject: RE: AV and malware protection? Huge +1 to that. Anyone who says product x is the best, is, at best, correct for a short period of time! All AV is poor - I seem to remember about 70% protection is as high as any product gets by some measurements. Why on earth would you encourage users not to use IE!? Again, FUD mostly - IE is one of, if not the most secure browser out there out of the box. Firefox not so great. Now I agree that you can add various addons to change the game, mostly at the expense of functionality, but these also require management and understanding - something that normal users will not have! Top browsers all managed well equal a fairly level playing ground. a From: Mike Gill [mailto:lis...@canbyfoursquare.com] Sent: 07 October 2011 19:50 To: NT System Admin Issues Subject: RE: AV and malware protection? I have seen exploits on systems with just about every (fully updated) AV product heard of. There is no product that will win every time playing this cat and mouse game. I run MSE on my personal systems. Vipre and Nod32 on client computers. I encourage users not to use IE. -- Mike From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 11:26 AM To: NT System Admin Issues Subject: Re: AV and malware protection? Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as a joke. I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog
RE: AV and malware protection?
Exactly - the average user runs a browser with Java and Adobe plugins. This gives a much greater scope for exploitation than any subtle differences between browsers. I'd worry far less about what browser they run, and far more about their user privs and ability to keep all of their software up to date. IE's smartfilter (is that what it's called? Can't remember!) blocks a lot of bad stuff and it's a great addition to the browser. I'm glad that it exists and the malicious software removal tool, etc. since there are so many users out there who never renew that 3 month free trial of AV that came from the OEM! a -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: 11 October 2011 05:36 To: NT System Admin Issues Subject: Re: AV and malware protection? On Mon, Oct 10, 2011 at 21:01, Ben Scott mailvor...@gmail.com wrote: snip Now, I regard ActiveX as a really bad idea to begin with -- allowing a web page to push binary executables to my PC is *not* a good idea, IMO, Java, too. and I think history would support me on this one -- but if you're going to allow it, you need something a bit better than just requiring a bit of crypto thrown at it. More reasonable would be denying install to anything but Trusted Sites. If the user can't type the site name that's a fair bet they shouldn't be installing it, one way or the other. There are a number of other things, too, such as the ability to run an EXE from the web in two clicks, or allowing scripts to manipulate the browser window (Firefox does that too, I might add). Allowing anything running in a browser to write to disk or touch other running programs or other hardware is poor design, IMHO. But I'm a paranoid freak, and don't like computers, so what do I know... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
I wonder why something like Sandboxie is not included as standard issue ( I know, if it was widespread, it would be attacked too) ... and for the layperson, I liken the definition update requirement like updating a mugshot book. You cannot catch all the current criminals if your mugshot book doesn't include their 'picture' ... I see the lightbulb come on for many with that analogy. On Tue, Oct 11, 2011 at 7:32 AM, Alan Davies adav...@cls-services.comwrote: Exactly - the average user runs a browser with Java and Adobe plugins. This gives a much greater scope for exploitation than any subtle differences between browsers. I'd worry far less about what browser they run, and far more about their user privs and ability to keep all of their software up to date. IE's smartfilter (is that what it's called? Can't remember!) blocks a lot of bad stuff and it's a great addition to the browser. I'm glad that it exists and the malicious software removal tool, etc. since there are so many users out there who never renew that 3 month free trial of AV that came from the OEM! a -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: 11 October 2011 05:36 To: NT System Admin Issues Subject: Re: AV and malware protection? On Mon, Oct 10, 2011 at 21:01, Ben Scott mailvor...@gmail.com wrote: snip Now, I regard ActiveX as a really bad idea to begin with -- allowing a web page to push binary executables to my PC is *not* a good idea, IMO, Java, too. and I think history would support me on this one -- but if you're going to allow it, you need something a bit better than just requiring a bit of crypto thrown at it. More reasonable would be denying install to anything but Trusted Sites. If the user can't type the site name that's a fair bet they shouldn't be installing it, one way or the other. There are a number of other things, too, such as the ability to run an EXE from the web in two clicks, or allowing scripts to manipulate the browser window (Firefox does that too, I might add). Allowing anything running in a browser to write to disk or touch other running programs or other hardware is poor design, IMHO. But I'm a paranoid freak, and don't like computers, so what do I know... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
I use a similar criminality theme when describing updates and antivirus to the lovely home users I have to deal with. Antivirus is like a burglar alarm, but installing updates is like locking your doors and windows. AV will alert you to the intruder, but without the updates, the intruders will just come back again. On 11 October 2011 12:35, Erik Goldoff egold...@gmail.com wrote: I wonder why something like Sandboxie is not included as standard issue ( I know, if it was widespread, it would be attacked too) ... and for the layperson, I liken the definition update requirement like updating a mugshot book. You cannot catch all the current criminals if your mugshot book doesn't include their 'picture' ... I see the lightbulb come on for many with that analogy. On Tue, Oct 11, 2011 at 7:32 AM, Alan Davies adav...@cls-services.comwrote: Exactly - the average user runs a browser with Java and Adobe plugins. This gives a much greater scope for exploitation than any subtle differences between browsers. I'd worry far less about what browser they run, and far more about their user privs and ability to keep all of their software up to date. IE's smartfilter (is that what it's called? Can't remember!) blocks a lot of bad stuff and it's a great addition to the browser. I'm glad that it exists and the malicious software removal tool, etc. since there are so many users out there who never renew that 3 month free trial of AV that came from the OEM! a -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: 11 October 2011 05:36 To: NT System Admin Issues Subject: Re: AV and malware protection? On Mon, Oct 10, 2011 at 21:01, Ben Scott mailvor...@gmail.com wrote: snip Now, I regard ActiveX as a really bad idea to begin with -- allowing a web page to push binary executables to my PC is *not* a good idea, IMO, Java, too. and I think history would support me on this one -- but if you're going to allow it, you need something a bit better than just requiring a bit of crypto thrown at it. More reasonable would be denying install to anything but Trusted Sites. If the user can't type the site name that's a fair bet they shouldn't be installing it, one way or the other. There are a number of other things, too, such as the ability to run an EXE from the web in two clicks, or allowing scripts to manipulate the browser window (Firefox does that too, I might add). Allowing anything running in a browser to write to disk or touch other running programs or other hardware is poor design, IMHO. But I'm a paranoid freak, and don't like computers, so what do I know... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ** IMPORTANT INFORMATION/DISCLAIMER * This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless
RE: AV and malware protection?
I think the model is continuing towards hope that our several layers work well enough. The new corporate buzzword is productivity, and that translates to less people doing more work. In our case our routers and firewall is outsourced. Monitoring the AV/Malware stuff is based more on hope than diligence as headcount was cut. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Tuesday, October 11, 2011 4:27 AM To: NT System Admin Issues Subject: RE: AV and malware protection? Agree wholeheartedly for the majority of threats. The only exception I'd make is for APT (sorry to mention buzzwords!!). Security through obscurity can be a very valid defence against undirected attacks (and probably most directed ones too), but a little social engineering, insider knowledge, etc. and it doesn't matter so much anymore. Stuxnet was a good example. What matters are the real controls in place, your people and your processes. On your last comment Marc, I do worry how we are ever going to get to a scenario where businesses in general are well protected since only very few, through either extraordinary diligence of their own doing, or through regulatory necessity, make that time or care about that level of knowledge (aka funds!). PCI perhaps is at least a start in terms of introducing some of these concepts to otherwise unregulated verticals. a _ From: Marc Maiffret [mailto:mmaiff...@eeye.com] Sent: 11 October 2011 01:28 To: NT System Admin Issues Subject: RE: AV and malware protection? The reality is that most IT environments are all using one of the 2-4 popular AV products. One of the 5-6 popular network firewalls. This makes it so that the ease at which an attacker can setup a test lab to mimic the average business and ensure their attack will be successful is a very easy thing. In order to be successful in todays IT security environment you need to customize security to your specific environment. If you spend even a reasonable amount of time customizing your security at the OS and network level you can prevent the vast majority of attacks. This is not opinion but fact. Problem is that most people in IT have not been given the time or education by management to be able to do this successfully so alas everyone just installs a product and hopes it works. Likewise the attacker installs the product, makes sure their exploit works, and does not abide by hope. Now of course you could have the time and knowledge and not a product that allows for customization. But that is a different thing all together. -Marc Signed, Marc Maiffret Founder/CTO eEye Digital Security WEB: http://www.eEye.com BLOG: http://blog.eeye.com TWITTER: http://twitter.com/#!/marcmaiffret From: Alan Davies [mailto:adav...@cls-services.com] Sent: Monday, October 10, 2011 2:01 AM To: NT System Admin Issues Subject: RE: AV and malware protection? Huge +1 to that. Anyone who says product x is the best, is, at best, correct for a short period of time! All AV is poor - I seem to remember about 70% protection is as high as any product gets by some measurements. Why on earth would you encourage users not to use IE!? Again, FUD mostly - IE is one of, if not the most secure browser out there out of the box. Firefox not so great. Now I agree that you can add various addons to change the game, mostly at the expense of functionality, but these also require management and understanding - something that normal users will not have! Top browsers all managed well equal a fairly level playing ground. a _ From: Mike Gill [mailto:lis...@canbyfoursquare.com] Sent: 07 October 2011 19:50 To: NT System Admin Issues Subject: RE: AV and malware protection? I have seen exploits on systems with just about every (fully updated) AV product heard of. There is no product that will win every time playing this cat and mouse game. I run MSE on my personal systems. Vipre and Nod32 on client computers. I encourage users not to use IE. -- Mike From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 11:26 AM To: NT System Admin Issues Subject: Re: AV and malware protection? Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as a joke. I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments
RE: AV and malware protection?
A ... that must be like in Spooks where they search their master criminal mugshot collection via a terminal that graphically displays every mugshot they're comparing to one by one .. really quickly! That's just how computers work - it's important they look sexy and inefficient ;o) [UK reference to BBC spy series Spooks for those scratching their heads!] a From: Erik Goldoff [mailto:egold...@gmail.com] Sent: 11 October 2011 12:36 To: NT System Admin Issues Subject: Re: AV and malware protection? snip and for the layperson, I liken the definition update requirement like updating a mugshot book. You cannot catch all the current criminals if your mugshot book doesn't include their 'picture' ... I see the lightbulb come on for many with that analogy. WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
On Tue, Oct 11, 2011 at 9:57 AM, Alan Davies adav...@cls-services.com wrote: A ... that must be like in Spooks where they search their master criminal mugshot collection via a terminal that graphically displays every mugshot they're comparing to one by one .. really quickly! [UK reference to BBC spy series Spooks for those scratching their heads!] It's okay -- spy computers work that way in Hollywood, too. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
I use trendmicro titanium maximum security at home have done for years and I have had no issues , product or virus wise. It also comes with some additonal features like safesync (dropbox alternative) On Sat, Oct 8, 2011 at 2:31 AM, Eric Brouwer ithelp.e...@gmail.com wrote: If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
Huge +1 to that. Anyone who says product x is the best, is, at best, correct for a short period of time! All AV is poor - I seem to remember about 70% protection is as high as any product gets by some measurements. Why on earth would you encourage users not to use IE!? Again, FUD mostly - IE is one of, if not the most secure browser out there out of the box. Firefox not so great. Now I agree that you can add various addons to change the game, mostly at the expense of functionality, but these also require management and understanding - something that normal users will not have! Top browsers all managed well equal a fairly level playing ground. a From: Mike Gill [mailto:lis...@canbyfoursquare.com] Sent: 07 October 2011 19:50 To: NT System Admin Issues Subject: RE: AV and malware protection? I have seen exploits on systems with just about every (fully updated) AV product heard of. There is no product that will win every time playing this cat and mouse game. I run MSE on my personal systems. Vipre and Nod32 on client computers. I encourage users not to use IE. -- Mike From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 11:26 AM To: NT System Admin Issues Subject: Re: AV and malware protection? Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as a joke. I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
So one issue with a feature that everyone knew about and you sacrifice normal operation and security because of it!? Fair enough if you manage it manually in a timely manner, but a bit OTT in my book and poor advice for a normal user. I also use AVG for the record as MSE for some reason doesn't like my hardware and blue screens on XP, Vista and Win7; 32 or 64bit! a -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: 08 October 2011 05:14 To: NT System Admin Issues Subject: Re: AV and malware protection? On 7 Oct 2011 at 9:34, John Hornbuckle wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? I don't trust MSE, as it requires Automatic Updates to update itself and I don't let AU run on my systems. Microsoft has slipped to many things like Windows Genuine Advantage Notification in as part of critical Windows security updates for me to trust AU to run automatically. I use AVG (the free home license) on one home system, and a home license of VIPRE (from a client with 100 home licenses to spare) for another. On 7 Oct 2011 at 10:23, Ben Scott wrote: WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
Great to see people using the likes of AppSense, it's very powerful if done right. I'd like to see some layered defences in addition, which you may well have .. wouldn't rely on AppSense and weekly AV on its own. Web, email and direct file (eg. USB) threat vectors need appreciating individually, as does the concept of code running only in memory, rather than just files. a -Original Message- From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: 09 October 2011 19:37 To: NT System Admin Issues Subject: Re: AV and malware protection? We are just going to continue using Trend, just with realtime monitoring disabled. It will just do a scan once a week. But we could use any AV for that (personally I would not have chosen Trend). The heavy work is going to be done by AppSense Application Manager. Its greylisting technique means we get the power of a whitelist without the inflexibility. We've studied the two running together for months now and Trend is doing absolutely nothing, the AM component picks everything off first. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -Original Message- From: Harry Singh hbo...@gmail.com Date: Sun, 9 Oct 2011 14:32:16 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: AV and malware protection? What's the name of the sleeping AV component? This thread is of particular interest since I'm plannning to pilot a VDI deployment and a few engineers have mentioned the need to not have local AV protection any longer. I tend to err on the side of caution, but it's a persuading assertion; either from a cost and technical perspective. On Sunday, October 9, 2011, kz2...@googlemail.com wrote: Reactive AV is being phased out of our XenApp systems next week. We are going to maintain a sleeping AV component and do a deep scan once a week. Realtime monitoring is being turned off and we will rely entirely on the application management suite. We are not doing this blithely - currently app management stops about thirty or forty pieces of malware executing per week, and our AV catches precisely zero. In this environment, AV is just a waste of resources. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -Original Message- From: Alex Eckelberry alex.eckelbe...@gfi.com Date: Sun, 9 Oct 2011 17:55:58 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: AV and malware protection? Hmmm Take a look at the Wildlist, which is the list of currently verified viruses. There's still a lot of nasty stuff out there. http://www.wildlist.org/WildList/201108.txt We see plenty of viruses out there, and relying on a product like Malwarebytes as your only line of defense is a serious mistake, IMHO. It's an excellent product (remember we partner with them and are very close to them, so this is not a slight in the least on their technology) but you really, really need an AV product as a complement. Alex -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issue Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: It's worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible
RE: AV and malware protection?
The reality is that most IT environments are all using one of the 2-4 popular AV products. One of the 5-6 popular network firewalls. This makes it so that the ease at which an attacker can setup a test lab to mimic the average business and ensure their attack will be successful is a very easy thing. In order to be successful in today's IT security environment you need to customize security to your specific environment. If you spend even a reasonable amount of time customizing your security at the OS and network level you can prevent the vast majority of attacks. This is not opinion but fact. Problem is that most people in IT have not been given the time or education by management to be able to do this successfully so alas everyone just installs a product and hopes it works. Likewise the attacker installs the product, makes sure their exploit works, and does not abide by hope. Now of course you could have the time and knowledge and not a product that allows for customization. But that is a different thing all together. -Marc Signed, Marc Maiffret Founder/CTO eEye Digital Security WEB: http://www.eEye.com BLOG: http://blog.eeye.com TWITTER: http://twitter.com/#!/marcmaiffret From: Alan Davies [mailto:adav...@cls-services.com] Sent: Monday, October 10, 2011 2:01 AM To: NT System Admin Issues Subject: RE: AV and malware protection? Huge +1 to that. Anyone who says product x is the best, is, at best, correct for a short period of time! All AV is poor - I seem to remember about 70% protection is as high as any product gets by some measurements. Why on earth would you encourage users not to use IE!? Again, FUD mostly - IE is one of, if not the most secure browser out there out of the box. Firefox not so great. Now I agree that you can add various addons to change the game, mostly at the expense of functionality, but these also require management and understanding - something that normal users will not have! Top browsers all managed well equal a fairly level playing ground. a From: Mike Gill [mailto:lis...@canbyfoursquare.com]mailto:[mailto:lis...@canbyfoursquare.com] Sent: 07 October 2011 19:50 To: NT System Admin Issues Subject: RE: AV and malware protection? I have seen exploits on systems with just about every (fully updated) AV product heard of. There is no product that will win every time playing this cat and mouse game. I run MSE on my personal systems. Vipre and Nod32 on client computers. I encourage users not to use IE. -- Mike From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]mailto:[mailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 11:26 AM To: NT System Admin Issues Subject: Re: AV and malware protection? Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as a joke. I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
On Mon, Oct 10, 2011 at 5:01 AM, Alan Davies adav...@cls-services.com wrote: Why on earth would you encourage users not to use IE!? Again, FUD mostly - IE is one of, if not the most secure browser out there out of the box. While I haven't seen MSIE 9 yet, I know MSIE 8 still had what I would consider woefully insecure defaults with regards to it's Security tab settings, especially regarding ActiveX controls. Now, I regard ActiveX as a really bad idea to begin with -- allowing a web page to push binary executables to my PC is *not* a good idea, IMO, and I think history would support me on this one -- but if you're going to allow it, you need something a bit better than just requiring a bit of crypto thrown at it. More reasonable would be denying install to anything but Trusted Sites. If the user can't type the site name that's a fair bet they shouldn't be installing it, one way or the other. There are a number of other things, too, such as the ability to run an EXE from the web in two clicks, or allowing scripts to manipulate the browser window (Firefox does that too, I might add). Currently, a lot of it is academic, since the popular vectors today are Flash and Acrobat, but if Adobe ever gets their act together I expect we'll see renewed interest in browser security design. Firefox not so great. Speaking of FUD, care to explain that? -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
On Mon, Oct 10, 2011 at 21:01, Ben Scott mailvor...@gmail.com wrote: snip Now, I regard ActiveX as a really bad idea to begin with -- allowing a web page to push binary executables to my PC is *not* a good idea, IMO, Java, too. and I think history would support me on this one -- but if you're going to allow it, you need something a bit better than just requiring a bit of crypto thrown at it. More reasonable would be denying install to anything but Trusted Sites. If the user can't type the site name that's a fair bet they shouldn't be installing it, one way or the other. There are a number of other things, too, such as the ability to run an EXE from the web in two clicks, or allowing scripts to manipulate the browser window (Firefox does that too, I might add). Allowing anything running in a browser to write to disk or touch other running programs or other hardware is poor design, IMHO. But I'm a paranoid freak, and don't like computers, so what do I know... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
It's worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 1:20 PM To: NT System Admin Issues Subject: Re: AV and malware protection? I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.commailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: It’s worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
FWIW, in some circles its considered an AV product. I hear it coming-up more and more as a point of discussion amongst engineers. -- Espi On Sun, Oct 9, 2011 at 9:23 AM, Alex Eckelberry alex.eckelbe...@gfi.comwrote: It’s worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Friday, October 07, 2011 1:20 PM *To:* NT System Admin Issues *Subject:* Re: AV and malware protection? I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
+1 -- Espi On Sun, Oct 9, 2011 at 10:27 AM, Ben Scott mailvor...@gmail.com wrote: And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
Hmmm Take a look at the Wildlist, which is the list of currently verified viruses. There's still a lot of nasty stuff out there. http://www.wildlist.org/WildList/201108.txt We see plenty of viruses out there, and relying on a product like Malwarebytes as your only line of defense is a serious mistake, IMHO. It's an excellent product (remember we partner with them and are very close to them, so this is not a slight in the least on their technology) but you really, really need an AV product as a complement. Alex -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issue Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: It's worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
Viruses (true file infectors) like Sality, Virut, XPAJ, xpiro, murofet, Mabezat and a few other true viruses are still quite common which Malwarebytes cannot deal with. Mabezat usually hauls in a variant of zbot/zues which is after banking/CC info... Malwarebytes might see the zbot files from mabezat but never fully remove it because the virus infected files put it back. Malwarebytes may see the infected hosts file temp files associated with virut or the rootkit driver associated with sality and/or some of sality's registry corruptions but it cannot disinfect files. Something like Bamital which attacks a select few files (and infects them) Malwarebytes cannot deal with either. It may see the Trojan dll involved try to pull it. If successful and since it cannot disinfect the infected explorer, winlogon, wininit, kernel32.dll, ntdll32.dll the machine ends up in a constant BSOD loop because wininit/winlogon is missing the dll it has been coded to depend on. And -- yes I have seen cases where things on a network are locked down quite well but a vendor come in to update some specialized software or re-install from his thumb drive infect the network with virut and other nasties.. Tammy -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issues Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: Its worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
Reactive AV is being phased out of our XenApp systems next week. We are going to maintain a sleeping AV component and do a deep scan once a week. Realtime monitoring is being turned off and we will rely entirely on the application management suite. We are not doing this blithely - currently app management stops about thirty or forty pieces of malware executing per week, and our AV catches precisely zero. In this environment, AV is just a waste of resources. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -Original Message- From: Alex Eckelberry alex.eckelbe...@gfi.com Date: Sun, 9 Oct 2011 17:55:58 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: AV and malware protection? Hmmm Take a look at the Wildlist, which is the list of currently verified viruses. There's still a lot of nasty stuff out there. http://www.wildlist.org/WildList/201108.txt We see plenty of viruses out there, and relying on a product like Malwarebytes as your only line of defense is a serious mistake, IMHO. It's an excellent product (remember we partner with them and are very close to them, so this is not a slight in the least on their technology) but you really, really need an AV product as a complement. Alex -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issue Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: It's worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
What's the name of the sleeping AV component? This thread is of particular interest since I'm plannning to pilot a VDI deployment and a few engineers have mentioned the need to not have local AV protection any longer. I tend to err on the side of caution, but it's a persuading assertion; either from a cost and technical perspective. On Sunday, October 9, 2011, kz2...@googlemail.com wrote: Reactive AV is being phased out of our XenApp systems next week. We are going to maintain a sleeping AV component and do a deep scan once a week. Realtime monitoring is being turned off and we will rely entirely on the application management suite. We are not doing this blithely - currently app management stops about thirty or forty pieces of malware executing per week, and our AV catches precisely zero. In this environment, AV is just a waste of resources. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -Original Message- From: Alex Eckelberry alex.eckelbe...@gfi.com Date: Sun, 9 Oct 2011 17:55:58 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: AV and malware protection? Hmmm Take a look at the Wildlist, which is the list of currently verified viruses. There's still a lot of nasty stuff out there. http://www.wildlist.org/WildList/201108.txt We see plenty of viruses out there, and relying on a product like Malwarebytes as your only line of defense is a serious mistake, IMHO. It's an excellent product (remember we partner with them and are very close to them, so this is not a slight in the least on their technology) but you really, really need an AV product as a complement. Alex -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issue Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: It's worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
We are just going to continue using Trend, just with realtime monitoring disabled. It will just do a scan once a week. But we could use any AV for that (personally I would not have chosen Trend). The heavy work is going to be done by AppSense Application Manager. Its greylisting technique means we get the power of a whitelist without the inflexibility. We've studied the two running together for months now and Trend is doing absolutely nothing, the AM component picks everything off first. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -Original Message- From: Harry Singh hbo...@gmail.com Date: Sun, 9 Oct 2011 14:32:16 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: AV and malware protection? What's the name of the sleeping AV component? This thread is of particular interest since I'm plannning to pilot a VDI deployment and a few engineers have mentioned the need to not have local AV protection any longer. I tend to err on the side of caution, but it's a persuading assertion; either from a cost and technical perspective. On Sunday, October 9, 2011, kz2...@googlemail.com wrote: Reactive AV is being phased out of our XenApp systems next week. We are going to maintain a sleeping AV component and do a deep scan once a week. Realtime monitoring is being turned off and we will rely entirely on the application management suite. We are not doing this blithely - currently app management stops about thirty or forty pieces of malware executing per week, and our AV catches precisely zero. In this environment, AV is just a waste of resources. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -Original Message- From: Alex Eckelberry alex.eckelbe...@gfi.com Date: Sun, 9 Oct 2011 17:55:58 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: AV and malware protection? Hmmm Take a look at the Wildlist, which is the list of currently verified viruses. There's still a lot of nasty stuff out there. http://www.wildlist.org/WildList/201108.txt We see plenty of viruses out there, and relying on a product like Malwarebytes as your only line of defense is a serious mistake, IMHO. It's an excellent product (remember we partner with them and are very close to them, so this is not a slight in the least on their technology) but you really, really need an AV product as a complement. Alex -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issue Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: It's worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise
RE: AV and malware protection?
I don't know how kz20fl does that, but in the case of Vipre, for example, it would simply be turning off the on-access scanning, and strictly using the on-demand scan, which can be scheduled or run manually. I have to agree with Alex and Tammy; there's still plenty of virus vectors out there, and an employee bringing a cd or usb stick, and/or clicking an attachment that's infected can still cream your network. As other's have mentioned, a layered approach including AV, malwarebytes-type scanners, IPS/IDS, firewalls, DNS filtering, and other methodology is still the only way we can hope to catch the bad stuff. Well, I supposed you could disconnect from the internet, and disable floppies, cds, usb sticks, etc, and make the PCs read-only, but that impacts productive work a little. -Original Message- From: Harry Singh [mailto:hbo...@gmail.com] Sent: Sunday, October 09, 2011 1:32 PM To: NT System Admin Issues Subject: Re: AV and malware protection? What's the name of the sleeping AV component? This thread is of particular interest since I'm plannning to pilot a VDI deployment and a few engineers have mentioned the need to not have local AV protection any longer. I tend to err on the side of caution, but it's a persuading assertion; either from a cost and technical perspective. On Sunday, October 9, 2011, kz2...@googlemail.com wrote: Reactive AV is being phased out of our XenApp systems next week. We are going to maintain a sleeping AV component and do a deep scan once a week. Realtime monitoring is being turned off and we will rely entirely on the application management suite. We are not doing this blithely - currently app management stops about thirty or forty pieces of malware executing per week, and our AV catches precisely zero. In this environment, AV is just a waste of resources. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -Original Message- From: Alex Eckelberry alex.eckelbe...@gfi.com Date: Sun, 9 Oct 2011 17:55:58 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: AV and malware protection? Hmmm Take a look at the Wildlist, which is the list of currently verified viruses. There's still a lot of nasty stuff out there. http://www.wildlist.org/WildList/201108.txt We see plenty of viruses out there, and relying on a product like Malwarebytes as your only line of defense is a serious mistake, IMHO. It's an excellent product (remember we partner with them and are very close to them, so this is not a slight in the least on their technology) but you really, really need an AV product as a complement. Alex -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issue Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry alex.eckelbe...@gfi.com wrote: It's worth noting that MalwareBytes is not an antivirus product. It is, however, an excellent protecter/cleaner against modern Trojans and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally
RE: AV and malware protection?
I have Windows Update configured to check for updates and notify me when they're available--never to install them without my permission. But MSE's definitions are updated regularly behind the scenes. So, I think its updates are handled differently. John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Saturday, October 08, 2011 12:14 AM To: NT System Admin Issues Subject: Re: AV and malware protection? I don't trust MSE, as it requires Automatic Updates to update itself and I don't let AU run on my systems. Microsoft has slipped to many things like Windows Genuine Advantage Notification in as part of critical Windows security updates for me to trust AU to run automatically. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
I do the same on several home machines and it has worked well for me. - Original Message - From: John Hornbuckle john.hornbuc...@taylor.k12.fl.us To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Friday, October 7, 2011 9:34:08 AM Subject: RE: AV and malware protection? I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
I use Avast at home backed up with MalwareBytes, and browse the Internet using Firefox with WOT and NoScript, finally there's Secunia PSI to keep all my software up-to-date Using a limited account probably helps loads too On 7 October 2011 14:31, Eric Brouwer ithelp.e...@gmail.com wrote: If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ** IMPORTANT INFORMATION/DISCLAIMER * This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress.. * * The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. * * In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets** ** At Home yesterday. * * We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! * * The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
For my Windows 7 Pro machines at home I use VIPRE Premium behind a Netgear N600 router. I'm very satisfied with VIPRE's level of protection. Roger Wright ___ My short term goal is to make it through the day. My long term goal is to string a bunch of short term goals together. On Fri, Oct 7, 2011 at 9:31 AM, Eric Brouwer ithelp.e...@gmail.com wrote: If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
I used Avast in the past, but seems to have gotten bloated and resource-y. Now I use MS security essentials and have been fine with it. Bill Eric Brouwer wrote: If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
On Fri, Oct 7, 2011 at 9:31 AM, Eric Brouwer ithelp.e...@gmail.com wrote: If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? I run Linux at home. ;-) But I do have a Wintendo box running XP. I use the built-in firewall on the PC itself. I also have a SOHO router+WAP running DD-WRT in front of that. Primary malware scanner is Microsoft Security Essentials, mainly because it's free and effective and low-maintenance. I used to use AVG but it became a pain in the a** with unwanted features and major version obsolescence. On any platform, the regular user account I use is non-admin. I have filesystem permissions set-up to lock things down for non-admin users. The admin account I only use for software updates and system changes. On any platform, I browse the web with scripts, Flash, Java, cookies, etc., disabled by default, and selectively-enable using NoScript and Permit Cookies (Firefox extensions). I've also got the more dangerous JavaScript actions (such as menu-changing and window-decoration-hiding) disabled always. On any platform, I keep patches and updates current for all software. On any platform, I employ common sense about what web sites, software, etc., I trust, and examine things closely. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
Vipre, home network version. $50, covers all the computers in the house. Windows Firewall, behind a DD-WRT firewall. DNS is OpenDNS. On Fri, Oct 7, 2011 at 9:31 AM, Eric Brouwer ithelp.e...@gmail.com wrote: If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
Microsoft Security Essentials. On Fri, Oct 7, 2011 at 9:31 AM, Eric Brouwer ithelp.e...@gmail.com wrote: If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- -cynicalgeek- cynicalgeekatgmail.com -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
Microsoft Security Essentials, ZoneAlarm, MalwareBytes. UpdateChecker runs at startup and I check Secunia probably once a week. Shauna Hensala Date: Fri, 7 Oct 2011 09:31:28 -0400 Subject: AV and malware protection? From: ithelp.e...@gmail.com To: ntsysadmin@lyris.sunbelt-software.com If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
http://www.virusbtn.com/vb100/rap-index.xml Best free software in that chart - Avira Free. For paid, I'd go with Kaspersky Pure or Avira Pro. Based on the chart position of MSSE, I don't think I'd rely on it. At least ForeFront does better, which is odd b/c doesn't it use the same detection-engine/signatures as MSSE? Carl -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
The current version of MSE? I think it's on v2.0 now. Of course, there's no substitute for careful behavior, as others have mentioned. I'm extremely cautious, and honestly can't recall a single time that my antimalware (MSE or the stuff I used before that) software has protected from a threat over the past few years. Maybe MSE works well for me because it never has to do anything. :) John From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 1:20 PM To: NT System Admin Issues Subject: Re: AV and malware protection? I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.commailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as a joke. I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi On Fri, Oct 7, 2011 at 10:57 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: The current version of MSE? I think it’s on v2.0 now. ** ** Of course, there’s no substitute for careful behavior, as others have mentioned. I’m extremely cautious, and honestly can’t recall a single time that my antimalware (MSE or the stuff I used before that) software has protected from a threat over the past few years. ** ** Maybe MSE works well for me because it never has to do anything. :) ** ** ** ** John ** ** ** ** *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Friday, October 07, 2011 1:20 PM *To:* NT System Admin Issues *Subject:* Re: AV and malware protection? ** ** I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi ** ** ** ** On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
Do you have any examples of sites that exploit this? Are other factors at play? Browsing with admin credentials or unpatched vulnerabilities? From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 1:26 PM To: NT System Admin Issues Subject: Re: AV and malware protection? Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as a joke. I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi On Fri, Oct 7, 2011 at 10:57 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: The current version of MSE? I think it's on v2.0 now. Of course, there's no substitute for careful behavior, as others have mentioned. I'm extremely cautious, and honestly can't recall a single time that my antimalware (MSE or the stuff I used before that) software has protected from a threat over the past few years. Maybe MSE works well for me because it never has to do anything. :) John From: Micheal Espinola Jr [mailto:michealespin...@gmail.commailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 1:20 PM To: NT System Admin Issues Subject: Re: AV and malware protection? I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.commailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
That surprises me, because honestly I've heard that MSE is a pretty solid product. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 2:26 PM To: NT System Admin Issues Subject: Re: AV and malware protection? Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as a joke. I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi On Fri, Oct 7, 2011 at 10:57 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: The current version of MSE? I think it's on v2.0 now. Of course, there's no substitute for careful behavior, as others have mentioned. I'm extremely cautious, and honestly can't recall a single time that my antimalware (MSE or the stuff I used before that) software has protected from a threat over the past few years. Maybe MSE works well for me because it never has to do anything. :) John From: Micheal Espinola Jr [mailto:michealespin...@gmail.commailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 1:20 PM To: NT System Admin Issues Subject: Re: AV and malware protection? I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.commailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
No specific sites... well, actually I /can/ get the IP of one of the sites. The drive-by added bogus google and bing entries to the hosts file in an effort to have another vector on system [re]infection. Malwarebytes promptly blocks access to the Romainian IP in question. Not admin, not aware of any specific unpatched vulnerabilities - but its possible. I've seen the same set of infections on 4 systems in the past two weeks. These were all at different medical/dental clients. 1. Malwarebytes would have prevented it. 2. MSE got tooled. 3. Ultimately it took Kaspersky VRT and TDSSKiller to clean it. -- Espi On Fri, Oct 7, 2011 at 11:33 AM, Crawford, Scott crawfo...@evangel.eduwrote: Do you have any examples of sites that exploit this? Are other factors at play? Browsing with admin credentials or unpatched vulnerabilities? ** ** *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Friday, October 07, 2011 1:26 PM *To:* NT System Admin Issues *Subject:* Re: AV and malware protection? ** ** Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as a joke. I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi ** ** ** ** On Fri, Oct 7, 2011 at 10:57 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: The current version of MSE? I think it’s on v2.0 now. Of course, there’s no substitute for careful behavior, as others have mentioned. I’m extremely cautious, and honestly can’t recall a single time that my antimalware (MSE or the stuff I used before that) software has protected from a threat over the past few years. Maybe MSE works well for me because it never has to do anything. :) John *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Friday, October 07, 2011 1:20 PM *To:* NT System Admin Issues *Subject:* Re: AV and malware protection? I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi ** ** On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com
RE: AV and malware protection?
I have seen exploits on systems with just about every (fully updated) AV product heard of. There is no product that will win every time playing this cat and mouse game. I run MSE on my personal systems. Vipre and Nod32 on client computers. I encourage users not to use IE. -- Mike From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 11:26 AM To: NT System Admin Issues Subject: Re: AV and malware protection? Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as a joke. I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi On Fri, Oct 7, 2011 at 10:57 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: The current version of MSE? I think its on v2.0 now. Of course, theres no substitute for careful behavior, as others have mentioned. Im extremely cautious, and honestly cant recall a single time that my antimalware (MSE or the stuff I used before that) software has protected from a threat over the past few years. Maybe MSE works well for me because it never has to do anything. :) John From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 1:20 PM To: NT System Admin Issues Subject: Re: AV and malware protection? I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV and malware protection?
I'd be interested in checking it out if you've got the ip handy. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 1:49 PM To: NT System Admin Issues Subject: Re: AV and malware protection? No specific sites... well, actually I /can/ get the IP of one of the sites. The drive-by added bogus google and bing entries to the hosts file in an effort to have another vector on system [re]infection. Malwarebytes promptly blocks access to the Romainian IP in question. Not admin, not aware of any specific unpatched vulnerabilities - but its possible. I've seen the same set of infections on 4 systems in the past two weeks. These were all at different medical/dental clients. 1. Malwarebytes would have prevented it. 2. MSE got tooled. 3. Ultimately it took Kaspersky VRT and TDSSKiller to clean it. -- Espi On Fri, Oct 7, 2011 at 11:33 AM, Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu wrote: Do you have any examples of sites that exploit this? Are other factors at play? Browsing with admin credentials or unpatched vulnerabilities? From: Micheal Espinola Jr [mailto:michealespin...@gmail.commailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 1:26 PM To: NT System Admin Issues Subject: Re: AV and malware protection? Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as a joke. I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi On Fri, Oct 7, 2011 at 10:57 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: The current version of MSE? I think it's on v2.0 now. Of course, there's no substitute for careful behavior, as others have mentioned. I'm extremely cautious, and honestly can't recall a single time that my antimalware (MSE or the stuff I used before that) software has protected from a threat over the past few years. Maybe MSE works well for me because it never has to do anything. :) John From: Micheal Espinola Jr [mailto:michealespin...@gmail.commailto:michealespin...@gmail.com] Sent: Friday, October 07, 2011 1:20 PM To: NT System Admin Issues Subject: Re: AV and malware protection? I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.commailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog
RE: AV and malware protection?
What I use... Nod32 Juniper Netscreen 5 Malwarebytes -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 6:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
I agree completely. However, Malwarebytes (running in real-time) IP bocking mechanisms would likely have prevented the additional installation of virus payload beyond the drive-by exploit. -- Espi On Fri, Oct 7, 2011 at 11:50 AM, Mike Gill lis...@canbyfoursquare.comwrote: I have seen exploits on systems with just about every (fully updated) AV product heard of. There is no product that will win every time playing this cat and mouse game. I run MSE on my personal systems. Vipre and Nod32 on client computers. I encourage users not to use IE. ** ** -- Mike ** ** *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Friday, October 07, 2011 11:26 AM *To:* NT System Admin Issues *Subject:* Re: AV and malware protection? ** ** Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as a joke. I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi ** ** ** ** On Fri, Oct 7, 2011 at 10:57 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: The current version of MSE? I think it’s on v2.0 now. Of course, there’s no substitute for careful behavior, as others have mentioned. I’m extremely cautious, and honestly can’t recall a single time that my antimalware (MSE or the stuff I used before that) software has protected from a threat over the past few years. Maybe MSE works well for me because it never has to do anything. :) John *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Friday, October 07, 2011 1:20 PM *To:* NT System Admin Issues *Subject:* Re: AV and malware protection? I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi ** ** On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T
RE: AV and malware protection?
Using a limited account probably helps loads too This also. I run a user account (no admin rights). Same thing for the office. Nobody uses admin accounts. All user accounts. If we have to do admin stuff, then we will run as or log on as an administrator. Eliminates 95% of our problems! From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, October 07, 2011 6:35 AM To: NT System Admin Issues Subject: Re: AV and malware protection? I use Avast at home backed up with MalwareBytes, and browse the Internet using Firefox with WOT and NoScript, finally there's Secunia PSI to keep all my software up-to-date Using a limited account probably helps loads too On 7 October 2011 14:31, Eric Brouwer ithelp.e...@gmail.com wrote: If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. * IMPORTANT INFORMATION/DISCLAIMER * This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress.. The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets At Home yesterday. We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
95.64.61.141-142 -- Espi On Fri, Oct 7, 2011 at 11:53 AM, Crawford, Scott crawfo...@evangel.eduwrote: I’d be interested in checking it out if you’ve got the ip handy. ** ** *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Friday, October 07, 2011 1:49 PM *To:* NT System Admin Issues *Subject:* Re: AV and malware protection? ** ** No specific sites... well, actually I /can/ get the IP of one of the sites. The drive-by added bogus google and bing entries to the hosts file in an effort to have another vector on system [re]infection. Malwarebytes promptly blocks access to the Romainian IP in question. Not admin, not aware of any specific unpatched vulnerabilities - but its possible. I've seen the same set of infections on 4 systems in the past two weeks. These were all at different medical/dental clients. 1. Malwarebytes would have prevented it. 2. MSE got tooled. 3. Ultimately it took Kaspersky VRT and TDSSKiller to clean it. -- Espi ** ** ** ** On Fri, Oct 7, 2011 at 11:33 AM, Crawford, Scott crawfo...@evangel.edu wrote: Do you have any examples of sites that exploit this? Are other factors at play? Browsing with admin credentials or unpatched vulnerabilities? *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Friday, October 07, 2011 1:26 PM *To:* NT System Admin Issues *Subject:* Re: AV and malware protection? Yep, the current version. From what I have seen done to it by web-based exploit infections, I would classify the product as a joke. I thought it was decent before, but I currently have no faith in it. This being part of the scenario of users, using IE, getting hit with drive-by's, those drive-by's pulling down more crap, and ultimately owning the system with rootkits. IMO, MSE has been worthless in these situations. -- Espi ** ** On Fri, Oct 7, 2011 at 10:57 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: The current version of MSE? I think it’s on v2.0 now. Of course, there’s no substitute for careful behavior, as others have mentioned. I’m extremely cautious, and honestly can’t recall a single time that my antimalware (MSE or the stuff I used before that) software has protected from a threat over the past few years. Maybe MSE works well for me because it never has to do anything. :) John *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Friday, October 07, 2011 1:20 PM *To:* NT System Admin Issues *Subject:* Re: AV and malware protection? I would trust Malwarebytes over a traditional a product. I wouldnt trust MSE what-so-ever. I've seen web-based drive by exploits absolutely destroy it. If I was going to couple with an AV product, I'd use Kaspersky primarily, with ESET as a secondary choice. -- Espi On Fri, Oct 7, 2011 at 6:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
RE: AV and malware protection?
Doesn't your Vipre come with firewall? Originally, I used Kerio's f/w because it was good and free and Avast for a\v. Then, Sunbelt bought it, renamed it Vipre but I still kept it as it worked and the cost was low. Earlier, this year, though GFI (or Sunbelt, can't remember when they took over), said the Vipre f/w standalone was not going to be supported at the end of 2011 but offered me a free upgrade. So, I got rid of Avast, upgraded and found out I didn't have to renew until Oct. 2012. Date: Fri, 7 Oct 2011 10:27:40 -0400 Subject: Re: AV and malware protection? From: jonathan.l...@gmail.com To: ntsysadmin@lyris.sunbelt-software.com Vipre, home network version. $50, covers all the computers in the house. Windows Firewall, behind a DD-WRT firewall. DNS is OpenDNS. On Fri, Oct 7, 2011 at 9:31 AM, Eric Brouwer ithelp.e...@gmail.com wrote: If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
The router is my firewall. For all my 'family support' I mandate Windows 7 and MS Security Essentials. I have had no virus issues in 2 years on any of the 'family systems'. On Fri, Oct 7, 2011 at 6:31 AM, Eric Brouwer ithelp.e...@gmail.com wrote: If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
+1 I moved from AVAST a couple of years ago when my wife got hit twice with viruses within 30 days while running AVAST. So far so good. Jon On Fri, Oct 7, 2011 at 9:34 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us -Original Message- From: Eric Brouwer [mailto:ithelp.e...@gmail.com] Sent: Friday, October 07, 2011 9:31 AM To: NT System Admin Issues Subject: AV and malware protection? If you had to secure your own personal computer at home (Windows 7), what AV, firewall, malware protection would you install? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
On 7 Oct 2011 at 11:49, Micheal Espinola Jr wrote: No specific sites... well, actually I /can/ get the IP of one of the sites. The drive-by added bogus google and bing entries to the hosts file in an effort to have another vector on system [re]infection. Malwarebytes promptly blocks access to the Romainian IP in question. Not admin, not aware of any specific unpatched vulnerabilities - but its possible. I've seen the same set of infections on 4 systems in the past two weeks. These were all at different medical/dental clients. Were their 3rd-party Internet-facing programs up to date? I'm thinking mostly of Adobe Reader, Adobe Flash, and Java. In my experience users don't update these and sysadmins for small clients often don't either. 99.8% of Commercial Exploits caused by a few unpatched apps According to an article by Danish security company CSIS, most Windows infections by commercial malware are the result of failure to patch a few vulnerable apps: Java JRE (37%), Adobe Reader (and Acrobat) (32%), Adobe Flash (16%), Internet Explorer (10%), Windows Help (3%), and Apple Quicktime (2%). MSIE and Windows Help are patched automatically by Windows Update (which home users should have enabled and which business sysadmins should be managing), but the other four applications all need to be updated separately. http://www.dslreports.com/forum/r26386723-99.8-of-Commercial-Exploits-caused-by-a-few-unpatched-apps -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV and malware protection?
On 7 Oct 2011 at 9:34, John Hornbuckle wrote: I just use Microsoft Security Essentials. Seems to work well enough for me. Or am I naïve? I don't trust MSE, as it requires Automatic Updates to update itself and I don't let AU run on my systems. Microsoft has slipped to many things like Windows Genuine Advantage Notification in as part of critical Windows security updates for me to trust AU to run automatically. I use AVG (the free home license) on one home system, and a home license of VIPRE (from a client with 100 home licenses to spare) for another. On 7 Oct 2011 at 10:23, Ben Scott wrote: On any platform, the regular user account I use is non-admin. I have filesystem permissions set-up to lock things down for non-admin users. The admin account I only use for software updates and system changes. Absolutely! This is the perfect way to run. When I run like this, I can always use MakeMeAdmin.cmd [1] to run things that need admin rights to do their work (e.g CCleaner, Spybot Search and Destroy, and WinPatrol). In addition, on those XP systems where I have to run with Admin rights for various reason I use DropMyRights [2] to run my email client, Firefox, and my explorer-replacement (Total Commander [3]) so I really have to work to run things with admin rights. A [1] MakeMeAdmin http://blogs.msdn.com/b/aaron_margosis/archive/2005/03/11/394244.aspx [2] Non Admin - Drop My Rights http://nonadmin.editme.com/DropMyRights [3] Total Commander http://www.ghisler.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin