Re: RE: Life just keeps getting better....

[Kurt Buff]

Heh.

I have occasion to look at his site every once in a while - just to
remind me how old some of his advice is, if for no other reason.

Kurt

On Tue, May 11, 2010 at 13:02, Andrew S. Baker  wrote:
> Bookmarked.
> Thanks!!   I had seen this before, but not in quite a while.
> -ASB: http://XeeSM.com/AndrewBaker
>
> On Tue, May 11, 2010 at 3:23 PM, Kurt Buff  wrote:
>>
>> +1
>>
>> Here's one of my favorite rants from one of my favorite computer
>> security writers (in 1995!):
>>
>> The Six Dumbest Ideas in Computer Security
>> http://www.ranum.com/security/computer_security/editorials/dumb/
>>
>> See #2
>>
>> Kurt
>>
>> On Tue, May 11, 2010 at 10:27, Andrew S. Baker  wrote:
>> > Alex, the emphasis is currently on identifying known bad.  Yes?
>> >
>> > No matter what the specifics of that approach, it is more fraught with
>> > peril
>> > than tracking known good for any given environment.
>> >
>> > Zero-day (new code) is meaningless  in such a context.
>> >
>> > -ASB: http://XeeSM.com/AndrewBaker
>> >
>> > Sent from my Motorola Droid
>> >
>> > On May 11, 2010 1:19 PM, "Alex Eckelberry" 
>> > wrote:
>> >
>> >>But Mr. Zoits is right, AV is pointless. It is a signature race and
>> >>you wll lose that race sooner ...
>> >
>> > I respectfully disagree.  What antivirus companies still rely on
>> > signatures?
>> >
>> > I see detection rates daily, and while an AV engine is not nearly the
>> > thing
>> > it was in the past, it is still a very, very important part of the
>> > security
>> > strategy.  Just wait until your next Conficker infection...
>> >
>> >
>> > Alex
>> >
>> >
>> > -Original Message-
>> > From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
>> >
>> > Sent: Tuesday, May 11, 2010 10:57 AM
>> > To: NT System Admin Issues
>> >
>> > Subject: RE: Life just keeps getting better
>> >
>> >
>> > Just to amplify 6.0 is also discontinued. This las...
>> >
>> > Sent: Tuesday, May 11, 2010 10:50 AM
>> > To: NT System Admin Issues
>> >
>> > Subject: RE: Life just keeps getting better
>> >
>> >
>> > Too bad Cisco royally screwed up CSA 6.0 and is di...
>> >
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: RE: Life just keeps getting better....

[Andrew S. Baker]

Bookmarked.

Thanks!!   I had seen this before, but not in quite a while.

-ASB: http://XeeSM.com/AndrewBaker


On Tue, May 11, 2010 at 3:23 PM, Kurt Buff  wrote:

> +1
>
> Here's one of my favorite rants from one of my favorite computer
> security writers (in 1995!):
>
> The Six Dumbest Ideas in Computer Security
> http://www.ranum.com/security/computer_security/editorials/dumb/
>
> See #2
>
> Kurt
>
> On Tue, May 11, 2010 at 10:27, Andrew S. Baker  wrote:
> > Alex, the emphasis is currently on identifying known bad.  Yes?
> >
> > No matter what the specifics of that approach, it is more fraught with
> peril
> > than tracking known good for any given environment.
> >
> > Zero-day (new code) is meaningless  in such a context.
> >
> > -ASB: http://XeeSM.com/AndrewBaker
> >
> > Sent from my Motorola Droid
> >
> > On May 11, 2010 1:19 PM, "Alex Eckelberry" 
> > wrote:
> >
> >>But Mr. Zoits is right, AV is pointless. It is a signature race and
> >>you wll lose that race sooner ...
> >
> > I respectfully disagree.  What antivirus companies still rely on
> signatures?
> >
> > I see detection rates daily, and while an AV engine is not nearly the
> thing
> > it was in the past, it is still a very, very important part of the
> security
> > strategy.  Just wait until your next Conficker infection...
> >
> >
> > Alex
> >
> >
> > -Original Message-
> > From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
> >
> > Sent: Tuesday, May 11, 2010 10:57 AM
> > To: NT System Admin Issues
> >
> > Subject: RE: Life just keeps getting better
> >
> >
> > Just to amplify 6.0 is also discontinued. This las...
> >
> > Sent: Tuesday, May 11, 2010 10:50 AM
> > To: NT System Admin Issues
> >
> > Subject: RE: Life just keeps getting better
> >
> >
> > Too bad Cisco royally screwed up CSA 6.0 and is di...
> >
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: RE: Life just keeps getting better....

[Kurt Buff]

+1

Here's one of my favorite rants from one of my favorite computer
security writers (in 1995!):

The Six Dumbest Ideas in Computer Security
http://www.ranum.com/security/computer_security/editorials/dumb/

See #2

Kurt

On Tue, May 11, 2010 at 10:27, Andrew S. Baker  wrote:
> Alex, the emphasis is currently on identifying known bad.  Yes?
>
> No matter what the specifics of that approach, it is more fraught with peril
> than tracking known good for any given environment.
>
> Zero-day (new code) is meaningless  in such a context.
>
> -ASB: http://XeeSM.com/AndrewBaker
>
> Sent from my Motorola Droid
>
> On May 11, 2010 1:19 PM, "Alex Eckelberry" 
> wrote:
>
>>But Mr. Zoits is right, AV is pointless. It is a signature race and
>>you wll lose that race sooner ...
>
> I respectfully disagree.  What antivirus companies still rely on signatures?
>
> I see detection rates daily, and while an AV engine is not nearly the thing
> it was in the past, it is still a very, very important part of the security
> strategy.  Just wait until your next Conficker infection...
>
>
> Alex
>
>
> -Original Message-
> From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
>
> Sent: Tuesday, May 11, 2010 10:57 AM
> To: NT System Admin Issues
>
> Subject: RE: Life just keeps getting better
>
>
> Just to amplify 6.0 is also discontinued. This las...
>
> Sent: Tuesday, May 11, 2010 10:50 AM
> To: NT System Admin Issues
>
> Subject: RE: Life just keeps getting better
>
>
> Too bad Cisco royally screwed up CSA 6.0 and is di...
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: RE: Life just keeps getting better....

[Andrew S. Baker]

Alex, the emphasis is currently on identifying known bad.  Yes?

No matter what the specifics of that approach, it is more fraught with peril
than tracking known good for any given environment.

Zero-day (new code) is meaningless  in such a context.

-ASB: http://XeeSM.com/AndrewBaker

Sent from my Motorola Droid

On May 11, 2010 1:19 PM, "Alex Eckelberry" 
wrote:

>But Mr. Zoits is right, AV is pointless. It is a signature race and
>you wll lose that race sooner ...
I respectfully disagree.  What antivirus companies still rely on signatures?

I see detection rates daily, and while an AV engine is not nearly the thing
it was in the past, it is still a very, very important part of the security
strategy.  Just wait until your next Conficker infection...


Alex



-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]

Sent: Tuesday, May 11, 2010 10:57 AM
To: NT System Admin Issues

Subject: RE: Life just keeps getting better


Just to amplify 6.0 is also discontinued. This las...

Sent: Tuesday, May 11, 2010 10:50 AM
To: NT System Admin Issues

Subject: RE: Life just keeps getting better


Too bad Cisco royally screwed up CSA 6.0 and is di...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: RE: Life just keeps getting better....

[Ziots, Edward]

Nice article on your blog Andrew, reading it now, sent you a slide-deck
offline for review...

 

Z

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Tuesday, May 11, 2010 10:10 AM
To: NT System Admin Issues
Subject: Re: RE: Life just keeps getting better

 

Just as IPS products are maturing to the point that signatures are only
a small part of the arsenal, so AV will have to mature.  The players
that de-emphasize signatures for blacklisting purposes will flourish. 

See: http://bit.ly/bv8dpO

-ASB: http://XeeSM.com/AndrewBaker

Sent from my Motorola Droid

On May 11, 2010 9:15 AM, "Ziots, Edward" 
wrote:

You can also read the blurb on San's ISC page also, some vendors
say its
important, and of course Mcafee discredits it, not that suprises
me. But
it is an attack vector to consider. Controling the execution of
code on
your system is the difference between keeping your systems clean
and
getting 0wned. Whether you look at
HIPS/Whitelisting/Blacklisting,
otherwise, you are going to have to have more on your systems
than just
AV to combat todays threat landscape.

Sincerely,
EZ

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Tuesday, May 11, 20...

Subject: Re: Life just keeps getting better

On Mon, May 10, 2010 at 12:40 AM, Kurt Buff http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: RE: Life just keeps getting better....

[Andrew S. Baker]

Just as IPS products are maturing to the point that signatures are only a
small part of the arsenal, so AV will have to mature.  The players that
de-emphasize signatures for blacklisting purposes will flourish.

See: http://bit.ly/bv8dpO

-ASB: http://XeeSM.com/AndrewBaker

Sent from my Motorola Droid

On May 11, 2010 9:15 AM, "Ziots, Edward"  wrote:

You can also read the blurb on San's ISC page also, some vendors say its
important, and of course Mcafee discredits it, not that suprises me. But
it is an attack vector to consider. Controling the execution of code on
your system is the difference between keeping your systems clean and
getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting,
otherwise, you are going to have to have more on your systems than just
AV to combat todays threat landscape.

Sincerely,
EZ

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Tuesday, May 11, 20...

Subject: Re: Life just keeps getting better

On Mon, May 10, 2010 at 12:40 AM, Kurt Buff http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~