subject:"Re\: The Security Earthquake That Nobody Felt"

Re: The Security Earthquake That Nobody Felt

2012-02-02 Thread Kurt Buff

Don't remember, sorry.

On Wed, Feb 1, 2012 at 20:56, Erik Goldoff  wrote:
> do you remember what version of ePO ?  The 3.6 and earlier IIRC were MMC
> based, and 4.0 and later (VirusScan 8.5 and newer) were java based.
> Somewhat different animals.
>
>
> On Wed, Feb 1, 2012 at 11:48 PM, Kurt Buff  wrote:
>>
>> We found that it didn't actually push the clients out as we wanted -
>> it was quite erratic, and would fail more often than we could tolerate
>> - and was *very* slow to update client definitions.
>>
>> The interface was not intuitive, either.
>>
>> It's been about 3 years since I worked with it, so it might have
>> gotten better, but I still won't recommend it.
>>
>> Kurt
>>
>> On Wed, Feb 1, 2012 at 18:13, Mathew Shember
>>  wrote:
>> > Really?
>> >
>> > We found ePO rather easy.   What problems did you have with it?
>> >
>> > Vipre wasn't available back then so they went with SEP   ;)
>> >
>> >
>> >
>> >
>> > -Original Message-
>> > From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> > Sent: Wednesday, February 01, 2012 5:24 PM
>> > To: NT System Admin Issues
>> > Subject: Re: The Security Earthquake That Nobody Felt
>> >
>> > We had ePO - it was one of the driving reasons for us to abandon it.
>> > The other reason was the unreasonable amount of resources the client
>> > sucked out of the workstations. Yet another reason was the price - we got
>> > VIPRE Enterprise for the renewal price of McAfee, and the renewal price on
>> > VIPRE was hard to beat.
>> >
>> > Hard to say which reason topped the others - kind of a 3-way tie...
>> >
>> > Kurt
>> >
>> > On Wed, Feb 1, 2012 at 10:56, Mathew Shember
>> >  wrote:
>> >> I guess the snark wasn't obvious.
>> >>
>> >> The AV is tolerable as long as you have ePO going.   However, my
>> >> "enlightenment" happened when there was a fast moving version of sdbot 
>> >> which
>> >> snuck by and I had to user higher tiered support.   They identified it 
>> >> with
>> >> Kaspersky.
>> >>
>> >> We were going to use ironmail (another company) but decided against it
>> >> after hearing the announcement.
>> >>
>> >>
>> >> -Original Message-
>> >> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> >> Sent: Monday, January 30, 2012 4:28 PM
>> >> To: NT System Admin Issues
>> >> Subject: Re: The Security Earthquake That Nobody Felt
>> >>
>> >> Well, yes, actually, and they are part of Intel, and have been
>> >> acquiring companies for themselves - for instance, Secure Computing a few
>> >> years ago, for their Sidewinder firewalls (which are now McAfee Secure
>> >> Enterprise Firewalls), among others.
>> >>
>> >> I still don't like their AV product, but they haven't yet ruined the
>> >> firewall...
>> >>
>> >> Kurt
>> >>
>> >> On Mon, Jan 30, 2012 at 15:57, Mathew Shember
>> >>  wrote:
>> >>> Mcafee is sti in business?
>> >>>
>> >>> - Original Message -
>> >>> From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
>> >>> Sent: Monday, January 30, 2012 02:46 PM
>> >>> To: NT System Admin Issues 
>> >>> Subject: The Security Earthquake That Nobody Felt
>> >>>
>> >>>      * The Security Earthquake That Nobody Felt
>> >>>
>> >>> Wow, this is actually major security news. I found this on the blog
>> >>> from Coretrace, and they said: "This week, McAfee, one of the two
>> >>> dominant forces in reactive, blacklist-based endpoint security,
>> >>> actively and unequivocally endorsed Application Whitelisting.
>> >>> Ironically, in hard coverage of Symantec's recent problems with
>> >>> pcAnywhere, the industry is actively recommending application
>> >>> whitelisting too." Here is the link:
>> >>> http://www.coretraceblogs.com/2012-01/security-earthquake-that-nobody
>> >>> - felt-mcafee-endorses-application-whitelisting/
>> >>>
>> >>> So, what is the big news? It turns security on its head. Instead of
>> >>> keeping bad code out, with application whitelist

RE: The Security Earthquake That Nobody Felt

2012-02-01 Thread Mathew Shember

Sounds like an older version as I remember the push problem.   I think we 
"solved" it with multiple pushes or was it hand installs?   Most of the 
machines were local.   We didn't see the update problems..

It did get  better.

I wouldn't recommend mcafee more for the AV being at best middle of the 
pack...


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, February 01, 2012 8:48 PM
To: NT System Admin Issues
Subject: Re: The Security Earthquake That Nobody Felt

We found that it didn't actually push the clients out as we wanted - it was 
quite erratic, and would fail more often than we could tolerate
- and was *very* slow to update client definitions.

The interface was not intuitive, either.

It's been about 3 years since I worked with it, so it might have gotten better, 
but I still won't recommend it.

Kurt

On Wed, Feb 1, 2012 at 18:13, Mathew Shember  
wrote:
> Really?
>
> We found ePO rather easy.   What problems did you have with it?
>
> Vipre wasn't available back then so they went with SEP   ;)
>
>
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, February 01, 2012 5:24 PM
> To: NT System Admin Issues
> Subject: Re: The Security Earthquake That Nobody Felt
>
> We had ePO - it was one of the driving reasons for us to abandon it.
> The other reason was the unreasonable amount of resources the client sucked 
> out of the workstations. Yet another reason was the price - we got VIPRE 
> Enterprise for the renewal price of McAfee, and the renewal price on VIPRE 
> was hard to beat.
>
> Hard to say which reason topped the others - kind of a 3-way tie...
>
> Kurt
>
> On Wed, Feb 1, 2012 at 10:56, Mathew Shember  
> wrote:
>> I guess the snark wasn't obvious.
>>
>> The AV is tolerable as long as you have ePO going.   However, my 
>> "enlightenment" happened when there was a fast moving version of sdbot which 
>> snuck by and I had to user higher tiered support.   They identified it with 
>> Kaspersky.
>>
>> We were going to use ironmail (another company) but decided against it after 
>> hearing the announcement.
>>
>>
>> -Original Message-
>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> Sent: Monday, January 30, 2012 4:28 PM
>> To: NT System Admin Issues
>> Subject: Re: The Security Earthquake That Nobody Felt
>>
>> Well, yes, actually, and they are part of Intel, and have been acquiring 
>> companies for themselves - for instance, Secure Computing a few years ago, 
>> for their Sidewinder firewalls (which are now McAfee Secure Enterprise 
>> Firewalls), among others.
>>
>> I still don't like their AV product, but they haven't yet ruined the 
>> firewall...
>>
>> Kurt
>>
>> On Mon, Jan 30, 2012 at 15:57, Mathew Shember  
>> wrote:
>>> Mcafee is sti in business?
>>>
>>> - Original Message -
>>> From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
>>> Sent: Monday, January 30, 2012 02:46 PM
>>> To: NT System Admin Issues 
>>> Subject: The Security Earthquake That Nobody Felt
>>>
>>>      * The Security Earthquake That Nobody Felt
>>>
>>> Wow, this is actually major security news. I found this on the blog 
>>> from Coretrace, and they said: "This week, McAfee, one of the two 
>>> dominant forces in reactive, blacklist-based endpoint security, 
>>> actively and unequivocally endorsed Application Whitelisting.
>>> Ironically, in hard coverage of Symantec's recent problems with 
>>> pcAnywhere, the industry is actively recommending application whitelisting 
>>> too." Here is the link:
>>> http://www.coretraceblogs.com/2012-01/security-earthquake-that-nobod
>>> y
>>> - felt-mcafee-endorses-application-whitelisting/
>>>
>>> So, what is the big news? It turns security on its head. Instead of 
>>> keeping bad code out, with application whitelisting (also known as 
>>> Application Control) you only allow known-good code to run. That's 
>>> really a 180, and very, very interesting from a system admin perspective.
>>>
>>> I have done some research in this area and have written a whitepaper 
>>> about whitelisting, and why as a system admin you should look into 
>>> this for the near future. This is a new security layer for your 
>>> 'defense-in-depth'. You will hear more from me about whitelisting this year:
>>> http://www.knowbe4.com/resources/the-endpoint-security-advan

Re: The Security Earthquake That Nobody Felt

2012-02-01 Thread Erik Goldoff

do you remember what version of ePO ?  The 3.6 and earlier IIRC were MMC
based, and 4.0 and later (VirusScan 8.5 and newer) were java based.
Somewhat different animals.

On Wed, Feb 1, 2012 at 11:48 PM, Kurt Buff  wrote:

> We found that it didn't actually push the clients out as we wanted -
> it was quite erratic, and would fail more often than we could tolerate
> - and was *very* slow to update client definitions.
>
> The interface was not intuitive, either.
>
> It's been about 3 years since I worked with it, so it might have
> gotten better, but I still won't recommend it.
>
> Kurt
>
> On Wed, Feb 1, 2012 at 18:13, Mathew Shember
>  wrote:
> > Really?
> >
> > We found ePO rather easy.   What problems did you have with it?
> >
> > Vipre wasn't available back then so they went with SEP   ;)
> >
> >
> >
> >
> > -Original Message-
> > From: Kurt Buff [mailto:kurt.b...@gmail.com]
> > Sent: Wednesday, February 01, 2012 5:24 PM
> > To: NT System Admin Issues
> > Subject: Re: The Security Earthquake That Nobody Felt
> >
> > We had ePO - it was one of the driving reasons for us to abandon it.
> > The other reason was the unreasonable amount of resources the client
> sucked out of the workstations. Yet another reason was the price - we got
> VIPRE Enterprise for the renewal price of McAfee, and the renewal price on
> VIPRE was hard to beat.
> >
> > Hard to say which reason topped the others - kind of a 3-way tie...
> >
> > Kurt
> >
> > On Wed, Feb 1, 2012 at 10:56, Mathew Shember <
> mathew.shem...@synopsys.com> wrote:
> >> I guess the snark wasn't obvious.
> >>
> >> The AV is tolerable as long as you have ePO going.   However, my
> "enlightenment" happened when there was a fast moving version of sdbot
> which snuck by and I had to user higher tiered support.   They identified
> it with Kaspersky.
> >>
> >> We were going to use ironmail (another company) but decided against it
> after hearing the announcement.
> >>
> >>
> >> -Original Message-
> >> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> >> Sent: Monday, January 30, 2012 4:28 PM
> >> To: NT System Admin Issues
> >> Subject: Re: The Security Earthquake That Nobody Felt
> >>
> >> Well, yes, actually, and they are part of Intel, and have been
> acquiring companies for themselves - for instance, Secure Computing a few
> years ago, for their Sidewinder firewalls (which are now McAfee Secure
> Enterprise Firewalls), among others.
> >>
> >> I still don't like their AV product, but they haven't yet ruined the
> firewall...
> >>
> >> Kurt
> >>
> >> On Mon, Jan 30, 2012 at 15:57, Mathew Shember <
> mathew.shem...@synopsys.com> wrote:
> >>> Mcafee is sti in business?
> >>>
> >>> - Original Message -
> >>> From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
> >>> Sent: Monday, January 30, 2012 02:46 PM
> >>> To: NT System Admin Issues 
> >>> Subject: The Security Earthquake That Nobody Felt
> >>>
> >>>  * The Security Earthquake That Nobody Felt
> >>>
> >>> Wow, this is actually major security news. I found this on the blog
> >>> from Coretrace, and they said: "This week, McAfee, one of the two
> >>> dominant forces in reactive, blacklist-based endpoint security,
> >>> actively and unequivocally endorsed Application Whitelisting.
> >>> Ironically, in hard coverage of Symantec's recent problems with
> >>> pcAnywhere, the industry is actively recommending application
> whitelisting too." Here is the link:
> >>> http://www.coretraceblogs.com/2012-01/security-earthquake-that-nobody
> >>> - felt-mcafee-endorses-application-whitelisting/
> >>>
> >>> So, what is the big news? It turns security on its head. Instead of
> >>> keeping bad code out, with application whitelisting (also known as
> >>> Application Control) you only allow known-good code to run. That's
> >>> really a 180, and very, very interesting from a system admin
> perspective.
> >>>
> >>> I have done some research in this area and have written a whitepaper
> >>> about whitelisting, and why as a system admin you should look into
> >>> this for the near future. This is a new security layer for your
> >>> 'defense-in-depth'. You will hear more from me abo

Re: The Security Earthquake That Nobody Felt

2012-02-01 Thread Kurt Buff

We found that it didn't actually push the clients out as we wanted -
it was quite erratic, and would fail more often than we could tolerate
- and was *very* slow to update client definitions.

The interface was not intuitive, either.

It's been about 3 years since I worked with it, so it might have
gotten better, but I still won't recommend it.

Kurt

On Wed, Feb 1, 2012 at 18:13, Mathew Shember
 wrote:
> Really?
>
> We found ePO rather easy.   What problems did you have with it?
>
> Vipre wasn't available back then so they went with SEP   ;)
>
>
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, February 01, 2012 5:24 PM
> To: NT System Admin Issues
> Subject: Re: The Security Earthquake That Nobody Felt
>
> We had ePO - it was one of the driving reasons for us to abandon it.
> The other reason was the unreasonable amount of resources the client sucked 
> out of the workstations. Yet another reason was the price - we got VIPRE 
> Enterprise for the renewal price of McAfee, and the renewal price on VIPRE 
> was hard to beat.
>
> Hard to say which reason topped the others - kind of a 3-way tie...
>
> Kurt
>
> On Wed, Feb 1, 2012 at 10:56, Mathew Shember  
> wrote:
>> I guess the snark wasn't obvious.
>>
>> The AV is tolerable as long as you have ePO going.   However, my 
>> "enlightenment" happened when there was a fast moving version of sdbot which 
>> snuck by and I had to user higher tiered support.   They identified it with 
>> Kaspersky.
>>
>> We were going to use ironmail (another company) but decided against it after 
>> hearing the announcement.
>>
>>
>> -----Original Message-
>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> Sent: Monday, January 30, 2012 4:28 PM
>> To: NT System Admin Issues
>> Subject: Re: The Security Earthquake That Nobody Felt
>>
>> Well, yes, actually, and they are part of Intel, and have been acquiring 
>> companies for themselves - for instance, Secure Computing a few years ago, 
>> for their Sidewinder firewalls (which are now McAfee Secure Enterprise 
>> Firewalls), among others.
>>
>> I still don't like their AV product, but they haven't yet ruined the 
>> firewall...
>>
>> Kurt
>>
>> On Mon, Jan 30, 2012 at 15:57, Mathew Shember  
>> wrote:
>>> Mcafee is sti in business?
>>>
>>> - Original Message -
>>> From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
>>> Sent: Monday, January 30, 2012 02:46 PM
>>> To: NT System Admin Issues 
>>> Subject: The Security Earthquake That Nobody Felt
>>>
>>>      * The Security Earthquake That Nobody Felt
>>>
>>> Wow, this is actually major security news. I found this on the blog
>>> from Coretrace, and they said: "This week, McAfee, one of the two
>>> dominant forces in reactive, blacklist-based endpoint security,
>>> actively and unequivocally endorsed Application Whitelisting.
>>> Ironically, in hard coverage of Symantec's recent problems with
>>> pcAnywhere, the industry is actively recommending application whitelisting 
>>> too." Here is the link:
>>> http://www.coretraceblogs.com/2012-01/security-earthquake-that-nobody
>>> - felt-mcafee-endorses-application-whitelisting/
>>>
>>> So, what is the big news? It turns security on its head. Instead of
>>> keeping bad code out, with application whitelisting (also known as
>>> Application Control) you only allow known-good code to run. That's
>>> really a 180, and very, very interesting from a system admin perspective.
>>>
>>> I have done some research in this area and have written a whitepaper
>>> about whitelisting, and why as a system admin you should look into
>>> this for the near future. This is a new security layer for your
>>> 'defense-in-depth'. You will hear more from me about whitelisting this year:
>>> http://www.knowbe4.com/resources/the-endpoint-security-advantages-of-
>>> w hitelisting-a-whitepaper-for-system-administrators/
>>>
>>> Warm regards,
>>>
>>> Stu
>>>
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>>

RE: The Security Earthquake That Nobody Felt

2012-02-01 Thread Mathew Shember

Really?

We found ePO rather easy.   What problems did you have with it?

Vipre wasn't available back then so they went with SEP   ;)




-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, February 01, 2012 5:24 PM
To: NT System Admin Issues
Subject: Re: The Security Earthquake That Nobody Felt

We had ePO - it was one of the driving reasons for us to abandon it.
The other reason was the unreasonable amount of resources the client sucked out 
of the workstations. Yet another reason was the price - we got VIPRE Enterprise 
for the renewal price of McAfee, and the renewal price on VIPRE was hard to 
beat.

Hard to say which reason topped the others - kind of a 3-way tie...

Kurt

On Wed, Feb 1, 2012 at 10:56, Mathew Shember  
wrote:
> I guess the snark wasn't obvious.
>
> The AV is tolerable as long as you have ePO going.   However, my 
> "enlightenment" happened when there was a fast moving version of sdbot which 
> snuck by and I had to user higher tiered support.   They identified it with 
> Kaspersky.
>
> We were going to use ironmail (another company) but decided against it after 
> hearing the announcement.
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Monday, January 30, 2012 4:28 PM
> To: NT System Admin Issues
> Subject: Re: The Security Earthquake That Nobody Felt
>
> Well, yes, actually, and they are part of Intel, and have been acquiring 
> companies for themselves - for instance, Secure Computing a few years ago, 
> for their Sidewinder firewalls (which are now McAfee Secure Enterprise 
> Firewalls), among others.
>
> I still don't like their AV product, but they haven't yet ruined the 
> firewall...
>
> Kurt
>
> On Mon, Jan 30, 2012 at 15:57, Mathew Shember  
> wrote:
>> Mcafee is sti in business?
>>
>> - Original Message -
>> From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
>> Sent: Monday, January 30, 2012 02:46 PM
>> To: NT System Admin Issues 
>> Subject: The Security Earthquake That Nobody Felt
>>
>>      * The Security Earthquake That Nobody Felt
>>
>> Wow, this is actually major security news. I found this on the blog 
>> from Coretrace, and they said: "This week, McAfee, one of the two 
>> dominant forces in reactive, blacklist-based endpoint security, 
>> actively and unequivocally endorsed Application Whitelisting.
>> Ironically, in hard coverage of Symantec's recent problems with 
>> pcAnywhere, the industry is actively recommending application whitelisting 
>> too." Here is the link:
>> http://www.coretraceblogs.com/2012-01/security-earthquake-that-nobody
>> - felt-mcafee-endorses-application-whitelisting/
>>
>> So, what is the big news? It turns security on its head. Instead of 
>> keeping bad code out, with application whitelisting (also known as 
>> Application Control) you only allow known-good code to run. That's 
>> really a 180, and very, very interesting from a system admin perspective.
>>
>> I have done some research in this area and have written a whitepaper 
>> about whitelisting, and why as a system admin you should look into 
>> this for the near future. This is a new security layer for your 
>> 'defense-in-depth'. You will hear more from me about whitelisting this year:
>> http://www.knowbe4.com/resources/the-endpoint-security-advantages-of-
>> w hitelisting-a-whitepaper-for-system-administrators/
>>
>> Warm regards,
>>
>> Stu
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body:

Re: The Security Earthquake That Nobody Felt

2012-02-01 Thread Kurt Buff

We had ePO - it was one of the driving reasons for us to abandon it.
The other reason was the unreasonable amount of resources the client
sucked out of the workstations. Yet another reason was the price - we
got VIPRE Enterprise for the renewal price of McAfee, and the renewal
price on VIPRE was hard to beat.

Hard to say which reason topped the others - kind of a 3-way tie...

Kurt

On Wed, Feb 1, 2012 at 10:56, Mathew Shember
 wrote:
> I guess the snark wasn't obvious.
>
> The AV is tolerable as long as you have ePO going.   However, my 
> "enlightenment" happened when there was a fast moving version of sdbot which 
> snuck by and I had to user higher tiered support.   They identified it with 
> Kaspersky.
>
> We were going to use ironmail (another company) but decided against it after 
> hearing the announcement.
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Monday, January 30, 2012 4:28 PM
> To: NT System Admin Issues
> Subject: Re: The Security Earthquake That Nobody Felt
>
> Well, yes, actually, and they are part of Intel, and have been acquiring 
> companies for themselves - for instance, Secure Computing a few years ago, 
> for their Sidewinder firewalls (which are now McAfee Secure Enterprise 
> Firewalls), among others.
>
> I still don't like their AV product, but they haven't yet ruined the 
> firewall...
>
> Kurt
>
> On Mon, Jan 30, 2012 at 15:57, Mathew Shember  
> wrote:
>> Mcafee is sti in business?
>>
>> - Original Message -
>> From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
>> Sent: Monday, January 30, 2012 02:46 PM
>> To: NT System Admin Issues 
>> Subject: The Security Earthquake That Nobody Felt
>>
>>      * The Security Earthquake That Nobody Felt
>>
>> Wow, this is actually major security news. I found this on the blog
>> from Coretrace, and they said: "This week, McAfee, one of the two
>> dominant forces in reactive, blacklist-based endpoint security,
>> actively and unequivocally endorsed Application Whitelisting.
>> Ironically, in hard coverage of Symantec's recent problems with
>> pcAnywhere, the industry is actively recommending application whitelisting 
>> too." Here is the link:
>> http://www.coretraceblogs.com/2012-01/security-earthquake-that-nobody-
>> felt-mcafee-endorses-application-whitelisting/
>>
>> So, what is the big news? It turns security on its head. Instead of
>> keeping bad code out, with application whitelisting (also known as
>> Application Control) you only allow known-good code to run. That's
>> really a 180, and very, very interesting from a system admin perspective.
>>
>> I have done some research in this area and have written a whitepaper
>> about whitelisting, and why as a system admin you should look into
>> this for the near future. This is a new security layer for your
>> 'defense-in-depth'. You will hear more from me about whitelisting this year:
>> http://www.knowbe4.com/resources/the-endpoint-security-advantages-of-w
>> hitelisting-a-whitepaper-for-system-administrators/
>>
>> Warm regards,
>>
>> Stu
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: The Security Earthquake That Nobody Felt

2012-02-01 Thread Mathew Shember

I guess the snark wasn't obvious.

The AV is tolerable as long as you have ePO going.   However, my 
"enlightenment" happened when there was a fast moving version of sdbot which 
snuck by and I had to user higher tiered support.   They identified it with 
Kaspersky.

We were going to use ironmail (another company) but decided against it after 
hearing the announcement.


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Monday, January 30, 2012 4:28 PM
To: NT System Admin Issues
Subject: Re: The Security Earthquake That Nobody Felt

Well, yes, actually, and they are part of Intel, and have been acquiring 
companies for themselves - for instance, Secure Computing a few years ago, for 
their Sidewinder firewalls (which are now McAfee Secure Enterprise Firewalls), 
among others.

I still don't like their AV product, but they haven't yet ruined the firewall...

Kurt

On Mon, Jan 30, 2012 at 15:57, Mathew Shember  
wrote:
> Mcafee is sti in business?
>
> - Original Message -
> From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
> Sent: Monday, January 30, 2012 02:46 PM
> To: NT System Admin Issues 
> Subject: The Security Earthquake That Nobody Felt
>
>      * The Security Earthquake That Nobody Felt
>
> Wow, this is actually major security news. I found this on the blog 
> from Coretrace, and they said: "This week, McAfee, one of the two 
> dominant forces in reactive, blacklist-based endpoint security, 
> actively and unequivocally endorsed Application Whitelisting. 
> Ironically, in hard coverage of Symantec's recent problems with 
> pcAnywhere, the industry is actively recommending application whitelisting 
> too." Here is the link:
> http://www.coretraceblogs.com/2012-01/security-earthquake-that-nobody-
> felt-mcafee-endorses-application-whitelisting/
>
> So, what is the big news? It turns security on its head. Instead of 
> keeping bad code out, with application whitelisting (also known as 
> Application Control) you only allow known-good code to run. That's 
> really a 180, and very, very interesting from a system admin perspective.
>
> I have done some research in this area and have written a whitepaper 
> about whitelisting, and why as a system admin you should look into 
> this for the near future. This is a new security layer for your 
> 'defense-in-depth'. You will hear more from me about whitelisting this year:
> http://www.knowbe4.com/resources/the-endpoint-security-advantages-of-w
> hitelisting-a-whitepaper-for-system-administrators/
>
> Warm regards,
>
> Stu
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: The Security Earthquake That Nobody Felt

2012-01-31 Thread Jonathan Link

Well, no one is listenign to Symantec, so McAffee gets it by default.

On Tue, Jan 31, 2012 at 9:00 AM, Ben Scott  wrote:

> On Tue, Jan 31, 2012 at 3:50 AM, Micheal Espinola Jr
>  wrote:
> > The concept certainly isnt new to us; we've been talking about that for
> > years.  I think the shock here is that someone is listening to anything
> the
> > McAfee is saying.
>
>   ROTFL!
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: The Security Earthquake That Nobody Felt

2012-01-31 Thread Ben Scott

On Tue, Jan 31, 2012 at 3:50 AM, Micheal Espinola Jr
 wrote:
> The concept certainly isnt new to us; we've been talking about that for
> years.  I think the shock here is that someone is listening to anything the
> McAfee is saying.

  ROTFL!

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: The Security Earthquake That Nobody Felt

2012-01-31 Thread Micheal Espinola Jr

The concept certainly isnt new to us; we've been talking about that for
years.  I think the shock here is that someone is listening to anything the
McAfee is saying.

--
Espi




On Mon, Jan 30, 2012 at 3:49 PM, Ben Scott  wrote:

> On Mon, Jan 30, 2012 at 5:46 PM, Stu Sjouwerman
>  wrote:
> > So, what is the big news? It turns security on its head. Instead of
> > keeping bad code out, with application whitelisting (also known as
> > Application Control) you only allow known-good code to run. That's
> > really a 180, and very, very interesting from a system admin perspective.
>
>   The way I see it, this is not new.  Don't let untrusted code run.
> It's been a best practice for decades.  In large organizations with
> poor security, this has historically been a challenge, since they have
> no control over what they run.  These "whitelisting" tools help manage
> and correct for that situation.  But if you have had strong software
> controls to begin with, it's kind of like... "Duh."
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: The Security Earthquake That Nobody Felt

2012-01-30 Thread Kurt Buff

On Mon, Jan 30, 2012 at 15:49, Ben Scott  wrote:
> On Mon, Jan 30, 2012 at 5:46 PM, Stu Sjouwerman
>  wrote:
>> So, what is the big news? It turns security on its head. Instead of
>> keeping bad code out, with application whitelisting (also known as
>> Application Control) you only allow known-good code to run. That's
>> really a 180, and very, very interesting from a system admin perspective.
>
>  The way I see it, this is not new.  Don't let untrusted code run.
> It's been a best practice for decades.  In large organizations with
> poor security, this has historically been a challenge, since they have
> no control over what they run.  These "whitelisting" tools help manage
> and correct for that situation.  But if you have had strong software
> controls to begin with, it's kind of like... "Duh."

Well, yes, the PC ruined the security of the mainframe/mini, and now
the PDA/Smartphone/Tablet is ruining the security of the PC.

And so it goes - but the cycle is getting tighter - there are are now
whitelisting apps for the PDA/Smartphone/Tablet as well as the PC.

I'm sure application whitelisting will come right along with the new
brain implants that are right around the corner...

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: The Security Earthquake That Nobody Felt

2012-01-30 Thread Kurt Buff

Well, yes, actually, and they are part of Intel, and have been
acquiring companies for themselves - for instance, Secure Computing a
few years ago, for their Sidewinder firewalls (which are now McAfee
Secure Enterprise Firewalls), among others.

I still don't like their AV product, but they haven't yet ruined the firewall...

Kurt

On Mon, Jan 30, 2012 at 15:57, Mathew Shember
 wrote:
> Mcafee is sti in business?
>
> - Original Message -
> From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
> Sent: Monday, January 30, 2012 02:46 PM
> To: NT System Admin Issues 
> Subject: The Security Earthquake That Nobody Felt
>
>      * The Security Earthquake That Nobody Felt
>
> Wow, this is actually major security news. I found this on the blog from
> Coretrace, and they said: "This week, McAfee, one of the two dominant
> forces in reactive, blacklist-based endpoint security, actively and
> unequivocally endorsed Application Whitelisting. Ironically, in hard
> coverage of Symantec's recent problems with pcAnywhere, the industry is
> actively recommending application whitelisting too." Here is the link:
> http://www.coretraceblogs.com/2012-01/security-earthquake-that-nobody-felt-mcafee-endorses-application-whitelisting/
>
> So, what is the big news? It turns security on its head. Instead of
> keeping bad code out, with application whitelisting (also known as
> Application Control) you only allow known-good code to run. That's
> really a 180, and very, very interesting from a system admin perspective.
>
> I have done some research in this area and have written a whitepaper
> about whitelisting, and why as a system admin you should look into
> this for the near future. This is a new security layer for your
> 'defense-in-depth'. You will hear more from me about whitelisting this year:
> http://www.knowbe4.com/resources/the-endpoint-security-advantages-of-whitelisting-a-whitepaper-for-system-administrators/
>
> Warm regards,
>
> Stu
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: The Security Earthquake That Nobody Felt

2012-01-30 Thread Mathew Shember

Mcafee is sti in business?

- Original Message -
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Monday, January 30, 2012 02:46 PM
To: NT System Admin Issues 
Subject: The Security Earthquake That Nobody Felt

  * The Security Earthquake That Nobody Felt

Wow, this is actually major security news. I found this on the blog from 
Coretrace, and they said: "This week, McAfee, one of the two dominant 
forces in reactive, blacklist-based endpoint security, actively and 
unequivocally endorsed Application Whitelisting. Ironically, in hard 
coverage of Symantec's recent problems with pcAnywhere, the industry is 
actively recommending application whitelisting too." Here is the link:
http://www.coretraceblogs.com/2012-01/security-earthquake-that-nobody-felt-mcafee-endorses-application-whitelisting/

So, what is the big news? It turns security on its head. Instead of
keeping bad code out, with application whitelisting (also known as
Application Control) you only allow known-good code to run. That's
really a 180, and very, very interesting from a system admin perspective.

I have done some research in this area and have written a whitepaper
about whitelisting, and why as a system admin you should look into 
this for the near future. This is a new security layer for your 
'defense-in-depth'. You will hear more from me about whitelisting this year:
http://www.knowbe4.com/resources/the-endpoint-security-advantages-of-whitelisting-a-whitepaper-for-system-administrators/

Warm regards,

Stu

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: The Security Earthquake That Nobody Felt

2012-01-30 Thread Ben Scott

On Mon, Jan 30, 2012 at 5:46 PM, Stu Sjouwerman
 wrote:
> So, what is the big news? It turns security on its head. Instead of
> keeping bad code out, with application whitelisting (also known as
> Application Control) you only allow known-good code to run. That's
> really a 180, and very, very interesting from a system admin perspective.

  The way I see it, this is not new.  Don't let untrusted code run.
It's been a best practice for decades.  In large organizations with
poor security, this has historically been a challenge, since they have
no control over what they run.  These "whitelisting" tools help manage
and correct for that situation.  But if you have had strong software
controls to begin with, it's kind of like... "Duh."

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: The Security Earthquake That Nobody Felt

RE: The Security Earthquake That Nobody Felt

Re: The Security Earthquake That Nobody Felt

Re: The Security Earthquake That Nobody Felt

RE: The Security Earthquake That Nobody Felt

Re: The Security Earthquake That Nobody Felt

RE: The Security Earthquake That Nobody Felt

Re: The Security Earthquake That Nobody Felt

Re: The Security Earthquake That Nobody Felt

Re: The Security Earthquake That Nobody Felt

Re: The Security Earthquake That Nobody Felt

Re: The Security Earthquake That Nobody Felt

Re: The Security Earthquake That Nobody Felt

Re: The Security Earthquake That Nobody Felt

14 matches

Site Navigation

Mail list logo

Footer information