On Tue, Sep 29, 2009 at 10:39:36PM -0400, Michael Collins wrote:
Well, I've checked off that I bought a
firewall box, so I *must* be scure), and because it does give
developers a way out.
I agree; and I'll point out that this also provides air cover
for management when subsequent incidents
We would agree:
http://countermeasures.trendmicro.eu/in-security-reputation-is-key/
I guess the real question is this:
How large is the long tail of viruses?
Suppose, if you will, that there are hits in the malware space --
individual pieces of malware that get spread all over. Suppose we
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 29, 2009 at 12:15 AM, Dan Kaminsky d...@doxpara.com wrote:
We would agree:
http://countermeasures.trendmicro.eu/in-security-reputation-is-key/
I guess the real question is this:
How large is the long tail of viruses?
Suppose,
I've done some cursory searching, and I'm in the midst of a deeper lit
review right now, but all signs point to there nit being empirical
evidence for the effectiveness of any security measure. I'll say more
when I've read more
Sent from my iPhone
On Sep 28, 2009, at 3:50 PM, Nick
Any security measure is a bit much. The collection of fixes that
went alongside XPSP2 was pretty epic (firewall by default, massacre of
SMB's anonymous surface, windows update) and almost entirely killed
worms -- and their company-wide-compromises -- quantifiably.
On Tue, Sep 29, 2009 at 4:15
] No AV? Shock, horror!
Any security measure is a bit much. The collection of fixes that
went alongside XPSP2 was pretty epic (firewall by default, massacre of
SMB's anonymous surface, windows update) and almost entirely killed
worms -- and their company-wide-compromises -- quantifiably.
On Tue, Sep
On Tuesday 29 September 2009 11:48:51 am blanchard_mich...@emc.com wrote:
Yah, too bad many corporations turn off the built in FW in SP2 via GPO ;-(
But the additions in SP2 were a GodSend for home users, agreed.
Let's face it, in reality the new features in OS' have been the biggest
[mailto:funsec-boun...@linuxbox.org] On
Behalf Of Kenneth L. Bechtel, II
Sent: Tuesday, September 29, 2009 12:33 PM
To: funsec@linuxbox.org
Subject: Re: [funsec] No AV? Shock, horror!
On Tuesday 29 September 2009 11:48:51 am blanchard_mich...@emc.com wrote:
Yah, too bad many corporations turn off
On Tue, Sep 29, 2009 at 09:15:34AM +0200, Dan Kaminsky wrote:
Infections by these rare payloads would constitute a sort of long
tail of malware -- too rare for a signature, but in aggregate,
possibly common enough to represent a significant number of
infections.
But how common? I mean, we
On Tue, Sep 29, 2009 at 11:37 PM, Rich Kulawiec r...@gsp.org wrote:
On Tue, Sep 29, 2009 at 09:15:34AM +0200, Dan Kaminsky wrote:
Infections by these rare payloads would constitute a sort of long
tail of malware -- too rare for a signature, but in aggregate,
possibly common enough to represent
You assume no false positives...
On Sep 29, 2009, at 5:12 PM, Dan Kaminsky wrote:
Methodology wouldn't be too bad -- there are things a manual auditor
can notice and alarm on quickly, that AV really can't just block or
even send back for further review. So it's a matter of:
1) Gain
I was under the impression AV tended to err on the side of false
negatives -- see the repeated clawback on heuristics. I'm not sure
false positives would make a significant statistical difference given
that preference. Could be convinced otherwise though.
On Wed, Sep 30, 2009 at 1:31 AM,
The problem is that we're still dealing with something that is pretty
much anecdote - I don't disagree that it improved the security profile
of a lot of networks, but I have no way to speak about it
quantitatively. I can talk about such things qualitatively, but but
it's still in the
I'm torn on active netsec (AV, FW, IDS) because I'm pretty sure that
it's the least cost-effective place to work on security. At the same
time, from a management perspective you can buy it as a separate
component (am I secure? Well, I've checked off that I bought a
firewall box, so I
I have a paper a few years ago about predicting botnet location, the
next step of the work was to correlate my work with network security
policies and profiles of individual networks to see what the impact of
policy was. As soon as I finish inventing the 300-hour workweek I
wanted to get
I actually put FW in a separate category than AV and IDS. It
establishes clear boundaries (modulo HTTP, the universal tunneling
protocol) whereas the others are best effort.
On Wed, Sep 30, 2009 at 4:39 AM, Michael Collins mcoll...@aleae.com wrote:
I'm torn on active netsec (AV, FW, IDS)
, September 25, 2009 5:13 PM
To: Rob, grandpa of Ryan, Trevor, Devon Hannah
Cc: funsec@linuxbox.org
Subject: Re: [funsec] No AV? Shock, horror!
Maybe some merchants don't use Windows?
On Fri, 25 Sep 2009, Rob, grandpa of Ryan, Trevor, Devon Hannah wrote:
PCI survey finds some merchants don't use
: funsec@linuxbox.org
Subject: Re: [funsec] No AV? Shock, horror!
Maybe some merchants don't use Windows?
On Fri, 25 Sep 2009, Rob, grandpa of Ryan, Trevor, Devon Hannah wrote:
PCI survey finds some merchants don't use antivirus software
http://www.networkworld.com/news/2009/092309-pci
To: Blanchard, Michael (InfoSec)
Cc: drsol...@drsolly.com; rmsl...@shaw.ca; funsec@linuxbox.org
Subject: Re: [funsec] No AV? Shock, horror!
Non-rhetorical question:
Is there a source of data showing 10,000 machines with AV are less
likely to be infected than 10,000 machines without?
On Mon, Sep
: funsec@linuxbox.org; rmsl...@shaw.ca
Subject: Re: [funsec] No AV? Shock, horror!
Non-rhetorical question:
Is there a source of data showing 10,000 machines with AV are
less likely to be infected than 10,000 machines without?
On Mon, Sep 28, 2009 at 7:38 PM, blanchard_mich...@emc.com wrote
Of Dan Kaminsky
Sent: Monday, September 28, 2009 7:56 PM
To: blanchard_mich...@emc.com
Cc: funsec@linuxbox.org; rmsl...@shaw.ca
Subject: Re: [funsec] No AV? Shock, horror!
Non-rhetorical question:
Is there a source of data showing 10,000 machines with AV are
less likely to be infected than
Dan Kaminsky wrote:
Non-rhetorical question:
Is there a source of data showing 10,000 machines with AV are less
likely to be infected than 10,000 machines without?
To the best of my knowledge there are no epidemiological studies of AV
s/w such as could tell us the answer to this question,
blanchard_mich...@emc.com to Dan Kaminsky:
Is there a source of data showing 10,000 machines with AV are less
likely to be infected than 10,000 machines without?
I'm sure there is, ...
I'm not so sure there is -- in fact, I'm fairly sure there is no such
study.
... but I would have
toralv_di...@mcafee.com wrote:
All logs from a central AV-management console listing what has been
detected by the OnAccess scanner on the workstations would qualify
as that source of data (after sorting out the things that actually
infect a machine from the things AV is expected to detect
: funsec@linuxbox.org; rmsl...@shaw.ca
Subject: Re: [funsec] No AV? Shock, horror!
Non-rhetorical question:
Is there a source of data showing 10,000 machines with AV are
less likely to be infected than 10,000 machines without?
On Mon, Sep 28, 2009 at 7:38 PM, blanchard_mich...@emc.com wrote
Charles Miller wrote:
Ah Dan. There is an error in your logic. If AV couldn't detect the
bot on a machine, then it is not a bot. How else would you prove it
was a bot! ;)
And the Vesselin -- it's not a virus unless we've seen it and labelled
it as such -- Bontchev award for 2009 goes
On Tue, Sep 29, 2009 at 09:37:36AM +1300, Nick FitzGerald wrote:
Given recent trends in malware development, the infection rate of AV-
running systems will be far from zero.
Strongly agreed. As I've pointed out elsewhere, all signature-based
methods (whether anti-virus, anti-spam,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Sep 28, 2009 at 4:15 PM, Rich Kulawiec r...@gsp.org wrote:
On Tue, Sep 29, 2009 at 09:37:36AM +1300, Nick FitzGerald wrote:
Given recent trends in malware development, the infection rate of AV-
running systems will be far from zero.
PCI survey finds some merchants don't use antivirus software
http://www.networkworld.com/news/2009/092309-pci-survey-finds-some-
merchants.html?hpg1=bn
(But absolutely no surprise whatsoever ...)
== (quote inserted randomly by Pegasus Mailer)
rsl...@vcn.bc.ca
On Fri, 25 Sep 2009 11:52:29 -0800, Rob, grandpa of Ryan, Trevor, Devon
Hannah said:
PCI survey finds some merchants don't use antivirus software
http://www.networkworld.com/news/2009/092309-pci-survey-finds-some-merchants.html?hpg1=bn
(But absolutely no surprise whatsoever ...)
So
Maybe some merchants don't use Windows?
On Fri, 25 Sep 2009, Rob, grandpa of Ryan, Trevor, Devon Hannah wrote:
PCI survey finds some merchants don't use antivirus software
http://www.networkworld.com/news/2009/092309-pci-survey-finds-some-
merchants.html?hpg1=bn
(But absolutely no
31 matches
Mail list logo