And given the bad code that is running these seemingly good websites, that get owned, usually due to application flaw, sql injection or some other flaw the downstream victums of the exploits are us.
Z Edward E. Ziots Network Engineer Lifespan Organization Email: [email protected] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + -----Original Message----- From: Tim Vander Kooi [mailto:[email protected]] Sent: Thursday, January 29, 2009 5:15 PM To: Active Directory Admin Issues Subject: RE: OT: Was Tips 'n' Tricks Now it's Symantec Bashing It also doesn't protect against web sites that are whitelisted and then get owned. You are in essence passing your security buck off to someone you don't know let alone control. TVK -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Thursday, January 29, 2009 4:08 PM To: Active Directory Admin Issues Subject: Re: OT: Was Tips 'n' Tricks Now it's Symantec Bashing Somewhat agree. Whitelisting apps will definitely help a lot, but the process is tedious, if done well: o- build a clean install from known media o- use the output of dir /s /b and use md5sum to build a database of known files o- use magic app to use database of md5 hashes to whitelist apps o- install new software, redo steps above However, that still won't help against malicious data, like crafted Word/Excel docs, mp3s, whatever (sure, open that web-based file, so that I can pwn your browser and OS!) Now, whitelisting apps *and* whitelisting web sites - that would be truly useful, though it still doesn't protect against malicious email attachments. Kurt On Thu, Jan 29, 2009 at 1:58 PM, Michael B. Smith <[email protected]> wrote: > I think WhiteListing is "the future of A/V". > > > > There is simply too much to guard AGAINST now. > > > > (I say "the future" because I still think whitelists are too hard to build. > IMO. YMMV.) > > > > Regards, > > > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP > > My blog: http://TheEssentialExchange.com/blogs/michael > > I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php > > > > From: James Rankin [mailto:[email protected]] > Sent: Thursday, January 29, 2009 4:32 PM > To: Active Directory Admin Issues > Subject: Re: OT: Was Tips 'n' Tricks Now it's Symantec Bashing > > > > I am always wondering these days if AV is strictly necessary. AppSense > won't execute anything that isn't whitelisted and/or isn't owned by an > Administrator, and neither can network drives run executable content > by default. Coupled with WebSense, the use of mandatory profiles and a > pretty rapid patching strategy, I am left wondering how much > mitigation AV actually gives us on top. It certainly has only caught > about three virii recently (and guess what? They were on my boss's > workstation, which means all the products I mentioned above, he has > removed himself from) > > 2009/1/29 Jake Gardner <[email protected]> > > I'm a little past halfway through the company wide removal of > symantec and installing AVG. yippie!! > > > > I love when the end users always ask me about why I don't like > Symantec, or they tell me how happy they are with Mcafee. ugh. I ask > them if they've had viruses or malware and they ALWAYS answer yes. > > > > > > > > Thanks, > > > > Jake Gardner > > TTC Network Administrator > > Ext. 246 > > > > > > ________________________________ > > From: James Rankin [mailto:[email protected]] > Sent: Thursday, January 29, 2009 4:19 PM > To: Active Directory Admin Issues > Subject: Re: Tips 'n' Tricks > > Hey guys, you're preaching to the choir here. My boss bought it, and > he likes to take down Exchange servers in the middle of the morning > just to fix some cosmetic issue. I hate Symantec with a passion that > appears to be quite common. > > 2009/1/29 Ziots, Edward <[email protected]> > > Symantec Sucks.. Period.. > > > > Z > > > > Edward E. Ziots > > Network Engineer > > Lifespan Organization > > Email: [email protected] > > Phone: 401-639-3505 > > MCSE, MCP+I, ME, CCA, Security +, Network + > > ________________________________ > > From: Jake Gardner [mailto:[email protected]] > Sent: Thursday, January 29, 2009 4:15 PM > > To: Active Directory Admin Issues > Subject: RE: Tips 'n' Tricks > > > > Call Symantec support right away and ask for their cleanwipe tool. > That will solve ALL of your Symantec problems forever. > > > > ;) > > > > Thanks, > > > > Jake Gardner > > TTC Network Administrator > > Ext. 246 > > > > > > ________________________________ > > From: Tim Vander Kooi [mailto:[email protected]] > Sent: Thursday, January 29, 2009 4:14 PM > To: Active Directory Admin Issues > Subject: RE: Tips 'n' Tricks > > As long as Symantec is on the network there should always be something > to have to fix. ;-) > > > > > > From: James Rankin [mailto:[email protected]] > Sent: Thursday, January 29, 2009 3:11 PM > To: Active Directory Admin Issues > Subject: Re: Tips 'n' Tricks > > > > Oh how I long to be back in a big environment...the heady days of when > the backbone security team "leased" admin access to support teams for > specific tasks and timeframes...when you couldn't get a service > account with any more access than it absolutely needed...when patches were tested at four > different levels before arriving in production :-) > > Now there's just me, WebSense, AppSense and Symantec Antivirus between > the infrastructure and anarchy. > > Enuff reminiscing.....back to fixing stuff > > 2009/1/29 Ziots, Edward <[email protected]> > > I hear you, can't tolerate that stuff here, of course scheduling of > 700 servers to be patched across 2 week timeline with a lockout on > changes from 7am-5pm posed by executive management doesn't make for > happy campers... > > > > Z > > > > Edward E. Ziots > > Network Engineer > > Lifespan Organization > > Email: [email protected] > > Phone: 401-639-3505 > > MCSE, MCP+I, ME, CCA, Security +, Network + > > ________________________________ > > From: James Rankin [mailto:[email protected]] > Sent: Thursday, January 29, 2009 4:03 PM > > To: Active Directory Admin Issues > > Subject: Re: Tips 'n' Tricks > > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK > Test! ~ > > ~ ~ > > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK > Test! ~ > > ~ ~ > > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK > Test! ~ > > ~ ~ > > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK > Test! ~ > > ~ ~ > > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK > Test! ~ > > ~ ~ > > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK > Test! ~ > > ~ ~ > > ***Teletronics Technology Corporation*** This e-mail is confidential > and may also be privileged. If you are not the addressee or > authorized by the addressee to receive this e-mail, you may not > disclose, copy, distribute, or use this e-mail. If you have received > this e-mail in error, please notify the sender immediately by reply > e-mail or by telephone at 267-352-2020 and destroy this message and any copies. > > Thank you. > > ******************************************************************* > > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK > Test! ~ > > ~ ~ > > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK > Test! ~ > > ~ ~ > > ***Teletronics Technology Corporation*** This e-mail is confidential > and may also be privileged. If you are not the addressee or > authorized by the addressee to receive this e-mail, you may not > disclose, copy, distribute, or use this e-mail. If you have received > this e-mail in error, please notify the sender immediately by reply > e-mail or by telephone at 267-352-2020 and destroy this message and any copies. > > Thank you. > > ******************************************************************* > > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK > Test! ~ > > ~ ~ > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ > ~ ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
