-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Valdis, Being overly verbose and using a plethora of asterisks does not enhance the validity of your statement. I didn't bother reading your statement due to its unnecessary length. Simply focus less on speaking for the "community" and confine your scope to your personal opinion. Thanks.
Sincerely, D [email protected] wrote: > On Wed, 29 Apr 2009 10:34:55 MDT, don bailey said: > >> Please don't speak for all security professionals. "We" do not do the >> same thing(s) you do. Also, it surprises me that you think Linux/OSX/etc >> are not virus capable. > > Notice I never actually mentioned an operating system. You're the one that > hopped on the Linux/OSX bandwangon. ;) > > I never said Linux/*BSD/Solaris/etc weren't virus capable. What I *said* was > that you want systems that have security designs that *already* include the > things you need to stop viruses and you don't need a separate anti-virus. > > For example - if you have something that's creating a new executable in > the /bin directory and you don't know what it is, you have a problem, whether > it's a virus or somebody trying to trojan /bin/login. And once you've done > whatever hardening you want to keep a hacker from trojaning /bin/login, you've > *also* now stopped a virus from scribbling in /bin. > > It's a change in mindset - you shouldn't be thinking about "I need to stop > the viruses", you should be thinking about "I need to close off the attack > surfaces so they can't be used by attackers, whether they're viruses or > something else". > > This applies to Windows too: Installing anti-virus tools that try to minimize > the damage a virus can do when a user is running as Administrator is just > papering over the issue - the *problem* is that the user is running as > Administrator inappropriately. And lo and behold - once you deal with that > issue, you no longer need a special anti-virus widget for that case. > > Don't think "malware types". Think "attack vectors". If you can deal with > the attack vectors, the malware types become irrelevant. And if you *can't* > deal with the attack vector, the malware type is *still* irrelevant - you have > a hole that can be used to pwn you. > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkn4i1sACgkQM8x1V+fkydNuNQCffKOukfYhMEZqwJmqKL2qJebG IVgAnR32I7cynBn7ZhbUp3f8TsrrEyl/ =v6NK -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
