Reactive AV is being phased out of our XenApp systems next week. We are going to maintain a "sleeping" AV component and do a deep scan once a week. Realtime monitoring is being turned off and we will rely entirely on the application management suite. We are not doing this blithely - currently app management stops about thirty or forty pieces of malware executing per week, and our AV catches precisely zero. In this environment, AV is just a waste of resources.
Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -----Original Message----- From: Alex Eckelberry <[email protected]> Date: Sun, 9 Oct 2011 17:55:58 To: NT System Admin Issues<[email protected]> Reply-To: "NT System Admin Issues" <[email protected]>Subject: RE: AV and malware protection? Hmmm.... Take a look at the Wildlist, which is the list of currently verified viruses. There's still a lot of nasty stuff out there. http://www.wildlist.org/WildList/201108.txt We see plenty of viruses out there, and relying on a product like Malwarebytes as your only line of defense is a serious mistake, IMHO. It's an excellent product (remember we partner with them and are very close to them, so this is not a slight in the least on their technology) but you really, really need an AV product as a complement. Alex -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issue Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry <[email protected]> wrote: > It's worth noting that MalwareBytes is not an antivirus product. > It is, however, an excellent protecter/cleaner against modern Trojans > and rogue antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin DISCLAIMER The information contained in this electronic mail may be confidential or legally privileged. It is for the intended recipient(s) only. Should you receive this message in error, please notify the sender by replying to this mail. Please do not read, copy, forward or store this message unless you are an intended recipient of it - unauthorized use of contents is strictly prohibited. Unless expressly stated, opinions in this message are those of the individual sender and not of GFI. While all care has been taken, GFI is not responsible for the integrity or the contents of this electronic mail and any attachments included within. (GFI2011) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
