On Tue, Oct 18, 2011 at 3:23 PM, Michael B. Smith <[email protected]> wrote: > If (as the article says) only one-tenth of one percent of issues are caused > by zero-days; then that's not even a blip on the radar.
Heck, I'd guess that most exploits happen because users explicitly downloaded and installed the program that turned out to be malware. But if you're an even half-way competent IT guy -- and while we've had our differences, MBS, I certainly believe you're a hell of a lot better than *that* -- you've already got the obvious stuff covered. You patch religiously, you run a firewall or two, you run signature based detection, you keep your browser settings sane, you don't run as admin for day-to-day usage, etc, etc. That eliminates most of the exploits out there. Of the remainder -- the stuff that presents a real challenge -- zero-day exploits are a much bigger threat, proportionately. And because of their very nature -- something you don't know about -- they do indeed leave one vulnerable and powerless WRT the threat itself. Sure, you can employ measures to mitigate the damage, and that helps a lot, but that doesn't change the fundamental fact that a vulnerability you don't know about isn't something you can address directly. I can't speak for others, but that was what drove my reaction: The apparent dismissal of customer reaction to unpatched bugs, as if it's somehow unreasonable to expect a quality, secure product. > It means that pursuing a well-rounded defense in depth strategy > is the proper course - as always. I don't think anyone has said otherwise. It's possible to both be concerned about zero-day attacks and pursue a sane course of action. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
