AV is still very useful in perimeter security devices, but its usefulness is deteriorating rapidly.
In the past 2 years, various machines on my home network have intercepted malware trying to infect my network, but except for malware-laden email, AV has not been the vehicle that has caught it. On the flip side, I've had lots more false positives with AV (things that it doesn't like, but which I know is there, and want it to be there, like MetaSploit, VNC, etc) My detailed viewpoint is: http://home.asbzone.com/ASB/archive/2010/05/10/it-s-time-to-re-evaluate-host-based-security.aspx I intend to get rid of AV at home (using Vipre, MSE, and Avira on different machines) and fully deploy whitelisting in the next few months. It's my major upgrade project for the Winter. OpenDNS is already doing more for me in terms of malware detection and protection vs host-based AV * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Nov 15, 2011 at 2:18 PM, Stu Sjouwerman <[email protected]>wrote: > So I’m asking a bunch of questions here, because I’m looking at writing > this**** > > story from a few different angles. If the ratio Malware to good code is 80 > – 20**** > > (which it is +/- at the moment) why not drop AV all together and lock down > those**** > > workstations and only allow good code to run? Saves budget.**** > > ** ** > > Your view? Input?**** > > > Stu **** > > ** ** > > ** ** > > ** ** > > ** ** > > ** ** > > *From:* Stu Sjouwerman > *Sent:* Tuesday, November 15, 2011 2:10 PM > *To:* NT System Admin Issues > *Subject:* RE: Whitelisting Pros & Cons?**** > > ** ** > > Oh, this an acquisition, that is why it’s having such a high score! LOL > **** > > ** ** > > *From:* Doug Hampshire [mailto:[email protected]] > *Sent:* Tuesday, November 15, 2011 1:13 PM > *To:* NT System Admin Issues > *Subject:* Re: Whitelisting Pros & Cons?**** > > ** ** > > Clearly these results are flawed if McAfee Anything gets higher than a -3 > in any category. :-)**** > > On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman <[email protected]> > wrote:**** > > Thanks Micheal. Anyone experience with any of the Whitelisting products in > this InfoWorld Review?**** > > **** > > > http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835? > **** > > **** > > **** > > *Bit9 Parity Suite 5.01***** > > *10***** > > *8***** > > *9***** > > *9***** > > *10***** > > *9.4***** > > *EXCELLENT***** > > *30%***** > > *15%***** > > *25%***** > > *10%***** > > *20%***** > > *CoreTrace Bouncer 5***** > > *9***** > > *9***** > > *9***** > > *8***** > > *9***** > > *8.9***** > > *VERY GOOD***** > > *30%***** > > *15%***** > > *25%***** > > *10%***** > > *20%***** > > *Lumension Application Control***** > > *8***** > > *9***** > > *8***** > > *9***** > > *9***** > > *8.5***** > > *VERY GOOD***** > > *30%***** > > *15%***** > > *25%***** > > *10%***** > > *20%***** > > *McAfee Application Control 5.0***** > > *9***** > > *9***** > > *9***** > > *8***** > > *8***** > > *8.7***** > > *VERY GOOD***** > > *30%***** > > *15%***** > > *25%***** > > *10%***** > > *20%***** > > *SignaCert Enterprise Trust Services 3.0***** > > **** > > **** > > **** > > *From:* Micheal Espinola Jr [mailto:[email protected]] > *Sent:* Monday, November 14, 2011 5:10 PM**** > > > *To:* NT System Admin Issues > *Subject:* Re: Whitelisting Pros & Cons?**** > > **** > > Whitelisting is the future IMHO. You cant trust anything anymore. Faith > doesnt cut it. You have to protect yourself and your assets, and > whitelisting is the best way to do it. > > -- > Espi**** > > **** > > **** > > ** ** > > On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman <[email protected]> > wrote:**** > > I'm referring to Whitelisting in the context of security. About 10 years > ago, the ratio > "Good code" versus malware was perhaps 90 good 10 bad. In that scenario, > it makes > sense to keep the bad code out. But over the last 10 years, with automated > malware > variant generation, the tables have turned, and there is actually more > malware than > good code out there. So in -that- scenario it might make sense to only > allow "good code" > and implement application control. Only that which is allowed, will run. > > I'd like your feedback - input - discussion on this ! > > Warm regards, > > Stu**** > > > -----Original Message----- > From: Matthew W. Ross [mailto:[email protected]] > Sent: Monday, November 14, 2011 11:22 AM > To: NT System Admin Issues**** > > Subject: Re: Whitelisting Pros & Cons? > > Are you asking about web content filtering, email filtering, or some other > type of "whitelisting?" > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: Stu Sjouwerman > [mailto:[email protected]] > To: NT System Admin Issues > [mailto:[email protected]] > Sent: Mon, 14 Nov 2011 > 08:14:57 -0800 > Subject: Whitelisting Pros & Cons?**** > > > Guys, I am writing an article for WServerNews, and would like your > > public input. > > > > What is your experience with Whitelisting, which products you > > tried/use, and what experience you are having with this, likes and hates > are all welcome !! > > > > Warm regards, > > > > Stu > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
