R: Interesting read on Symantec's latest effort

Wed, 17 Sep 2008 08:26:37 -0700 

So what ? If old but works ? Or doesn't it
 
GuidoElia
HELPPC
 

  _____  

Da: Durf [mailto:[EMAIL PROTECTED] 
Inviato: mercoledì 17 settembre 2008 17.19
A: NT System Admin Issues
Oggetto: Re: Interesting read on Symantec's latest effort


The idea of whitelisting files thorugh checksums is as old as the hills.  
Tripwire has been doing this in the open source world for years and years.  

-- Durf


On Wed, Sep 17, 2008 at 10:48 AM, Rod Trent <[EMAIL PROTECTED]> wrote:


Personally, I think Symantec is simply copying a technology idea already 
available.  For example, Bit9 has been doing this for some time.

 

http://www.bit9.com/ 

 

From: Michael B. Smith [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, September 17, 2008 10:40 AM 


To: NT System Admin Issues

Subject: RE: Interesting read on Symantec's latest effort 



 

That is the comment about file signatures.

 

The idea here is a very good one. This is what the Cisco CSA product does 
(white-lists) and it is a very good product - albeit quite expensive.

 

Regards,

 

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP

My blog: http://TheEssentialExchange.com/blogs/michael

Link with me at: http://www.linkedin.com/in/theessentialexchange

 

From: Jonathan Link [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, September 17, 2008 10:33 AM
To: NT System Admin Issues
Subject: Re: Interesting read on Symantec's latest effort

 

>From the FA this statement makes me nervous: "NIS 09 knows which files are 
>safe and only scans unknown files, reducing scan times to minutes and machine 
>load to almost nothing."

 

What prevents malware from depositing a known bad file in for a file that NIS 
09 assumes is safe?  I know real time protection should discover when an action 
is being taken to prevent access to operating system files, but what about 
other files that are important and used for daily business but have been 
compromised?



 

On Wed, Sep 17, 2008 at 10:21 AM, Tim Evans <[EMAIL PROTECTED]> wrote:

http://www.stuff.co.nz/4668507a28.html

 

Quote:

"But is it still protecting us properly? Symantec assures me it is, and even 
better than ever."

 

OK, I'm a believer :-) At least it sounds like they have finally understood 
their fatal flaw and are making attempts to fix it.

 

 

...Tim

 

 

 

 

 

 

 

 

 

 


 



 




-- 
--------------
Give a man a fish, and he'll eat for a day. 
Give a fish a man, and he'll eat for weeks!


 


 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to