I am sure that goes for a lot of their customers, we are doing double QA because of the last debacle... and we aren't alone in this approach. Mcafee's QA failure has just turned the cover back on the risk that all business are having when they have blind faith in the vendors of the products they are using to secure their networks, which has come back to bite lot of them in the arse...
And from the list, it seems that other AV vendors have succumb to this issue also, and their customers have suffered, therefore our C levels are asking us to put in additional procedural controls to prevent/reduce the risk from our vendors bad DAT/Engine updates to AV to ensure business continuity and less DR exercises which caused major business disruption, downtime and financial loss. With these extra controls, we need to let them know the additional risk they are accepting via formal risk analysis/assessments by asking for the changing of the operational controls, because in some business the AV they use is the only security control they have to reduce the risk, sad as that might be, its reality for a lot of companies. Food of thought, Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 [email protected] -----Original Message----- From: Maglinger, Paul [mailto:[email protected]] Sent: Tuesday, May 11, 2010 9:19 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better.... Right now I'm still not too keen on McAfee's credibility... -----Original Message----- From: Ziots, Edward [mailto:[email protected]] Sent: Tuesday, May 11, 2010 8:16 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better.... You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on your system is the difference between keeping your systems clean and getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting, otherwise, you are going to have to have more on your systems than just AV to combat todays threat landscape. Sincerely, EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 [email protected] -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Tuesday, May 11, 2010 9:11 AM To: NT System Admin Issues Subject: Re: Life just keeps getting better.... On Mon, May 10, 2010 at 12:40 AM, Kurt Buff <[email protected]> wrote: > How to bypass almost all AV software > > http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-d esktop-security-software.php Sophos's response: http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth- shaker/ They're an AV vendor and thus not a disinterested party, so take it as you like. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
