* Brett Randall <[EMAIL PROTECTED]> writes:
> OK I wasn't planning on continuing my argument but since others are for me!
I'm still against you, Brett, so let's see how far we'll get... ]:->
>> Incidentally, I dislike NT, Microsoft Outlook and Exchange as much as
>> you probably do.
> I dislike them as well. All our servers are transitioning to
> linux/openbsd EXCEPT for this one virus-scanning machine.
Interestingly, this will leave this one machine open to attacks against the
OS itself. Strange notion of security. You could be running TrendMicro's
viruswall or [insert AV-vendor] stuff on various flavours of Un*x or Linux
as well.
> Virtually a day after the "I Love you" virus was realised, Norton had
> a fix for it and liveupdate automatically updated it on our server.
Literally one minute after I was informed about the problem via my
email2sms gateway (one of those things you'd call a "scripting effort"
monitoring various security MLs), I had remotely logged into our
mailserver and added a rule nuking all respective emails. Arguably, the
approach is different, but with the gaping holes in MS's security
"policy", chances are yet another script kiddy will find yet another
exploit soonish and it will not qualify as a virus again. Technically
speaking, BTW, ILOVEYOU was not a virus, anyway. Needless to say that
there are i18n versions of MS Office viruses that aren't caught by
American scanners...
> Luckily this prestigous event happened largely on a weekend and so the
> few e-mails which got through the server were then killed on Monday
> when the user went to read their e-mail...
"Luckily"... how do you sleep at night, Brett, when an integral part of
your security policy relies on luck?
> We have stopped countless hundreds of this virus, and tens of thousands
> of other virii with this firewall-style approach.
Brett, I just talked to my firewall. She's a nice firewall, y'know, and
she's got a great sense of humour. But that carpet was quite expensive,
and I stronly advise you not to make such rude jokes again unless you
want to face punitive damages. Besides, a 19" rack biting a rug is just
plainly ridiculous.
>> come in with dozens of viruses -- usually some combination of Stoned
>> or Monkey with a few other oldies. These are all caught by modern
>> anti virus software and thus it _should_ be installed on machines.
>> McAfee VirusScan for workstations is only $15 (cost).
> Totally agreed with. You can't always catch the latest and greatest
> virii with virus scanning software and yes killing every binary
> attachment is an approach to removing the possibility altogether, but
> in many cases that is just not an option.
True. That's why you set up sandboxes in each department, running
Linux and StarOffice. For the unaware, StarOffice is a free, GPL'ed
(?) Office Suite running on Windows and various Un*xoid OSes. Yes,
it's a little inconvenient to hop to another office to take a look at
an attachment. But it also makes you very angry at the people sending
them. Which is good.
> I trust stuff I pay for more than free, open source scripting efforts.
Ok, so on top of luck, you rely on trust. Then again, it's all that's
left to you, isn't it? While you can have an expert audit Open Source
Software, (closed source) commercial software has to be trusted. I
don't trust closed source software, and even less so if it comes from a
foreign country. Can you guarantee (100%) where Notes or Exchange or
whatever send your company's trade secrets? Does the word OPSEC ring a
bell? IT security isn't everything.
And, quite honestly, I don't like your condescending tone when you talk
about OSS. Calling OpenBSD or qmail "scripting efforts" is, well.. you
know, if MS ever released the Exchange code, and one were to compare it
to qmail's... oh, well...
> Just a peace-of-mind.
Then why are you running qmail? You /are/ running qmail, aren't you?
> Norton are not overly bloated. Lotus' Notes is, to some extent,
> bloated, but we have been using it for the last couple of years with
> thousands of e-mails coming through and being scanned daily and have
> had no obvious problems thus far...
Notes Server has had some bugs that qualify as lethal. And they weren't
fixed nearly as quickly as those in, say, sendmail. What makes you
recommend software with a bad track record in security on a ML for the
most secure mailserver there is?
--
Robin S. Socha <http://socha.net/>
