MCBastos <[email protected]> wrote: > Interviewed by CNN on 30/01/2013 14:35, Rob told the world: >> MCBastos <[email protected]> wrote: >>> So... >>> Antivirus: missed it >>> Other antivirus: about 75% chance of missing it. >>> Google Safe Browsing: missed it >>> ISP spam filter: flagged it as spam, but did nothing else. Not that it >>> helps much, since this particular filter has a high rate of false >>> positives. One of the myriad reasons I'm migrating to another ISP... >>> Seamonkey spam filter: missed it (probably because it had my full name) >> >> Filtering proxy looking at file type: would probably have caught it. >> Software restriction policy at computer (AppLocker): would have caught it. >> Operating as a nonprivileged user: would most likely have made the >> malware fail to install in system directories. > > Sure, those are fine tools, but some of them are not practical for most > home users or small business. I mean, AppLocker is an Enterprise-level > tool, and how many homes do you know that have *any kind* of proxy? Not > to mention notebooks that connect to public wi-fi? > > And even so, you qualified your claims with "probably" and "likely". As > I said, there are no absolute guarantees. There are no magical silver > bullets that will kill *all* attacks, surely, with zero false positives. > > Every security tool must achieve a balance between the security it > offers and its shortcomings. In the case of the Firefox blacklist, the > choice between real-time blacklist checks and batch-downloaded updates > has to consider the following: > > - Pro real-time checks: somewhat elevated security > - con: privacy concerns, increased latency
The reason I mention those three other methods is that I prefer methods that work by fixed yes/no checks over methods that use dynamically updated patterns and blacklists. A rule that prevents driveby downloads is better than a virus scanner or site blacklist, in my opinion. Sure it requires effort to implement those things, that is why almost nobody is doing it. But then, don't complain when you are hacked. I am not in the Windows software development business, but seeing that current security products already scan for viruses in internet download streams, either by pushing a proxy inbetween or by watching all TCP streams, it should be trivial to add a feature that just blocks any executable download for users that are not designated as administrators. That should be much more effective than scanning for malware. When our users are on public WiFi, they can only setup a VPN to the company network and access the internet using the standard security in place. This also prevents wiretapping of the activities of the user. _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
