On Wed, 29 Apr 2009 10:34:55 MDT, don bailey said: > Please don't speak for all security professionals. "We" do not do the > same thing(s) you do. Also, it surprises me that you think Linux/OSX/etc > are not virus capable. Notice I never actually mentioned an operating system. You're the one that hopped on the Linux/OSX bandwangon. ;) I never said Linux/*BSD/Solaris/etc weren't virus capable. What I *said* was that you want systems that have security designs that *already* include the things you need to stop viruses and you don't need a separate anti-virus. For example - if you have something that's creating a new executable in the /bin directory and you don't know what it is, you have a problem, whether it's a virus or somebody trying to trojan /bin/login. And once you've done whatever hardening you want to keep a hacker from trojaning /bin/login, you've *also* now stopped a virus from scribbling in /bin. It's a change in mindset - you shouldn't be thinking about "I need to stop the viruses", you should be thinking about "I need to close off the attack surfaces so they can't be used by attackers, whether they're viruses or something else". This applies to Windows too: Installing anti-virus tools that try to minimize the damage a virus can do when a user is running as Administrator is just papering over the issue - the *problem* is that the user is running as Administrator inappropriately. And lo and behold - once you deal with that issue, you no longer need a special anti-virus widget for that case. Don't think "malware types". Think "attack vectors". If you can deal with the attack vectors, the malware types become irrelevant. And if you *can't* deal with the attack vector, the malware type is *still* irrelevant - you have a hole that can be used to pwn you.
Attachment:
pgpAfmVUHm01y.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/