Breaking News: eBay, Trading Post help catch tax cheats

ZDNet / Antivirus / Story

Antivirus is 'completely wasted money': Cisco CSO

By Liam Tung, ZDNet.com.au on May 21st, 2008

Topics

antivirus, auscert08, cisco, mcafee, john stewart, ca

Top related stories

AusCERT 2008: Complete coverage

Photos: AusCERT 2008

Microsoft: Defence in depth is not enough

Related gallery

Microsoft Security Essentials: Screenshots

Microsoft Security Essentials: Screenshots

Related video

AusCERT 2009: Why do Mac OS X users need antivirus?

Companies are wasting money on security processes — such as applying patches and using antivirus software — which just don't work, according to Cisco's chief security officer John Stewart.

Speaking at the AusCERT 2008 conference in the Gold Coast yesterday, Stewart said the malware industry is moving faster than the security industry, making it impossible for users to remain secure.

"If patching and antivirus is where I spend my money, and I'm still getting infected and I still have to clean up computers and I still need to reload them and still have to recover the user's data and I still have to reinstall it, the entire cost equation of that is a waste.

"It's completely wasted money," Stewart told delegates.

Read This:

AusCERT 2008

Check out all the highlights from AusCERT 2008, Australia's biggest security conference.
Read More »

He said infections have become so common that most companies have learned to live with them.

"There are too many companies in the world that actually believe infection is just a cost of doing business and are getting used to doing it — as opposed to stopping it completely. That's dangerous," he said.

A better way of dealing with the unknown is to use whitelists — where only authorised or approved software can execute, said Stewart.

"I'm sick of blacklisted stuff. I've got to go for whitelisted stuff — I know what that is because I put it there," he said.

Security software vendors did not agree.

Gavin Struthers, regional director for McAfee Australia and New Zealand, said that although installing antivirus and updating patches are not a perfect solution, they certainly aren't a waste.

"I disagree that it is a complete waste of money... Against today's sophisticated attacks, antivirus and patching won't stop these threats, so you need a layered approach and defence in depth," he told ZDNet.com.au.

Chris Thomas, technology specialist for CA's Internet Security business unit, said that antivirus alone did not provide enough protection.

"It's not a complete waste of money. If it's the only level of protection that someone has, it's probably not going to be enough. The arms race between the malware writers and antivirus researchers is a constant race," he said.

Thomas agreed, however, that whitelists are a good idea: "The way security is moving now is, as John Stewart said today, whitelisting, as in 'trust what you know', as opposed to the black list signatures."

Related stories

AusCERT 2008: Complete coverage

Photos: AusCERT 2008

Microsoft: Defence in depth is not enough

Cisco customers making themselves vulnerable

Talkback

Oh geez

Or you could just use reliable operating systems such as Linux or BSD and sidestep the issue entirely.

AnonymousAnonymous May 21st, 2008
Report offensive content Reply (0) (0)

Well said !

Give that man a penguin!

For the vast majority of office users all that's required is a word processor, email and calendering.

I'd suggest that you could drop a nicely skinned KDE desktop running OpenOffice in front of most users and they wouldn't know the difference, or if they did they'd need minimal retraining.

AnonymousAnonymous May 21st, 2008
Report offensive content Reply (0) (0)

word processor, email and calendering?

If all your office workers need is a word processor, email and calendering, I'd like to see what it is they actually do all day... that may be true of most home users, but I don't believe it in an office.

I've never met a SINGLE office worker that only uses the "simple" office applications. Most of them have *at least* one other application that only runs on Windows.

Whether that's MYOB or some custom-built in-house application, it's all the same, really. If you want to set up MYOB to run in WINE or whatever, then go ahead.

The fact is, a properly configured Windows machine will run *ALL* the software you need to run a business, and it'll be safe from viruses and malware. The first step is to stop running as Administrator...

DeanDean May 21st, 2008
Report offensive content Reply (0) (0)

windows-only

presumably many of those windows-only apps could be run via rdp from just about any desktop. mount /home and /tmp no_exec and it raises the bar a bit on getting users to run your trojan. I'm not saying everyone should use a particular OS or that it'll work for everyone, be invulnerable, etc... but it certainly seems possible to use linux on the desktop in many cases.

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

Right You Are

I haven't met a company yet that didn't have to use more than the basics of an office package and a personal organizer.

If nothing else, every company has some sort of accounting software on their systems that is essential to operations, and probably several databases, and software to manage a website (if not a server to run one) etc.

Joseph TellerJoseph Teller May 23rd, 2008
Report offensive content Reply (0) (0)

Third party software...

Come to ours. Autocad, 3DS Max, accounting system that is Windows IE7 only, Mathcad, Extensive use of handhelds that must sync over the air for e-mail/todo/calendar/contacts, image editing. Not to mention the 20 or so more specialized things that various people have. Oh and ACT (ugh).. Lots and lots of MS Office documents from clients. We were formerly a WP shop and management mandated a change to MS Office because (drumroll) that's what everyone uses.

AnonymousAnonymous May 24th, 2008
Report offensive content Reply (0) (0)

terminal apps!

I just finished up a contract at a large company in Framingham, MA. Seemed like almost everyone spend half their day logged into AS400 and mainframe machines. On Windows they needed expensive, third party terminal emulation apps. If they sat in front of Linux or MacOS X desktops they could prolly use terminal.app or gnome-terminal.
As for word processing and spreadsheets, how the bleep did these apps get called, "productivity apps?" They do nothing but get in the way. These big corps would save billions if they switched to web-based apps like google apps.

AnonymousAnonymous May 24th, 2008
Report offensive content Reply (0) (0)

linux on the desktop? pffff

I've been running Linux on my desktop, laptops, and servers for over 12 years. Linux on the desktop doesn't pass the mom test. Ubuntu is almost there but not all the way.

And Openoffice blows. Compatibility issues aside, its not as powerful as MS Office. I'm not saying MS Office is good, it just sucks less.

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

Wrong! MS apps DO run in linx and Mac

Check out codeweavers.com for Crossover Office. I use it and can run MS Office, Photoshop, Visio, and others. The difference is that vulnerabilities of any of these apps is nullified because the apps run in VM sessions and the rest of the system is TOTALLY safe from infection. Even if a hacker created malware specifically intended to penetrate WINE or Crossover Office, the user is not logged in as root and any attempt to install anything would result in a popup window asking for the root password.

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

Re:linux on the desktop? pffff

Windows Vista and OSX dont really pass the Mom test yet either. Mom needs a good webpliance but those never support all of the plugins etc. needed for web browsing,

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

Indeed.

OpenOffice/ Evolution running under Linux Thin Client Server.

All your problems trhen would go away, well, your virus problems at least.

For other problems, buy support from IBM or Novell or Sun or someone.

AnonymousAnonymous May 21st, 2008
Report offensive content Reply (0) (0)

you're kidding right?

To suggest that linux/bsd are invulnerable to attack is naive and ignorant. There again, the suggestion that we completely abandon antivirus software just because someone works out a way around them is ludicrous too. What about the thousands of kids out there still using old techniques that they picked up off the internet - do we just throw the door open to them?

Talking about doors, lets not bother locking them either since it has been known for burglars to break a window.

xBeaniexBeanie May 21st, 2008
Report offensive content Reply (0) (0)

Mestara

Exactly right. It may be playing catch up but it is blocking known exploits used by script kiddies or drone computers trying to gain access. While it is not the be all and end all it is no doubt better than nothing.

AnonymousAnonymous May 21st, 2008
Report offensive content Reply (0) (0)

We already protect the windows...

But Windows doesn't protect its users.

In the internet you can read this:
If bugs bother you, close Windows.

And this one:
"This program requires Windows XP or better." So I use GNU/Linux.

I use GNU/Linux at home, but I can say that Windows is safer as smarter is its user. I mean that AV aren't as good as an user who knows where to surf and what to execute.

AnonymousAnonymous May 27th, 2008
Report offensive content Reply (0) (0)

Are you serious?

Linux has far more patches that come out for it's distributions than windows does. Mainly because of all the bundled products in it, however hardly anyone ever says, I don't want this or that or the other thing and they go with the standard install. I've been running Linux since Slackware was pre 1.0 beta and it's hardly more secure. Is it more "virus" proof and more "spyware" proof? Hard to say. You certainly don't have the rates of proliferation with Linux that you do on Windows, but that could merely mean that it's not targeted as often due to market share. If you're a spyware maker, you focus your efforts on the biggest area of return.

There are generally far more ways however to gain elevated access to Linux boxes than there have been for Windows boxes.

As for saying that patching and AV are a waste of money. Please. People occasionally fall over railings and get injured. We don't say that because this happened, putting in railings is a waste of time.

Would you rather tackle one infection that got past, or 500?

Security products are going to have to evolve to compete with the malware threat. OS's are going to have to evolve, and most of all, END USERS are going to have to evolve. But lets not say that AV and Patching is a waste of money. I'll put my fully patched system with AV on the internet and your unpatched system with no security on the internet and we'll see which of us stays running longer and which of us can get more work done, and which of us spends more billable time fixing our computers.

Bob StevensBob Stevens May 23rd, 2008
Report offensive content Reply (0) (0)

Can't believe you said this:...

"There are generally far more ways however to gain elevated access to Linux boxes than there have been for Windows boxes."

Are you nuts? First of all, linux users don't log in as admins, or root. The very fact that Windows is shipped with the intention that the user will run as an administrator nullifies your statement. VISTA didn't improve this much at all. For one thing, most users of Windows that try to run as a "limited user" quickly find that many apps won't run. In fact, you can corrupt Zone Alarm Security Suite if you set up a limited user account, upgrade Zone Alarm as administrator and then log back in as a limited user. True Vector service will constantly stop working. I could go on for years...

More ways to gain elevated access in linux? Prove it. For all the years you say you've been a linux user, that statement undercuts your credibility; big time!!!

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

Sigh..

Interesting how you throw out the prove it statement and yet you offer no evidence to disprove it other than your own statement. Be careful what you wish for there, because you'll get it at the bottom of this reply.

Most people don't run windows as a standard user which is a whole other argument and I agree with you, there are things that flat out do NOT run when you are a standard user. I run my windows box as an administrator. I also know way to many people that run their linux boxes logged in as root because it's more convenient for them. Please don't make blanket statements that Linux users don't run as root. They do. A lot of them. Smart? No, but it happens more often than you think.

We run a mix of Windows servers here along with Linux and yup, even some Netware thrown in there. Linux by far has the most patches of all the servers I run. That doesn't mean I'm going to trade it in any time soon. I'm much more comfortable running Apache/Linux on the internet than Windows/IIS any day. I just make sure I keep it up to date. And that can be a bit more work to a degree because you have things like PHP to worry about and possibly mysql or postgress, but on Windows you may have SQL server.

Everyone could go on for years about something, we don't need to be drama queens about it.

http://news.zdnet.co.uk/security/0,1000000189,39292173,00.htm

"The company found that Red Hat had the most reported vulnerabilities out of those operating systems, with 633 flaws. Solaris had a total of 252 vulnerabilities, while Apple Mac OS X came third with 235. Windows came fourth with 123, while HP-UX had 75 reported flaws."

Now as they state, XP is not a server operating system. But people running Linux on their desktop generally are not using it as server OS's either.

If you want to compare Server to Server (this article is from Secunia written in January of 07)
http://www.aspserveur.com/Documents/linux%20vs%20windows%20vulnerabilite.pdf

"Windows Server 2003 had 110 identified vulnerabilities, Red Hat ES 4 had 241, and Red Hat ES 3 had 320. Windows Server 2003 has been in release for 1337 days, Red Hat ES 4 has been in release for 670 days, and Red Hat ES 3 has been in release for 1167 days. Windows Server 2003 has less than half the vulnerabilities either version of Red Hat has despite being in release twice as long as Red Hat ES 4 and six months longer than Red Hat ES 3."

We'll throw this link in too because it's got pretty graphs..

http://blogs.technet.com/security/archive/2007/08/16/july-2007-operating-system-vulnerability-scorecard.aspx

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

You're leaving something out

Unless you are subscribed to something such as Redhat's update service or Novell's update service for SLES, (I can't speak for debian/ubuntu or others as I've not run them), you are probably not even staying patched.

You can build by hand, I've had to almost rebuild every package on a Cobalt RAQ server by hand because someone I know refuses to get rid of it, and it hasn't been supported for years, but that's VERY time consuming.

There are just too many little vulnerabilities out there in various linux packages. Yes the authors do a great job patching them and patching them quickly, but keeping up with them manually is no trivial task. Microsoft love or hate it does a nice job with Microsoft update for their products, but that doesn't cover other software such as say Adobe Reader, Quicktime (with it's hole of the week), flash, shockwave, java, and all of the other common things that people have installed.

If you're in a corporate environment you can try something like Patchlink for patch management which purports to acquire/test/push all of these for you, but if you don't own that, you the corporate sysadmin have a near full time job watching for the latest vulnerability in any of the programs that you run on your network. It's the things like Flash that will kill you too in the long run too because everyone has it and hardly anyone is up to date.

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

You're leaving something out - Ubuntu/Debian

"Unless you are subscribed to something such as Redhat's update service or Novell's update service for SLES, (I can't speak for debian/ubuntu or others as I've not run them), you are probably not even staying patched."

Microsoft only supports upgrades to Microsoft products, for the rest you are reliant on the individual vendors.

Linux distros,,including Ubuntu and Debian, support everything in their repositories through one upgrade mechanism. With Debian it is so simple, but when I have to maintain the family XP boxes I groan with frustration. As someone else in here has observed, DOS resembles a minimal, single user subset of Unix, and all Microsoft's problems stem from that, Windows is a Gormenghast system balanced on the foundations of a garden shed.

Andrew GossAndrew Goss May 23rd, 2008
Report offensive content Reply (0) (0)

Running Linux as Root

"I also know way to many people that run their linux boxes logged in as root because it's more convenient for them. "

I wonder what they are running? Ubuntu has no Root user, Debian won't let you log in as Root, all the distros I have installed make you create a normal user account. I cannot image how running as Root could be more "convenient".

I have to support a couple of family XP boxes, which I have set up with admin and user accounts, and everything runs under the user accounts, except for a very old Paint Shop Pro, which has therefore been ditched for The Gimp.

By contrast with the "bodge over bodge" that is XP, Debian is a breeze to administer. By all accounts Vista is XP with yet more bodges on top, including UAC which I suspect is intended to be so unfriendly that no-one will use it, and it can be dropped from the next version, it having been "proved" that users don't want it - a very old trick.

I don't know why people are still talking about AV on its own, it has to be seen as part of a defence suite that includes a firewall. Over the past decade or so we have only intercepted a handfull of email viruses, but given the trouble they might have caused I consider the investment well worth while.

Andrew GossAndrew Goss May 23rd, 2008
Report offensive content Reply (0) (0)

Re: Sigh...

Anonymous does a good job distorting the facts here:

1. ZDNet actually reports more vulns for RedHat, but explains clearly why these numbers cannot be compared at all (patches for all apps included in RH vs Microsoft-only patches in Windows; single vulns counted multiple times, for each OS version).

2. The second document is NOT by Secunia, but by Microsoft. Anyone intersted to read it will quickly find out it is pure MS propaganda, covered up with scientific style, but based on Secunia numbers (see 1.).

3. Jeff Jones has his very own way of counting vulnerabilities. I do not want to spend my time on looking at that in depth, but judging from the multicolour bar graphs... ;-)

The main point for me seems to be a different culture of reporting and counting vulnerabilities (Open or Closed).

Erich KutschinskiErich Kutschinski May 23rd, 2008
Report offensive content Reply (0) (0)

Facts..

You're welcome to post your own. It's convenient for those that disagree to throw statements out and not back them up and then say whatever evidence presented isn't valid, without offering a single fact of their own on the other side.

I'm out. I have no interest in a political debate where one side offers information and the other side just says no no no wrong wrong wrong without putting anything of their own out there.

Linux is still too complex for non technical home users. It's made HUGE progress in the last 2 years towards that front, and I expect it will continue to do so. People here need to remember that just because they can run it doesn't mean their parents can. Most people who read these types of articles usually have a computer background.

To Andrew, the guy you replied to did state that MS update only covered it's products :)

The blessing/curse of Linux is that you have thousands of little packages all maintained by different people that go into a distro. I mean look at the advanced setup when you do an install of everything you can install. Look at how many things are already selected. Joe end user is not going to know he doesn't need X Y Z or that he should be adding A, B, C. Especially not when there's 30 pages of that if you go down to a package level detail. More developers = good. Distro's such as Novell/Redhat/Ubuntu/Debian/Slackware/.../.../... help bring that all together, but... that's also a blessing/curse. Will my stuff written for SLES run on RLEH? Probably. Will it always be supported? Not always. More so on the enterprise level than the desktop level, as some enterprise vendors will only support a given distribution. It will work on others, but they won't support it officially.

This is where Apple becomes more appealing, because when it hits the fan with what's under the hood, you have one place to go. Apple. They are the front man on the OS there. Sure it's *nix based, but the average person doesn't know that. It's Mac OS to them. It isn't really "Linux OS" anymore to people. It's Ubuntu. It's Fedora, it's OpenSuse... oh ya it's Linux... is a secondary thought. And there's that BSD thing out there somewhere too :) Days like this I miss running Ultrix 4.2 on a Vax 8600. (not really)

AnonymousAnonymous May 24th, 2008
Report offensive content Reply (0) (0)

not really...

"Or you could just use reliable operating systems such as Linux or BSD and sidestep the issue entirely."

Actually that's not a solution. The minute FOSS OS's surpass MS windows in market share, they'll be targeted... Virus and malware authors target windows because it's simply the biggest target and that's where they get the most bang for the buck.

The minute FOSS platforms are interesting to these people, they'll be writing viruses, malware and worms for them. By interesting, I mean become the biggest target.

Default deny in conjunction with a layered approach is the only solution that can work because it's future proof. Blacklists are not. They are the completely wrong way to deal with the problem.

Blacklist approaches:
Antivirus
Blocking vulnerable ports
patching

All of them simply fix the things we know about and leave us wide open to what we don't.

SELinux is so powerful because that's precisely the approach taken with processes. Whitelist the processes that are allowed to run and they are the only ones that can run, at least til there's an exploit for SELinux.

That crushes any malware or virii that try to run because they aren't in the list.

Unfortunately most people set SELinux to permissive mode, which completely nullifies any benefit it could offer.

A whitelist proxy and firewall offers the same benefit to network communication (in addition to blocking ads 8)

-Viz

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

It's more than just market share.

"he minute FOSS OS's surpass MS windows in market share, they'll be targeted..."

Whilst there is some truth in your argument, They are still fundamentally more secure in many cases. Effort aimed at compromising Windows systems will generally yield greater dividends for criminals than the exact same level of effort aimed at other platforms. If Windows were as 'secure' as say, BSD, it would simply roll over and stop working.

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

Linux Solution

We are about to trial an OpenSUSE 10.3 opensource solution using the built in version of FreeNX server to offer our users a thin client "terminal" that delivers a KDE desktop with openoffice.org and Zimbra for email. The Migration from windows can be staged as we have all our folders on an OpenSUSE server with Samba Windows shares. This version of Linux offers support for Palm handheld sync, has graphics programs similar to MS Paint and has built in open source VOip application "Ekiga" Anything else we use Codecharge studio to design PHP/Mysql web enabled databases running on opensource Apache/MYSql LAMP stacks. When we expand we will spend a little money and buy the commercial load balancing software from NoMachine for FreeNX.The FreeNX protocol is amazingly quick, puts RDP and similar to bed at 4 in the afternoon. I recommend everyone has a good look at www.opensuse.org and also www.nomachine.com

MichaelMichael May 24th, 2008
Report offensive content Reply (0) (0)

With all due respect -- nonsense

You really ought to learn what systems the first viruses and worms were developed on and then advance to Ken Thompson.

The simple truth is that malware is just code and the main task of an OS is to load code so it can be executed by the CPU.

There is as much a safe OS as there is a safe car, a safe plane or a safe Space Shuttle, end of story.

What really needs to be hammered into peoples heads though is not to trust anything or anyone on the Internet more than they would trust anything or anyone suddenly popping up on their doorsteps, but as long as people feel cosy sitting at home and everybody and his brother thinks he'd be a computer expert there will be trouble.

Oh and by the way I've been working with and on everything from mainframes down to embedded systems and security is one of my pet issues and rest assured I've had people trying to break into various *nix machines I've been responsible for in various ways, too.

Machines can't think, though but people can and those who believe they'd leave the thinking to their machines are bound to lose.

Or they may even have lost already but simply don't know.

AnonymousAnonymous May 27th, 2008
Report offensive content Reply (0) (0)

Get everyone on Linux

and then the attacks will start there.
The only reason Linux & Mac are currently not being attacked in significant num,bers is because of their low penetration in the market.
raise their market profile and the attackers will turn their attention to them

M@TTM@TT June 13th, 2008
Report offensive content Reply (0) (0)

Reply to Cisco CSO

I do not agree with Cisco CSO observation. Even whitelist softwares are not totally protected. The threat is global and even many times Cisco IOS are not spared from these attacks. None of the system in todays world can claim 100% secured. Hence, development of patches for software irrepective of vendors to remain.
Shiva M.

Chella NamasivayamChella Namasivayam August 12th, 2008
Report offensive content Reply (0) (0)

Definately not a waste

I hardly believe antivirus software is a waste of money, especially when one considers the vast amounts of malware out there that gets blocked.

I do agree though, that a layered approach is the only way to keep a system/network safe from malware threats.

Still one of the big reasons systems get infects is users opening up applications and email attachments that aren't safe. User education is key to system security.

John Van Der LooJohn Van Der Loo May 21st, 2008
Report offensive content Reply (0) (0)

Recurring theme

Taking John out of context a bit to stir up the A/V vendors I think.

A recurring theme throughout AusCERT, at least the sessions I attended, are that what is really needed is an OS that is not vulnerable to these types of problems in the first place, instead of all this constant patching and A/V band-aiding. Or to paraphrase one speaker today, you can't build a house on a foundation of swiss cheese.

And don't think its just a windows problem. I'm a big time Mac fanboy, but I have no illusions about the exponential increases in various types of attack we are going to see on our side of the fence as Apple gain more market share, not to mention the increase in attacks that don't target the OS directly. The average user is usually dumb enough to get his/herself into trouble.

AnonymousAnonymous May 21st, 2008
Report offensive content Reply (0) (0)

Nice...

It's always nice to see a mac user who's enlightened(the numbers seem to be growing fast 8). We just need to get to work on the linux people that think their distro is the most Secure OS in the Universe(tm) based on a 2 day cracking contest at CanSec.

"You can't get viruses or malware on linux" is something that really scares me because that's just about all you see in a conversation about security with linux users... I do what I can 8*(

I have the feeling that when the Big One hits(again, last time it was an SSL worm in 2002), most will have their pants around their ankles...

-Viz

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

You need "Capabilities"

The architecture of a common mass market OSes means it is impossible to ever create an environment on them that is immune to viruses and other attacks. At the fundamental level the internal securtiy architecture of Windows is the same as that as Linux and Mac-- they all use a variety of ACL (access control list) architecture.
What a kernel needs to provide to support secure computing is POLA (principle of least authority). Such kernels do exist-- they have actually been around for decades. Examples of POLA kernels are those that are based on "Capabilites" such a KeyKOS and its descendants EROS/COYOTOS/CAPROS. (Capabilities here are completely different the kernel 'capabilities' provide by Linux). It is trival to create enviroments on these kernels that are immune to virsuses.
There are various projects to introduce a POLA environments on traditional OSes--- projects such as Plash and CapDesk. Although ultimately these are only as secure as the underlining operating system.
See http://en.wikipedia.org/wiki/Capability-based_security for more info.

Peter SmithPeter Smith May 23rd, 2008
Report offensive content Reply (0) (0)

Javascript

I guess the solution is to block all known freeware download sites, and switch everyone to Firefox with the NoScript plugin.

Then they will browse safely...and the NoScript plugin has a whitelist so you can enable Javascript for the sites that you trust, while blocking ALL known types of scripting for the sites you casually visit.

Then it will just be email attachments left that we have to fear...

AnonymousAnonymous May 22nd, 2008
Report offensive content Reply (0) (0)

Javascript

All of which can be done with Windows using IE Security Zones.

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

Sure Annonymous

Except you're forgetting you can get malware from a hard drive or thumb drive straight from the factory (as several news stories have proved in recent months). So you're going to also turn off all their USB ports (good luck)... oh and also their DVD drives since they can also get them that way .

Joseph TellerJoseph Teller May 23rd, 2008
Report offensive content Reply (0) (0)

Malware via removable storage

With good engineering practice applied I don't
see how this should work.
contraindicated:
auto style execution from inserted media
files executable from inserted media
...

G!
MACC

AnonymousAnonymous May 28th, 2008
Report offensive content Reply (0) (0)

MAC is awesome...

MACs can't be broken. They are superior to Windows. I have never been breached by malware.

LinusLinus May 23rd, 2008
Report offensive content Reply (0) (0)

Really?

Why does apple keep releasing security updates then? The fact is, malware targets the largest platform. If I have limited resources, and I going to code to hit 200 million machines? or 20 million?

As Apple market share increases, so will the level of threats.

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

re: Really?

"As Apple market share increases, so will the level of threats."...

You mean IF Apple market share increased past a certain point. I'm a total Mac fan, but the reality is that, as a deluxe computing platform in a world where most consumers (and businesses) mostly care about price, Apple will NEVER achieve the market share needed to attract significant numbers of malware authors. It doesn't need to: Apple is quite profitable with their elite strategy, without competing head-on with Microsoft.

Therefore, if you're willing to pay the money, Macs DO represent a viable security strategy for the foreseeable future.

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

MS's loss is Apple's gain

The market is Microsoft's to lose. They keep adding more fun DRM and other anti consumer features, while bloating up the operating system. Windows 7 will be make or break for them. Vista is only being adopted because you don't have a choice as an end user when you order a machine from most places. Corporations by large downgrade Vista machines to XP when they come in.

I don't see Vista suddenly becoming more acceptable, and that leave XP which Microsoft intends to leave high and dry.

SO the question is this. What do you do with all that hardware that's out there when you have a company like Microsoft that wants to move you to an OS you don't want?

You could go with Linux on it. Or... Apple could take off the "you can only run OS X on apple hardware" clause and make it available for anyone to buy. I think you'd get some crossovers there. The problem with doing so is that they then have to support a LOT of hardware in terms of motherboard chipsets and other devices. I'm not sure they have the infrastructure in place to be able to deal with that.

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

Have You Looked At The Market?

The market share on Apple has already reached the point where there are virus checkers for it because it has reached the level where folks write for it.

And the Mac is getting awfully visible around here... nearly every student in or coming out of Harvard, MIT, etc are Mac users.

The fact that the new Macs can be set to dual boot either ops system (and runs faster then most PCs) means the Macs are the machines of the future... with no Vista need apply...

Joseph TellerJoseph Teller May 23rd, 2008
Report offensive content Reply (0) (0)

Cisco + Linux

Considering that Cisco are moving their routers to a Linux platform base I'm a bit suspicious of this kind of talk coming from them. Especially the part about an OS built up from non swiss cheese. That said I don't think antivirus software is the way to go. Whitelisting does work. It assumes everything is bad except what you've chosen is good and is a long standing best practice in security.

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

Free or No Patches?

Is it safe to assume that future IOS patches will be free or will there be none at all?

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

sounds like the standard for web dev

This is how any good web developer would develop an application. Makes sense to start treating the rest of the web the same way.

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

Just to state the facts...

3 targets at the latest "Hack a box/win a box" contest...

Windows Vista Ultimate.
Mac OS X
Ubuntu.

Mac was gone on the first day due to an exploit in Safari.

Windows died next...

Ubuntu however, remained uncracked, unhacked, and 100% stable.

So, between those three basic options, I'd say Ubuntu, and most of Linux in general, is the way to go for security and stability and protection from viruses.

Cheers.

Ghost|BOFHGhost|BOFH May 23rd, 2008
Report offensive content Reply (0) (0)

Nothing is Safe

I remember reading the article where some of the contestants mentioned that they saw a bunch of exploits in Linux but did not want to spend the time to write something to exploit it.

Wonder if they were Linux fanantics that did not want Linux to to get a bad rap as thus they decited to by pass exploiting the OS.

Any competent IT person knows that no OS, FW, AV, etc is safe no matter what anybody says.

If someone wants to spend the time, effort and energy to break into your system or network, they will. Unfortunately all we can do is make it harder for hackers to get in by keeping our defenses up to date with patches or configuration changes to limit the exploits.

Mars BarMars Bar May 23rd, 2008
Report offensive content Reply (0) (0)

Bah!

Maybe nobody wanted to win a Ubuntu box?

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

about whitelisting binaries

for enterprises.. whitelisting is a very good option as compared to anti-virus when it comes to strictly controlling what all can run on production server or even desktops/laptops of employees..

There is a product from solidcore to do exactly that.. allow only whitelisted binaries to run .. and an admin can define the whitelist.. and centrally/selectively control execution of only the binaries in that list on all computers in an enterprise..

-Yv

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

Companies do have legacy WinApps - here's how to cope...

1) Set up the Linux distro of your choice; users will do web/word processing/spreadsheets/mail/etc. ("general Internet stuff") there.

2) Set up a good virtual machine manager app - my fave is Virtualbox - not the open source version, the "full tilt" copy as the latter allows USB passthrough to the guest operating system and "networking" between guest and host OS.

3) Run Windows XP as a virtual machine in a very "locked down" configuration - no random Internet access for starters. Where possible shut it down from Internet access at all, failing that "whitelist it" purely to business-related comm needs. The users shouldn't complain because anything more creative can be done in Linux.

4) Since the Windows virtual machine image is a single multi-megabyte file on the user's Linux home directory (.VDI in VirtualBox), if XP shows any signs of coming unglued, give the user a click-activated script to reload the .VDI file from a LAN. All of your Windows XP reload/cleanup operations just got turned into a single Linux file copy command.

Or, since the .VDI is inside /home you can just restore from backup whenever needed.

Linux itself will act as a "firewall from hell" surrounding Windows. Anti-virus shouldn't be needed.

This *works* right now, folks. And Sun just bought Virtualbox and are extending it...

Jim MarchJim March May 23rd, 2008
Report offensive content Reply (0) (0)

Alas - more naivety

I primarily use Windows but utilize various OSes in my day-to-day job. The *nix OSes are slightly more secure but I believe it's due to security by obscurity. Any OS is just as hackable as Windows. If you think otherwise, you're blind to the intelligence behind malware coding. These people (malware coders) have a lot of spare time and probably a lot of monetary motivation depending on the target.

CSHCSH May 23rd, 2008
Report offensive content Reply (0) (0)

XP in a VM... not...

The whole locked down XP in a VM is not going to happen. What you need to understand is that IT does not make major IT decisions on stuff like that in the majority of companies. Users with clout who buzz in managements ear do. Poll around, you'll hear story after story of IT being overridden by someone who can't figure out why their computer won't work when the surge strip is turned off.

If you tell them that all their app's will run in XP in a VM under linux, the will say, then why do I need Linux? Why do I have to go through the hassle of doing this.

Plus that XP machine will almost certainly need network access to be able to get to shared files etc. Now what you've done is actually introduced 2 vulnerable OS's onto each box instead of one, and you've doubled the amount of "machines" you need to maintain.

Even if it was a flat out perfect solution, most companies would never do it because you would get high level CXO's or... their administrative assistants complaining about what a burden it was and you would be overruled. There are VERY few companies where IT can say, this is being done this way period, and it actually happens.

AnonymousAnonymous May 24th, 2008
Report offensive content Reply (0) (0)

Re: Sound Familiar?

My only problem with that is the "default permit" section.

Take a firewall for instance. How many app's can you name offhand that flat out expect to be able to use any port from 1024-65535 in order to work. I can name several. Some things like passive ftp can be limited to a range, but others can not. (MSN video?) Application vendors need to get off this kick of I'll use whatever damn port I please and you'll like it. We should have more control over what it's going to be using. Not everything is proxy friendly either.

It's like saying nobody should run XP as an admin when we all know there are app's that people need that require it.

AnonymousAnonymous May 24th, 2008
Report offensive content Reply (0) (0)

What an idiot...

For the general computing population, especially in offices. It protects against a multitude of threats. Coupling it with good policy and processes and you can have an effective barrier (nothing is 100%, but should we just stop installing doors with locks because criminals can break through windows?)

AnonymousAnonymous May 23rd, 2008
Report offensive content Reply (0) (0)

today...

If microsoft were any good there would be few things to worry about in the virus department.
There is no need to fork out more money for an anti virus if you don't run windows. waste of time, money and resources, end of story.

AnonymousAnonymous May 30th, 2008
Report offensive content Reply (0) (0)

Please

Just give me an "PC"appliance where the OS is in silicon and I throw it away in three years. I, like many others, don't want to mess about with PCs but want word, xls etc and a browser. That way you can keep your updates and patches and the majority of PC users will agree.

SimonSimon June 18th, 2008
Report offensive content Reply (0) (0)

Here we go with the linux fanboys..."linux doesn't get viruses!!".

A.) Yes it does. A virus is simply software with malicious intent. Last I checked, all flavors of linux run software. So just stop on that one, you aren't fooling anyone.

B.) Their are very few viruses written for linux, why? Because nobody cares about linux, they don't have the market share and never will. Yes fanboy, that includes servers. Look at the market share stats again.

C.) Stop taking stabs at Microsoft. They have one of the best security development processes in the world, they have to support hundreds of millions of customers, something your garage based linux developers could only dream of.

D.) Many security analysts agree that linux is actually less secure than windows in many ways. Microsoft has millions of hackers everyday testing their software due to the fact that it's a widespread piece of software, if they break it, it's worth money.

E.) See point B, nobody cares about breaking into linux. Yes their are servers running unix with sensitive data. They aren't after sensitive data these days, they are looking to build botnets and other related activity. Tough to build a linux botnet, since they have so little of the market consumer side.

bluedragon99bluedragon99 May 28th, 2010
Report offensive content Reply (0) (0)

Windows XP in a VM is no more secure than if it were running on the hardware natively. If anything, it just gives me another layer to attack. If Windows XP is missing a patch, I can easily exploit that, in a VM or native, doesn't matter. VM do not inherently provide security. Neither does running linux underneath XP. I'd simply attack XP in that case the same as I would attack it normally.

bluedragon99bluedragon99 May 28th, 2010
Report offensive content Reply (0) (0)
Add your opinion

In order to post a comment, you need to be registered. (Sign In or register below)

Post your comment

Power Centre Useful content from our premier sponsors

Resource Centre Useful content from our premier sponsors

ZDNet Australia Live

A user from Brisbane measured 12570kbps @ Broadband Speedtest.

4 minutes ago, Click here to find out how fast your internet speed is.

More people watching television shows online - ZDNet UK (blog) http://bit.ly/aUYPYL

Try..a startup company in san jose RT @seesmic Seesmic listed by @ZDNet - Top 25 Android apps: The best of the best http://ping.fm/goi9K

News: McAfee acquires tenCube; Second quarter mixed bag #Geek #WebTech #News http://bit.ly/bXOAKp

Microsoft's Windows Phone 7 marketing pitch: 'I'm a phone too' http://bit.ly/bdmUY0

Real cuts losses amid restructuring, still misses analyst estimates http://bit.ly/am9dUD

McAfee acquires tenCube; Second quarter mixed bag http://bit.ly/bXOAKp

Coinstar sees growth in DVD business; adds Blu-Ray to Redbox offerings http://bit.ly/clRRF8

DOJ sues Oracle over GSA contract http://bit.ly/ctbmuF

RT @seesmic: Seesmic listed by @ZDNet - Top 25 Android apps: The best of the best http://ping.fm/goi9K

Dell Inspiron i14R-2265MRB http://bit.ly/caPUGs

Microsoft's Windows Phone 7 marketing pitch: 'I'm a phone too': We'll be really aggressively marketing Windows Pho... http://bit.ly/cYmvOo

News: Microsoft's Windows Phone 7 marketing pitch: 'I'm a phone too' #Geek #WebTech #News http://bit.ly/bdmUY0

Apple or Jailbreakers: Who are you gonna hang with? http://bit.ly/bA7cI0

Microsoft's Ballmer: Windows 7 slates are 'job number one': Microsoft CEO Steve Ballmer reiterated at FAM that the... http://bit.ly/cyqr98

The Facebook imperative for enterprise software http://bit.ly/dm3GtZ

Apple unveils Safari Extensions Gallery for extensions, updates for security http://bit.ly/aEpt6v

Microsoft's Windows Phone 7 marketing pitch: 'I'm a phone too' http://bit.ly/b0Z6aQ

BlackBerry encryption 'too secure': National security vs. consumer privacy - http://bit.ly/cjBUzd

BlackBerry encryption 'too secure': National security vs. consumer privacy: It's so secure, that tho... http://bit.ly/bxXN6J @sardarlawfirm

RT @ldignan: Microsoft's Windows Phone 7 marketing pitch: 'I'm a phone too' http://bit.ly/cYmvOo .. plays 2nd fiddle with "i" and phone

RT @TeamViewer: TeamViewer among 10 outstanding cross-platform apps according to ZDNet UK http://bit.ly/aNYpJ5 Thank you, Jack!

RT @seesmic: Seesmic listed by @ZDNet - Top 25 Android apps: The best of the best http://ping.fm/goi9K

RT @EverythingMS: Microsoft Internet Explorer 9 beta due in September http://bit.ly/aJoGyu

Microsoft's Windows Phone 7 marketing pitch: 'I'm a phone too' http://bit.ly/cYmvOo

Microsoft's Windows Phone 7 marketing pitch: 'I'm a phone too' http://bit.ly/cgwuDf

"Not greatly dissimilar to the public jubilation felt at the end of the second World War, Sydney-siders ..." http://bit.ly/cTvyuB #reallysad

Hilarious coverage of the iPhone 4 launch from the CNET guys. http://bit.ly/cTvyuB

What a sad way to live if the only joy in your life is to queue for a piece of defective technology sold by a vendor who accused his loya...

1 hour ago by fred9999 on iPhone 4 Australian launch: pictures

@Jetttje: outlook-alternatieven: http://www.zdnet.com.au/top-alternatives-to-microsoft-outlook-339295046.htm

RT @NASAWatch: NASA photos mooned in abandoned Maccas (LOIRP) http://bit.ly/arFI4Y

http://bit.ly/9y8rsU Multimedia Toolbar Icons - Free Software Downloads - ZDNet Australia

I am happy to know I was right about predicting Symantec's stock price and the furture trend. As I have pointed out a few times, I th...

6 hours ago by strelaoz on iPhone midnight launches across Australia

Just weirdly found out Michael Yell - Country and Regional Director for OEM, XSP and Services Business at Symantec Asia Pacific and Japan...

6 hours ago by strelaoz on iPhone midnight launches across Australia

As I have reported to Symantec Ethics about David Freer’s (VP, Symantec – Norton, APJ) misconducts (fraud, having dissented sex with ...

6 hours ago by strelaoz on iPhone midnight launches across Australia

David Freer (VP, Symantec Consumer Business Units - Norton, APJ) is a BIG LIAR! He lied to me for more than two and half years for my tru...

6 hours ago by strelaoz on iPhone midnight launches across Australia

My speed is 33 807 I'm with bigpond cable

8 hours ago by francoo on Broadband Speedtest

That is a beautiful boat,but, I'd still rather go to sea on a first flight 688 boat.Preferably the 689 if Clinton hadn't decommis...

9 hours ago by rogue689 on Get wet with submarine tech photos

For many other reasons, than just the net filter, the current has to go. Still, I wouldn't trust Abbot either. There are however chec...

10 hours ago by ian_from_oz on Conroy's filter masterstroke

RT: @zdnetaustralia: http://bit.ly/cJU6Mf We've added Virgin to our iPhone 4 pricing table comparison.. See which telco has the best deal.

The pick: five business iPad apps http://fb.me/DOid8NXt

Apple to look at iPhone 3G iOS 4 problems - Software - News http://bit.ly/cmaTAJ _ that's nice of them

Stop trying to dodge the filter issue, Conboy; it'll bite you in the **** whether you like it or not.

13 hours ago by Hyperion on Conroy pledges NBN map, same policies

@merejames http://bit.ly/9YJ6e7

Facebook va lansa un serviciu de răspunsuri la întrebările utilizatorilor http://bit.ly/aS4kLC

Survey proves #AUS e-health demand http://j.mp/ah9Iwf /via @ZDNetAustralia

A "profound cultural change" is required for a truly open government http://bit.ly/bTht86 /via @zdnetaustralia #gov2au

As one who has been as critical as any of the Sol era Telstra...as long as Telstra are leaving feasible room for profit margins for their...

14 hours ago by RS on Is Telstra the scorpion or the frog?

David, while the popular opinion, at least in the eyes of Telstra opponents, is to use every devious argument to stifle the operations of...

14 hours ago by sydneyla on Is Telstra the scorpion or the frog?

Question two: What is stopping.... "AUSTRALIANS could save up to $1.9 billion a year in travel costs, petrol and time if they spent h...

15 hours ago by Vasso Massonic on Is Telstra the scorpion or the frog?

Survey proves e-health demand: NEHTA http://itrau.com/bt9f8w via @ZDNetAustralia

David, please elaborate on Telstra's response, stating competitors could gain network access for "as Little as $2.50 a month...

15 hours ago by Vasso Massonic on Is Telstra the scorpion or the frog?

RT @zdnetaustralia: Survey by NEHTA proves there is a demand for e-health http://bit.ly/bXuT1K

RT @zdnetaustralia: Telstra cops $18.55 million fine for exchange capping http://bit.ly/9cL91V

RT @zdnetaustralia: Survey by NEHTA proves there is a demand for e-health http://bit.ly/bXuT1K #yam

A good read..RT @zdnetaustralia: Is Telstra the scorpion or the frog? http://bit.ly/cSgC31

RT @zdnetaustralia: eBay and the Trading Post online help the Australian Taxation Office catch tax cheats http://bit.ly/dBDXRz

im gonna get it, if i dont like it i flush it down the toilet i dont care im rich, yeah you negative people should get a life

15 hours ago by booostking on Date set for Aussie iPhone 4 release

Umm, what is wrong with these two, chronological sentences from above, from Paul Fletcher? "We are deeply concerned that the new pro...

16 hours ago by RS on Lundy vs. Ludlam, Fletcher: election debate

RT @zdnetaustralia Tesltra tweaks its data plans for all smartphones (not just the iPhone 4) http://bit.ly/bxO0G2

RT @zdnetaustralia: Is Telstra the scorpion or the frog? http://bit.ly/cSgC31

Is Telstra the scorpion or the frog? http://bit.ly/cSgC31

@mibus http://www.zdnet.com.au/commbank-dives-into-580m-banking-it-revamp-339288467.htm

The tech keeping Plastiki afloat: photos: ZDNet Australia brings you the tech below deck on the epic Plastiki voyage. http://bit.ly/aTj1QU

http://bit.ly/cJU6Mf We've added virgin to our iPhone 4 pricing table comparison.. See which telco has the best deal.

Telstra boosts smartphone data: In a few hours, Apple's hyped iPhone 4 handset will launch in Australia. But Telst... http://bit.ly/a3E7wi

This story has been liked 5 times in the last 24 hours!

Keep up with ZDNet Australia

LinkedinLinkedin Join our network

RSS FeedsRSS Feeds Subscribe now

NewslettersNewsletters Subscribe today

TwitterTwitter Follow us

Sponsored resources