Antivirus is 'completely wasted money': Cisco CSO

Liam Tung, ZDNet.com.au

21 May 2008 10:43 AM

Tags: antivirus, auscert08, cisco, mcafee, john stewart, waste, money, whitelist

Companies are wasting money on security processes — such as applying patches and using antivirus software — which just don't work, according to Cisco's chief security officer John Stewart.

In order to watch video content you need to enable javascript and install Flash player version 8 or above.

Speaking at the AusCERT 2008 conference in the Gold Coast yesterday, Stewart said the malware industry is moving faster than the security industry, making it impossible for users to remain secure.

"If patching and antivirus is where I spend my money, and I'm still getting infected and I still have to clean up computers and I still need to reload them and still have to recover the user's data and I still have to reinstall it, the entire cost equation of that is a waste.

"It's completely wasted money," Stewart told delegates.

Read This:

AusCERT 2008

Check out all the highlights from AusCERT 2008, Australia's biggest security conference.
Read More Â»

He said infections have become so common that most companies have learned to live with them.

"There are too many companies in the world that actually believe infection is just a cost of doing business and are getting used to doing it — as opposed to stopping it completely. That's dangerous," he said.

A better way of dealing with the unknown is to use whitelists — where only authorised or approved software can execute, said Stewart.

"I'm sick of blacklisted stuff. I've got to go for whitelisted stuff — I know what that is because I put it there," he said.

Security software vendors did not agree.

Gavin Struthers, regional director for McAfee Australia and New Zealand, said that although installing antivirus and updating patches are not a perfect solution, they certainly aren't a waste.

"I disagree that it is a complete waste of money... Against today's sophisticated attacks, antivirus and patching won't stop these threats, so you need a layered approach and defence in depth," he told ZDNet.com.au.

Chris Thomas, technology specialist for CA's Internet Security business unit, said that antivirus alone did not provide enough protection.

Want to know more?

For all the latest news, analysis and opinion on security, click here

"It's not a complete waste of money. If it's the only level of protection that someone has, it's probably not going to be enough. The arms race between the malware writers and antivirus researchers is a constant race," he said.

Thomas agreed, however, that whitelists are a good idea: "The way security is moving now is, as John Stewart said today, whitelisting, as in 'trust what you know', as opposed to the black list signatures."

Talkback (55)
Print
E-mail
Share
- del.icio.us
- Digg
- Reddit
- Slashdot
- StumbleUpon

Talkback 55 comments

Add your opinion

Oh geezAnonymous -- 21/05/08

Or you could just use reliable operating systems such as Linux or BSD and sidestep the issue entirely.

Well said !Anonymous -- 21/05/08 (in reply to #320102193)

Give that man a penguin!

For the vast majority of office users all that's required is a word processor, email and calendering.

I'd suggest that you could drop a nicely skinned KDE desktop running OpenOffice in front of most users and they wouldn't know the difference, or if they did they'd need minimal retraining.

word processor, email and calendering?Dean -- 21/05/08 (in reply to #320102197)

If all your office workers need is a word processor, email and calendering, I'd like to see what it is they actually do all day... that may be true of most home users, but I don't believe it in an office.

I've never met a SINGLE office worker that only uses the "simple" office applications. Most of them have *at least* one other application that only runs on Windows.

Whether that's MYOB or some custom-built in-house application, it's all the same, really. If you want to set up MYOB to run in WINE or whatever, then go ahead.

The fact is, a properly configured Windows machine will run *ALL* the software you need to run a business, and it'll be safe from viruses and malware. The first step is to stop running as Administrator...

windows-onlyAnonymous -- 23/05/08 (in reply to #320102200)

presumably many of those windows-only apps could be run via rdp from just about any desktop. mount /home and /tmp no_exec and it raises the bar a bit on getting users to run your trojan. I'm not saying everyone should use a particular OS or that it'll work for everyone, be invulnerable, etc... but it certainly seems possible to use linux on the desktop in many cases.

Right You AreJoseph Teller -- 23/05/08 (in reply to #320102200)

I haven't met a company yet that didn't have to use more than the basics of an office package and a personal organizer.

If nothing else, every company has some sort of accounting software on their systems that is essential to operations, and probably several databases, and software to manage a website (if not a server to run one) etc.

Third party software...Anonymous -- 24/05/08 (in reply to #320102353)

Come to ours. Autocad, 3DS Max, accounting system that is Windows IE7 only, Mathcad, Extensive use of handhelds that must sync over the air for e-mail/todo/calendar/contacts, image editing. Not to mention the 20 or so more specialized things that various people have. Oh and ACT (ugh).. Lots and lots of MS Office documents from clients. We were formerly a WP shop and management mandated a change to MS Office because (drumroll) that's what everyone uses.

terminal apps!Anonymous -- 24/05/08 (in reply to #320102200)

I just finished up a contract at a large company in Framingham, MA. Seemed like almost everyone spend half their day logged into AS400 and mainframe machines. On Windows they needed expensive, third party terminal emulation apps. If they sat in front of Linux or MacOS X desktops they could prolly use terminal.app or gnome-terminal.
As for word processing and spreadsheets, how the bleep did these apps get called, "productivity apps?" They do nothing but get in the way. These big corps would save billions if they switched to web-based apps like google apps.

linux on the desktop? pffffAnonymous -- 23/05/08 (in reply to #320102197)

I've been running Linux on my desktop, laptops, and servers for over 12 years. Linux on the desktop doesn't pass the mom test. Ubuntu is almost there but not all the way.

And Openoffice blows. Compatibility issues aside, its not as powerful as MS Office. I'm not saying MS Office is good, it just sucks less.

Wrong! MS apps DO run in linx and MacAnonymous -- 23/05/08 (in reply to #320102317)

Check out codeweavers.com for Crossover Office. I use it and can run MS Office, Photoshop, Visio, and others. The difference is that vulnerabilities of any of these apps is nullified because the apps run in VM sessions and the rest of the system is TOTALLY safe from infection. Even if a hacker created malware specifically intended to penetrate WINE or Crossover Office, the user is not logged in as root and any attempt to install anything would result in a popup window asking for the root password.

Re:linux on the desktop? pffffAnonymous -- 23/05/08 (in reply to #320102317)

Windows Vista and OSX dont really pass the Mom test yet either. Mom needs a good webpliance but those never support all of the plugins etc. needed for web browsing,

Indeed.Anonymous -- 21/05/08 (in reply to #320102193)

OpenOffice/ Evolution running under Linux Thin Client Server.

All your problems trhen would go away, well, your virus problems at least.

For other problems, buy support from IBM or Novell or Sun or someone.

you're kidding right?xBeanie -- 21/05/08 (in reply to #320102193)

To suggest that linux/bsd are invulnerable to attack is naive and ignorant. There again, the suggestion that we completely abandon antivirus software just because someone works out a way around them is ludicrous too. What about the thousands of kids out there still using old techniques that they picked up off the internet - do we just throw the door open to them?

Talking about doors, lets not bother locking them either since it has been known for burglars to break a window.

MestaraAnonymous -- 21/05/08 (in reply to #320102204)

Exactly right. It may be playing catch up but it is blocking known exploits used by script kiddies or drone computers trying to gain access. While it is not the be all and end all it is no doubt better than nothing.

We already protect the windows...Anonymous -- 27/05/08 (in reply to #320102204)

But Windows doesn't protect its users.

In the internet you can read this:
If bugs bother you, close Windows.

And this one:
"This program requires Windows XP or better." So I use GNU/Linux.

I use GNU/Linux at home, but I can say that Windows is safer as smarter is its user. I mean that AV aren't as good as an user who knows where to surf and what to execute.

Are you serious?Bob Stevens -- 23/05/08 (in reply to #320102193)

Linux has far more patches that come out for it's distributions than windows does. Mainly because of all the bundled products in it, however hardly anyone ever says, I don't want this or that or the other thing and they go with the standard install. I've been running Linux since Slackware was pre 1.0 beta and it's hardly more secure. Is it more "virus" proof and more "spyware" proof? Hard to say. You certainly don't have the rates of proliferation with Linux that you do on Windows, but that could merely mean that it's not targeted as often due to market share. If you're a spyware maker, you focus your efforts on the biggest area of return.

There are generally far more ways however to gain elevated access to Linux boxes than there have been for Windows boxes.

As for saying that patching and AV are a waste of money. Please. People occasionally fall over railings and get injured. We don't say that because this happened, putting in railings is a waste of time.

Would you rather tackle one infection that got past, or 500?

Security products are going to have to evolve to compete with the malware threat. OS's are going to have to evolve, and most of all, END USERS are going to have to evolve. But lets not say that AV and Patching is a waste of money. I'll put my fully patched system with AV on the internet and your unpatched system with no security on the internet and we'll see which of us stays running longer and which of us can get more work done, and which of us spends more billable time fixing our computers.

Can't believe you said this:...Anonymous -- 23/05/08 (in reply to #320102321)

"There are generally far more ways however to gain elevated access to Linux boxes than there have been for Windows boxes."

Are you nuts? First of all, linux users don't log in as admins, or root. The very fact that Windows is shipped with the intention that the user will run as an administrator nullifies your statement. VISTA didn't improve this much at all. For one thing, most users of Windows that try to run as a "limited user" quickly find that many apps won't run. In fact, you can corrupt Zone Alarm Security Suite if you set up a limited user account, upgrade Zone Alarm as administrator and then log back in as a limited user. True Vector service will constantly stop working. I could go on for years...

More ways to gain elevated access in linux? Prove it. For all the years you say you've been a linux user, that statement undercuts your credibility; big time!!!

Sigh..Anonymous -- 23/05/08 (in reply to #320102327)

Interesting how you throw out the prove it statement and yet you offer no evidence to disprove it other than your own statement. Be careful what you wish for there, because you'll get it at the bottom of this reply.

Most people don't run windows as a standard user which is a whole other argument and I agree with you, there are things that flat out do NOT run when you are a standard user. I run my windows box as an administrator. I also know way to many people that run their linux boxes logged in as root because it's more convenient for them. Please don't make blanket statements that Linux users don't run as root. They do. A lot of them. Smart? No, but it happens more often than you think.

We run a mix of Windows servers here along with Linux and yup, even some Netware thrown in there. Linux by far has the most patches of all the servers I run. That doesn't mean I'm going to trade it in any time soon. I'm much more comfortable running Apache/Linux on the internet than Windows/IIS any day. I just make sure I keep it up to date. And that can be a bit more work to a degree because you have things like PHP to worry about and possibly mysql or postgress, but on Windows you may have SQL server.

Everyone could go on for years about something, we don't need to be drama queens about it.

http://news.zdnet.co.uk/security/0,1000000189,39292173,00.htm

"The company found that Red Hat had the most reported vulnerabilities out of those operating systems, with 633 flaws. Solaris had a total of 252 vulnerabilities, while Apple Mac OS X came third with 235. Windows came fourth with 123, while HP-UX had 75 reported flaws."

Now as they state, XP is not a server operating system. But people running Linux on their desktop generally are not using it as server OS's either.

If you want to compare Server to Server (this article is from Secunia written in January of 07)
http://www.aspserveur.com/Documents/linux%20vs%20windows%20vulnerabilite.pdf

"Windows Server 2003 had 110 identified vulnerabilities, Red Hat ES 4 had 241, and Red Hat ES 3 had 320. Windows Server 2003 has been in release for 1337 days, Red Hat ES 4 has been in release for 670 days, and Red Hat ES 3 has been in release for 1167 days. Windows Server 2003 has less than half the vulnerabilities either version of Red Hat has despite being in release twice as long as Red Hat ES 4 and six months longer than Red Hat ES 3."

We'll throw this link in too because it's got pretty graphs..

http://blogs.technet.com/security/archive/2007/08/16/july-2007-operating-system-vulnerability-scorecard.aspx

You're leaving something outAnonymous -- 23/05/08 (in reply to #320102347)

Unless you are subscribed to something such as Redhat's update service or Novell's update service for SLES, (I can't speak for debian/ubuntu or others as I've not run them), you are probably not even staying patched.

You can build by hand, I've had to almost rebuild every package on a Cobalt RAQ server by hand because someone I know refuses to get rid of it, and it hasn't been supported for years, but that's VERY time consuming.

There are just too many little vulnerabilities out there in various linux packages. Yes the authors do a great job patching them and patching them quickly, but keeping up with them manually is no trivial task. Microsoft love or hate it does a nice job with Microsoft update for their products, but that doesn't cover other software such as say Adobe Reader, Quicktime (with it's hole of the week), flash, shockwave, java, and all of the other common things that people have installed.

If you're in a corporate environment you can try something like Patchlink for patch management which purports to acquire/test/push all of these for you, but if you don't own that, you the corporate sysadmin have a near full time job watching for the latest vulnerability in any of the programs that you run on your network. It's the things like Flash that will kill you too in the long run too because everyone has it and hardly anyone is up to date.

You're leaving something out - Ubuntu/DebianAndrew Goss -- 23/05/08 (in reply to #320102349)

"Unless you are subscribed to something such as Redhat's update service or Novell's update service for SLES, (I can't speak for debian/ubuntu or others as I've not run them), you are probably not even staying patched."

Microsoft only supports upgrades to Microsoft products, for the rest you are reliant on the individual vendors.

Linux distros,,including Ubuntu and Debian, support everything in their repositories through one upgrade mechanism. With Debian it is so simple, but when I have to maintain the family XP boxes I groan with frustration. As someone else in here has observed, DOS resembles a minimal, single user subset of Unix, and all Microsoft's problems stem from that, Windows is a Gormenghast system balanced on the foundations of a garden shed.

Running Linux as RootAndrew Goss -- 23/05/08 (in reply to #320102347)

"I also know way to many people that run their linux boxes logged in as root because it's more convenient for them. "

I wonder what they are running? Ubuntu has no Root user, Debian won't let you log in as Root, all the distros I have installed make you create a normal user account. I cannot image how running as Root could be more "convenient".

I have to support a couple of family XP boxes, which I have set up with admin and user accounts, and everything runs under the user accounts, except for a very old Paint Shop Pro, which has therefore been ditched for The Gimp.

By contrast with the "bodge over bodge" that is XP, Debian is a breeze to administer. By all accounts Vista is XP with yet more bodges on top, including UAC which I suspect is intended to be so unfriendly that no-one will use it, and it can be dropped from the next version, it having been "proved" that users don't want it - a very old trick.

I don't know why people are still talking about AV on its own, it has to be seen as part of a defence suite that includes a firewall. Over the past decade or so we have only intercepted a handfull of email viruses, but given the trouble they might have caused I consider the investment well worth while.

Re: Sigh...Erich Kutschinski -- 23/05/08 (in reply to #320102347)

Anonymous does a good job distorting the facts here:

1. ZDNet actually reports more vulns for RedHat, but explains clearly why these numbers cannot be compared at all (patches for all apps included in RH vs Microsoft-only patches in Windows; single vulns counted multiple times, for each OS version).

2. The second document is NOT by Secunia, but by Microsoft. Anyone intersted to read it will quickly find out it is pure MS propaganda, covered up with scientific style, but based on Secunia numbers (see 1.).

3. Jeff Jones has his very own way of counting vulnerabilities. I do not want to spend my time on looking at that in depth, but judging from the multicolour bar graphs... ;-)

The main point for me seems to be a different culture of reporting and counting vulnerabilities (Open or Closed).

Facts..Anonymous -- 24/05/08 (in reply to #320102401)

You're welcome to post your own. It's convenient for those that disagree to throw statements out and not back them up and then say whatever evidence presented isn't valid, without offering a single fact of their own on the other side.

I'm out. I have no interest in a political debate where one side offers information and the other side just says no no no wrong wrong wrong without putting anything of their own out there.

Linux is still too complex for non technical home users. It's made HUGE progress in the last 2 years towards that front, and I expect it will continue to do so. People here need to remember that just because they can run it doesn't mean their parents can. Most people who read these types of articles usually have a computer background.

To Andrew, the guy you replied to did state that MS update only covered it's products :)

The blessing/curse of Linux is that you have thousands of little packages all maintained by different people that go into a distro. I mean look at the advanced setup when you do an install of everything you can install. Look at how many things are already selected. Joe end user is not going to know he doesn't need X Y Z or that he should be adding A, B, C. Especially not when there's 30 pages of that if you go down to a package level detail. More developers = good. Distro's such as Novell/Redhat/Ubuntu/Debian/Slackware/.../.../... help bring that all together, but... that's also a blessing/curse. Will my stuff written for SLES run on RLEH? Probably. Will it always be supported? Not always. More so on the enterprise level than the desktop level, as some enterprise vendors will only support a given distribution. It will work on others, but they won't support it officially.

This is where Apple becomes more appealing, because when it hits the fan with what's under the hood, you have one place to go. Apple. They are the front man on the OS there. Sure it's *nix based, but the average person doesn't know that. It's Mac OS to them. It isn't really "Linux OS" anymore to people. It's Ubuntu. It's Fedora, it's OpenSuse... oh ya it's Linux... is a secondary thought. And there's that BSD thing out there somewhere too :) Days like this I miss running Ultrix 4.2 on a Vax 8600. (not really)

not really...Anonymous -- 23/05/08 (in reply to #320102193)

"Or you could just use reliable operating systems such as Linux or BSD and sidestep the issue entirely."

Actually that's not a solution. The minute FOSS OS's surpass MS windows in market share, they'll be targeted... Virus and malware authors target windows because it's simply the biggest target and that's where they get the most bang for the buck.

The minute FOSS platforms are interesting to these people, they'll be writing viruses, malware and worms for them. By interesting, I mean become the biggest target.

Default deny in conjunction with a layered approach is the only solution that can work because it's future proof. Blacklists are not. They are the completely wrong way to deal with the problem.

Blacklist approaches:
Antivirus
Blocking vulnerable ports
patching

All of them simply fix the things we know about and leave us wide open to what we don't.

SELinux is so powerful because that's precisely the approach taken with processes. Whitelist the processes that are allowed to run and they are the only ones that can run, at least til there's an exploit for SELinux.

That crushes any malware or virii that try to run because they aren't in the list.

Unfortunately most people set SELinux to permissive mode, which completely nullifies any benefit it could offer.

A whitelist proxy and firewall offers the same benefit to network communication (in addition to blocking ads 8)

-Viz

It's more than just market share.Anonymous -- 23/05/08 (in reply to #320102333)

"he minute FOSS OS's surpass MS windows in market share, they'll be targeted..."

Whilst there is some truth in your argument, They are still fundamentally more secure in many cases. Effort aimed at compromising Windows systems will generally yield greater dividends for criminals than the exact same level of effort aimed at other platforms. If Windows were as 'secure' as say, BSD, it would simply roll over and stop working.

Linux SolutionMichael -- 24/05/08 (in reply to #320102193)

We are about to trial an OpenSUSE 10.3 opensource solution using the built in version of FreeNX server to offer our users a thin client "terminal" that delivers a KDE desktop with openoffice.org and Zimbra for email. The Migration from windows can be staged as we have all our folders on an OpenSUSE server with Samba Windows shares. This version of Linux offers support for Palm handheld sync, has graphics programs similar to MS Paint and has built in open source VOip application "Ekiga" Anything else we use Codecharge studio to design PHP/Mysql web enabled databases running on opensource Apache/MYSql LAMP stacks. When we expand we will spend a little money and buy the commercial load balancing software from NoMachine for FreeNX.The FreeNX protocol is amazingly quick, puts RDP and similar to bed at 4 in the afternoon. I recommend everyone has a good look at www.opensuse.org and also www.nomachine.com

With all due respect -- nonsenseAnonymous -- 27/05/08 (in reply to #320102193)

You really ought to learn what systems the first viruses and worms were developed on and then advance to Ken Thompson.

The simple truth is that malware is just code and the main task of an OS is to load code so it can be executed by the CPU.

There is as much a safe OS as there is a safe car, a safe plane or a safe Space Shuttle, end of story.

What really needs to be hammered into peoples heads though is not to trust anything or anyone on the Internet more than they would trust anything or anyone suddenly popping up on their doorsteps, but as long as people feel cosy sitting at home and everybody and his brother thinks he'd be a computer expert there will be trouble.

Oh and by the way I've been working with and on everything from mainframes down to embedded systems and security is one of my pet issues and rest assured I've had people trying to break into various *nix machines I've been responsible for in various ways, too.

Machines can't think, though but people can and those who believe they'd leave the thinking to their machines are bound to lose.

Or they may even have lost already but simply don't know.

Get everyone on LinuxM@TT -- 13/06/08 (in reply to #320102193)

and then the attacks will start there.
The only reason Linux & Mac are currently not being attacked in significant num,bers is because of their low penetration in the market.
raise their market profile and the attackers will turn their attention to them

Reply to Cisco CSOChella Namasivayam -- 12/08/08 (in reply to #320102193)

I do not agree with Cisco CSO observation. Even whitelist softwares are not totally protected. The threat is global and even many times Cisco IOS are not spared from these attacks. None of the system in todays world can claim 100% secured. Hence, development of patches for software irrepective of vendors to remain.
Shiva M.

Definately not a wasteJohn Van Der Loo -- 21/05/08

I hardly believe antivirus software is a waste of money, especially when one considers the vast amounts of malware out there that gets blocked.

I do agree though, that a layered approach is the only way to keep a system/network safe from malware threats.

Still one of the big reasons systems get infects is users opening up applications and email attachments that aren't safe. User education is key to system security.

Recurring themeAnonymous -- 21/05/08

Taking John out of context a bit to stir up the A/V vendors I think.

A recurring theme throughout AusCERT, at least the sessions I attended, are that what is really needed is an OS that is not vulnerable to these types of problems in the first place, instead of all this constant patching and A/V band-aiding. Or to paraphrase one speaker today, you can't build a house on a foundation of swiss cheese.

And don't think its just a windows problem. I'm a big time Mac fanboy, but I have no illusions about the exponential increases in various types of attack we are going to see on our side of the fence as Apple gain more market share, not to mention the increase in attacks that don't target the OS directly. The average user is usually dumb enough to get his/herself into trouble.

Nice...Anonymous -- 23/05/08 (in reply to #320102247)

It's always nice to see a mac user who's enlightened(the numbers seem to be growing fast 8). We just need to get to work on the linux people that think their distro is the most Secure OS in the Universe(tm) based on a 2 day cracking contest at CanSec.

"You can't get viruses or malware on linux" is something that really scares me because that's just about all you see in a conversation about security with linux users... I do what I can 8*(

I have the feeling that when the Big One hits(again, last time it was an SSL worm in 2002), most will have their pants around their ankles...

-Viz

You need "Capabilities"Peter Smith -- 23/05/08 (in reply to #320102247)

The architecture of a common mass market OSes means it is impossible to ever create an environment on them that is immune to viruses and other attacks. At the fundamental level the internal securtiy architecture of Windows is the same as that as Linux and Mac-- they all use a variety of ACL (access control list) architecture.
What a kernel needs to provide to support secure computing is POLA (principle of least authority). Such kernels do exist-- they have actually been around for decades. Examples of POLA kernels are those that are based on "Capabilites" such a KeyKOS and its descendants EROS/COYOTOS/CAPROS. (Capabilities here are completely different the kernel 'capabilities' provide by Linux). It is trival to create enviroments on these kernels that are immune to virsuses.
There are various projects to introduce a POLA environments on traditional OSes--- projects such as Plash and CapDesk. Although ultimately these are only as secure as the underlining operating system.
See http://en.wikipedia.org/wiki/Capability-based_security for more info.

JavascriptAnonymous -- 22/05/08

I guess the solution is to block all known freeware download sites, and switch everyone to Firefox with the NoScript plugin.

Then they will browse safely...and the NoScript plugin has a whitelist so you can enable Javascript for the sites that you trust, while blocking ALL known types of scripting for the sites you casually visit.

Then it will just be email attachments left that we have to fear...

JavascriptAnonymous -- 23/05/08 (in reply to #320102280)

All of which can be done with Windows using IE Security Zones.

Sure AnnonymousJoseph Teller -- 23/05/08 (in reply to #320102280)

Except you're forgetting you can get malware from a hard drive or thumb drive straight from the factory (as several news stories have proved in recent months). So you're going to also turn off all their USB ports (good luck)... oh and also their DVD drives since they can also get them that way .

Malware via removable storageAnonymous -- 28/05/08 (in reply to #320102354)

With good engineering practice applied I don't
see how this should work.
contraindicated:
auto style execution from inserted media
files executable from inserted media
...

G!
MACC

MAC is awesome...Linus -- 23/05/08

MACs can't be broken. They are superior to Windows. I have never been breached by malware.

Really?Anonymous -- 23/05/08 (in reply to #320102316)

Why does apple keep releasing security updates then? The fact is, malware targets the largest platform. If I have limited resources, and I going to code to hit 200 million machines? or 20 million?

As Apple market share increases, so will the level of threats.

re: Really?Anonymous -- 23/05/08 (in reply to #320102322)

"As Apple market share increases, so will the level of threats."...

You mean IF Apple market share increased past a certain point. I'm a total Mac fan, but the reality is that, as a deluxe computing platform in a world where most consumers (and businesses) mostly care about price, Apple will NEVER achieve the market share needed to attract significant numbers of malware authors. It doesn't need to: Apple is quite profitable with their elite strategy, without competing head-on with Microsoft.

Therefore, if you're willing to pay the money, Macs DO represent a viable security strategy for the foreseeable future.

MS's loss is Apple's gainAnonymous -- 23/05/08 (in reply to #320102340)

The market is Microsoft's to lose. They keep adding more fun DRM and other anti consumer features, while bloating up the operating system. Windows 7 will be make or break for them. Vista is only being adopted because you don't have a choice as an end user when you order a machine from most places. Corporations by large downgrade Vista machines to XP when they come in.

I don't see Vista suddenly becoming more acceptable, and that leave XP which Microsoft intends to leave high and dry.

SO the question is this. What do you do with all that hardware that's out there when you have a company like Microsoft that wants to move you to an OS you don't want?

You could go with Linux on it. Or... Apple could take off the "you can only run OS X on apple hardware" clause and make it available for anyone to buy. I think you'd get some crossovers there. The problem with doing so is that they then have to support a LOT of hardware in terms of motherboard chipsets and other devices. I'm not sure they have the infrastructure in place to be able to deal with that.

Have You Looked At The Market?Joseph Teller -- 23/05/08 (in reply to #320102340)

The market share on Apple has already reached the point where there are virus checkers for it because it has reached the level where folks write for it.

And the Mac is getting awfully visible around here... nearly every student in or coming out of Harvard, MIT, etc are Mac users.

The fact that the new Macs can be set to dual boot either ops system (and runs faster then most PCs) means the Macs are the machines of the future... with no Vista need apply...

Cisco + LinuxAnonymous -- 23/05/08

Considering that Cisco are moving their routers to a Linux platform base I'm a bit suspicious of this kind of talk coming from them. Especially the part about an OS built up from non swiss cheese. That said I don't think antivirus software is the way to go. Whitelisting does work. It assumes everything is bad except what you've chosen is good and is a long standing best practice in security.

Free or No Patches?Anonymous -- 23/05/08

Is it safe to assume that future IOS patches will be free or will there be none at all?

sounds like the standard for web devAnonymous -- 23/05/08

This is how any good web developer would develop an application. Makes sense to start treating the rest of the web the same way.

Just to state the facts...Ghost|BOFH -- 23/05/08

3 targets at the latest "Hack a box/win a box" contest...

Windows Vista Ultimate.
Mac OS X
Ubuntu.

Mac was gone on the first day due to an exploit in Safari.

Windows died next...

Ubuntu however, remained uncracked, unhacked, and 100% stable.

So, between those three basic options, I'd say Ubuntu, and most of Linux in general, is the way to go for security and stability and protection from viruses.

Cheers.

Nothing is SafeMars Bar -- 23/05/08 (in reply to #320102330)

I remember reading the article where some of the contestants mentioned that they saw a bunch of exploits in Linux but did not want to spend the time to write something to exploit it.

Wonder if they were Linux fanantics that did not want Linux to to get a bad rap as thus they decited to by pass exploiting the OS.

Any competent IT person knows that no OS, FW, AV, etc is safe no matter what anybody says.

If someone wants to spend the time, effort and energy to break into your system or network, they will. Unfortunately all we can do is make it harder for hackers to get in by keeping our defenses up to date with patches or configuration changes to limit the exploits.

Bah!Anonymous -- 23/05/08 (in reply to #320102330)

Maybe nobody wanted to win a Ubuntu box?

about whitelisting binariesAnonymous -- 23/05/08

for enterprises.. whitelisting is a very good option as compared to anti-virus when it comes to strictly controlling what all can run on production server or even desktops/laptops of employees..

There is a product from solidcore to do exactly that.. allow only whitelisted binaries to run .. and an admin can define the whitelist.. and centrally/selectively control execution of only the binaries in that list on all computers in an enterprise..

-Yv

Companies do have legacy WinApps - here's how to cope...Jim March -- 23/05/08

1) Set up the Linux distro of your choice; users will do web/word processing/spreadsheets/mail/etc. ("general Internet stuff") there.

2) Set up a good virtual machine manager app - my fave is Virtualbox - not the open source version, the "full tilt" copy as the latter allows USB passthrough to the guest operating system and "networking" between guest and host OS.

3) Run Windows XP as a virtual machine in a very "locked down" configuration - no random Internet access for starters. Where possible shut it down from Internet access at all, failing that "whitelist it" purely to business-related comm needs. The users shouldn't complain because anything more creative can be done in Linux.

4) Since the Windows virtual machine image is a single multi-megabyte file on the user's Linux home directory (.VDI in VirtualBox), if XP shows any signs of coming unglued, give the user a click-activated script to reload the .VDI file from a LAN. All of your Windows XP reload/cleanup operations just got turned into a single Linux file copy command.

Or, since the .VDI is inside /home you can just restore from backup whenever needed.

Linux itself will act as a "firewall from hell" surrounding Windows. Anti-virus shouldn't be needed.

This *works* right now, folks. And Sun just bought Virtualbox and are extending it...

Alas - more naivetyCSH -- 23/05/08 (in reply to #320102337)

I primarily use Windows but utilize various OSes in my day-to-day job. The *nix OSes are slightly more secure but I believe it's due to security by obscurity. Any OS is just as hackable as Windows. If you think otherwise, you're blind to the intelligence behind malware coding. These people (malware coders) have a lot of spare time and probably a lot of monetary motivation depending on the target.

XP in a VM... not...Anonymous -- 24/05/08 (in reply to #320102337)

The whole locked down XP in a VM is not going to happen. What you need to understand is that IT does not make major IT decisions on stuff like that in the majority of companies. Users with clout who buzz in managements ear do. Poll around, you'll hear story after story of IT being overridden by someone who can't figure out why their computer won't work when the surge strip is turned off.

If you tell them that all their app's will run in XP in a VM under linux, the will say, then why do I need Linux? Why do I have to go through the hassle of doing this.

Plus that XP machine will almost certainly need network access to be able to get to shared files etc. Now what you've done is actually introduced 2 vulnerable OS's onto each box instead of one, and you've doubled the amount of "machines" you need to maintain.

Even if it was a flat out perfect solution, most companies would never do it because you would get high level CXO's or... their administrative assistants complaining about what a burden it was and you would be overruled. There are VERY few companies where IT can say, this is being done this way period, and it actually happens.

Re: Sound Familiar?Anonymous -- 24/05/08 (in reply to #320102339)

My only problem with that is the "default permit" section.

Take a firewall for instance. How many app's can you name offhand that flat out expect to be able to use any port from 1024-65535 in order to work. I can name several. Some things like passive ftp can be limited to a range, but others can not. (MSN video?) Application vendors need to get off this kick of I'll use whatever damn port I please and you'll like it. We should have more control over what it's going to be using. Not everything is proxy friendly either.

It's like saying nobody should run XP as an admin when we all know there are app's that people need that require it.

What an idiot...Anonymous -- 23/05/08

For the general computing population, especially in offices. It protects against a multitude of threats. Coupling it with good policy and processes and you can have an effective barrier (nothing is 100%, but should we just stop installing doors with locks because criminals can break through windows?)

today...Anonymous -- 30/05/08

If microsoft were any good there would be few things to worry about in the virus department.
There is no need to fork out more money for an anti virus if you don't run windows. waste of time, money and resources, end of story.

PleaseSimon -- 18/06/08

Just give me an "PC"appliance where the OS is in silicon and I throw it away in three years. I, like many others, don't want to mess about with PCs but want word, xls etc and a browser. That way you can keep your updates and patches and the majority of PC users will agree.