dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7
share rss forum feed


dslcreature
Premium
join:2010-07-10
Seattle, WA
reply to daveinpoway

Re: Think layers of security is all that? Think again

I've always been a heretic in thinking virus/malware/spyware scanners, IDS..etc are themselves dangerous.

These things can only detect what they are looking for. If it gets to the point where these systems are in a position to do any good you've already completely lost/failed. Unseen viruses or a targeted attack payload is guaranteed not to have its signature detected by any of these systems.

The mere existence of these things creates two serious problems:

1. They make people complacent .. hey we have a virus scanner so I don't have to worry about running this attachment or this thing I downloaded from screen savers r'us.

2. These additional "security" layers themselves are hardly invincible. They are subject to attack and operator stupidity just like the rest of your infrastructure with about the same consequences if successful.

The fact that virus scanners are in practice useful scares me more than free wifi at defcon.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by dslcreature:

1. They make people complacent .. hey we have a virus scanner so I don't have to worry about running this attachment or this thing I downloaded from screen savers r'us.

+1

When we have "my A/V is better than your A/V" threads this comes up a lot.

"ABC A/V didn't detect XYZ malware and I got infected so it's junk. Reports show that DEF A/V detects 99.99999999% so it's better".

The argument I love is that "DEF A/V detects more zero-days than yours".

Um, zero-day's are by definition unknown and new. A/V programs use heuristics to try and catch zero-day's but that's not foolproof and never will be.
--
Don't feed trolls--it only makes them grow!