|reply to daveinpoway |
Re: Think layers of security is all that? Think again
I've always been a heretic in thinking virus/malware/spyware scanners, IDS..etc are themselves dangerous.
These things can only detect what they are looking for. If it gets to the point where these systems are in a position to do any good you've already completely lost/failed. Unseen viruses or a targeted attack payload is guaranteed not to have its signature detected by any of these systems.
The mere existence of these things creates two serious problems:
1. They make people complacent .. hey we have a virus scanner so I don't have to worry about running this attachment or this thing I downloaded from screen savers r'us.
2. These additional "security" layers themselves are hardly invincible. They are subject to attack and operator stupidity just like the rest of your infrastructure with about the same consequences if successful.
The fact that virus scanners are in practice useful scares me more than free wifi at defcon.