Re: Is there any point to full host names in /etc/hosts ?

On Thu, 08 Nov 2007 09:27:28 +0100, David Brown wrote:
Given the size of our company, and
the openness and freedom we like to have, together with the technical
abilities of the users (they are at least fairly competent, and have no
problem following rules and guidelines), we have a rather different
view. People are free to use browsers as they want, as long as they are
responsible. Using non-IE browsers means they have to work harder to
get malware onto their machines - having a virus scanner in the path
would make it even harder.

Responsible is no longer safe. Safe being a relative term.
Black hats/crackers are cracking content servers to deliver their malware.
With new malware generated every 20 minutes, just how safe could your
virus scanner be. Saw a virus report where 600,000 know pieces of
malware was used to test scanners. Best scanner result was somewhere
around .7% missed. You do the math.

Virus scanners are like seat belts, does pretty good depending on the crash.

Think about it. AV vendors have to catch the malware, generate
signature or modify the scanner, test it, move it to production, you
have to download it. There is a 1 day to 1 week hole there at best.

Malware coders are morphing the server strings which makes scanners
pretty inefficient.

AV vendors are scanning sites for malware. Malware vendors are using
blacks lists to serve up malware if the ip is not in the AV vender
black list. Makes it harder for the AV vendor to get a copy of the
lastest malware.

Here, http://sla.ckers.org/forum/read.php?3,44 click "Last" in the
goto page bar and work backwards.
Check the names of sites with holes in their code.

Whats the worst that could happen on your site, malware gets a password
sniffer installed and calls home.
Black hat puts in some back doors, virus scanner cleans out sniffer.
Your site is then used to spend a million or so dollars with stolen
credit cards or funnel money to Alcadia, and your systems are hauled
off to jail for a year or so. :-D

Have you check on your lawyer's hourly rate lately.
.

Relevant Pages

  • Re: Reformat or wipe?
    ... Malware removal appears to be laborious and often ... I'll note that firewalls are good at what they do, ... if you install a firewall and a virus scanner but ... seatbelts in cars. ...
    (microsoft.public.security)
  • Re: Is there any point to full host names in /etc/hosts ?
    ... Using non-IE browsers means they have to work harder to get malware onto their machines - having a virus scanner in the path would make it even harder. ... You make it sound as though there are gangs of crackers working round the clock on ways to break into my networks, using a combination of essentially unrelated client and server attacks. ...
    (comp.os.linux.networking)
  • Re: Out of tree module using LSM
    ... You can't scan all possible code for malware: ... Take a random piece of code, possibly halting. ... to enforce a preloader for static binaries, ... Without having a virus scanner installed, ...
    (Linux-Kernel)
  • Re: better off with two firewalls?
    ... If $malware got through the first firewall, ... Medium layer is a "Personal Firewall" - here, ... last point even applies if your virus scanner thinks that the software ...
    (comp.security.firewalls)
  • Re: [fw-wiz] Antivirus vendor conspiracy theories
    ... whereas AV have typically looked at Viruses ... A/V vendors do their job of fighting the viruses and related worms well, ... > FW/AV doesn't protect well against current malware. ... failures of the active components, but do not acively participate in the ...
    (Firewall-Wizards)