Main Area and Open Discussion > General Software Discussion
Antivirus-less setup
40hz:
I take reasonable precautions. Under Windows I either run MSE or the free version of Avira, watch where I visit, block scripts, keep everything obsessively updated, and disable known vulnerability risks (java, flash) unless I actually need them for something.
I never had a problem, except once about two years ago when something walked through all the security I had on my system like it wasn't there. I "felt" the machine suddenly get weird and next saw all the drives suddenly start polling. (It's never a good sign when an optical drive suddenly spins up looking for a disk for no good reason.) The HD drive lights started strobing, CPU and RAM usage went to 100%, and taskman showed child processes sprouting all over the place. I hit the killswitch on the network connection and did a hard powerdown before it got too far. But not in time to prevent it from roaching the machine so badly it required a full system restore to get it to reboot afterwards.
Never found out what hit me, although I had a client who got nailed by something very similar the same day..
So to reinforce Stoic's earlier point about the first 50,000 who get hit by something new, it doesn't ultimately matter if you're one of them. But with hundreds of millions pf PCs in the world, odds of you being in the first group to get hit are extremely slim. At which point the OS and AV people are on it and you're protected as long as you update regularly.
A good AV scanner's performance hit is negligible and the risks it protects you from are real.
Use one. 8)
f0dder:
So to reinforce Stoic's earlier point about the first 50,000 who get hit by something new, it doesn't ultimately matter if you're one of them. But with hundreds of millions pf PCs in the world, odds of you being in the first group to get hit are extremely slim.-40hz (September 28, 2012, 10:29 AM)
--- End quote ---
...and if you install EMET, you further reduce the risk of being one of those lucky 50.000. Mitigation, baby, mitigation <3
40hz:
^@f - Downloaded and installed. Thx for the heads-up on that. I remember seeing that awhile back in the partner news - and ignoring it. :-[
Stoic Joker:
^+1 :D
So to reinforce Stoic's earlier point about the first 50,000 who get hit by something new, it doesn't ultimately matter if you're one of them. But with hundreds of millions pf PCs in the world, odds of you being in the first group to get hit are extremely slim.-40hz (September 28, 2012, 10:29 AM)
--- End quote ---
...and if you install EMET, you further reduce the risk of being one of those lucky 50.000. Mitigation, baby, mitigation <3
-f0dder (September 28, 2012, 11:01 AM)
--- End quote ---
I gotta toss this EMET thing on top of my to-do list. It does look quite interesting. Any common hiccups to watch/look for in a network sized rollout of this that you know of?
f0dder:
I gotta toss this EMET thing on top of my to-do list. It does look quite interesting. Any common hiccups to watch/look for in a network sized rollout of this that you know of?-Stoic Joker (September 28, 2012, 11:21 AM)
--- End quote ---
Probably plenty - at least if you have any badly programmed (or übernazi-softwareprotectioncrapped) software installed. If you've got stuff that doesn't like DEP, it's probably gonna break bad on EMET :)
Then again, you can enable mitigations on a per-process basis, so it should be possible to roll out on a network-wide basis, as long as you do some thorough testing of the enabled profiles first.
And of course it's "just" mitigation - some of it has already been broken. It does raise the bar substantially for exploit code, though, and not all exploit writers are going to add EMET penetration on top of already complex exploits, since it's still a minority that runs EMET. So, as things are now, it's a decent extra bit of mitigation :-) (but yes, of course the Metasploit (and the far more sinister people you don't hear about) are playing around.)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version