Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: Windows XP Services Best Practice
From: Brian A. Reiter (breiterwolfereiter.com)
Date: Tue Jun 06 2006 - 04:48:12 CDT
> From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
> Aaron Margosis' WebLog : Anti-virus vs. Non-Admin:
> Best practice to Aaron is running without Antivirus. Is it
> to your firm? Probably not for most of us.. but interesting
> thought nonetheless.
I'm not sure that you have quite represented Aaron accurately. To paraphrase
what I think what he said: In today's threat climate, given a choice between
running an antivirus software that *requires* a user to be a member of
Administrators in order to work is a lower security option than having no
antivirus at all but restricting the user of the Users group.
* Contemporary Windows malware assumes admin privileges and won't work
without them, therefore LUA is about proactive prevention.
* Contemporary antivirus technology is fundamentally based on matching
signature patterns. It is very poor at predicting new malware using
heuristics without signatures. Therefore it is largely reactive and more
about cleanup than prevention.
* A lot of antivirus systems use kernel-mode drivers that themselves
destabilize the system and expose the system to new attack vectors as well
as consuming a lot of CPU time.
He has a point: antivirus software that requires admin privileges is a
security disaster. It seems to me that I read something similarly critical
of antivirus technology in IEEE Security & Privacy a year or two ago.
- application/x-pkcs7-signature attachment: smime.p7s