From: svgn at orbid.be (Serge van Ginderachter (svgn))
Subject: Learn from history?





> 1.  Microsoft already provides that feature

Sure. Yo have no problem about running it automatically?

> 2.  As soon as possible for "you"

No. As soon as the customer phones asking you to drop by. Meanin: when it's
too late.
 
> >> 2. If a patch cannot be installed, find workarounds
> >That does not work with the workarounds customer need to facilitate
> >life (security <> easy of use, remember)

> And the computers/networks will be so easy to use when lines 
> are saturated,
>  file systems are corrupted or data are stolen

That's the problem they are prepared to deal with at the moment it comes.
They think it's cheaper.
 
> >> 3. If it is a port-related threat, find out if such ports are 
> >> in use, and if not, make sure they are closed. 
> >Once the virus is on the LAN it can do whatever it wants.
> 
> Hello!  Block the ports BEFORE they hit the LAN.  Proactive security.
> Also, do us a favor and don't propogate the shit!

Well of course they are blocked. But there are other means of coming in you
know.

> >> Some of the comments overheard this week regarding Sasser:
> >I did propose some firewall, but they feel it's too much EUREUREUREUR
> 
> And you provided some sort of analysis showing potential losses due to
> the lack of a security infrastructure, right?  

Well indeed of course not. Customer is not prepared to pay for that kind of
analysis. 
 
> >> Will they learn from history? Only history will tell.
> >I'm pretty sure they won't. Even most tech guys don't have a clue.
> 
> Evidently, thanks for your example.

There's no reason to get personal here. Don't judge me on such a restraint
discusion.
My only point is, SMB businesses are not prepared to pay for advanced
security, which you say I should provide, and to whick I totally agree. 

Maybe my boss does not have the right business plan and marketing to 'sell'
security. Probably.


Serge

Powered by blists - more mailing lists