lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <43329FCD.8070702@mindspring.com>
Date: Thu Sep 22 13:13:01 2005
From: primate at mindspring.com (Neil Carpenter)
Subject: Av, spyware, ddl trojan assesment

(Moved inapplicable mailing lists to BCC:)

Sherwyn Williams wrote:

> Hey list, I know this is not a how to protect your pc list. But I 
> would like to know what are some good AV, spyware, adware, and 
> software firewalls to use. I have to come up with a plan for a few of 
> my clients who are always being infected.
>
>
(Opinions are my own and do not reflect those of my employer, my 
friends, family, or anybody who knows me.)

Anti-virus software and anti-spyware/adware software are reactive 
solutions...they don't help you unless you're already vulnerable.  A 
software firewall is more of a security blanket than it is real 
protection.  If you really want to help your customers, help them setup 
a comprehensive security patch management and auditing solution.  When 
people get infected with malware, it's very rarely some ex0t1c 0-day 
'sploit...it's because they are months (even years) out of date on 
security fixes.

After you've got that resolved and you've cleaned out your customer's 
current issues (you _do_ follow the best practice of formatting any 
machine that is compromised, right?), then you can worry about charging 
them for an a-v solution, an anti-spyware solution, more firewalls, etc, 
etc. 

And, you're right, these lists aren't meant for this sort of thing.  In 
the future, you should consider doing more research before sending out 
e-mail looking for (the wrong people) to do your research for you. 

And what kind of consultant uses a hotmail address professionally, anyway?

N.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ