lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2d6724810904291229k2990e62al94cdd95f6ee040b7@mail.gmail.com>
Date: Wed, 29 Apr 2009 15:29:28 -0400
From: T Biehn <tbiehn@...il.com>
To: Valdis.Kletnieks@...edu, full-disclosure@...ts.grok.org.uk
Subject: Re: Anti virus installations on Windows servers

VK
What do you suggest to use on a server that must accept uploads of
binaries from users?
Should these binaries be scanned by an anti-virus? Can we trust that
end users have competent Anti-Virus?
We aren't worried about the server being susceptible to viruses, we're
concerned about the users who could fall anywhere in proficiency
range. This scenario is equally applicable across any OS.
Because of the relative infancy of non-windows-based anti-virus
software would it be advisable to host a windows virtual machine that
shares a 'virtual disk' that is monitored by a robust a/v software to
use to host the binaries? Which antivirus software would you
recommend?
The easy out is to say "I don't need a/v and nobody does" perhaps you
might want to put a little more thought into your answers before you
hit send.

The A/V is there as a contingency. There are holes in every system.
A/V isn't good, but it's good to have a contingency plan of some sort
rather than none at all.
This, however, is not the point of the XKCD cartoon, the XKCD is
saying that you shouldn't have a contingency plan for something that
ISN'T A CONTINGENCY.
On a general purpose OS, especially a desktop, insane surface exists,
no matter what protection you've put in. There's a contingency to plan
for... I believe this was the nature of the request.

-Travis

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ