Home page logo

basics logo Security Basics mailing list archives

Re: Running AV via SSH? (Was: Re: Bad Antivirus)
From: Tracy Reed <treed () ultraviolet org>
Date: Sat, 16 Feb 2013 15:59:27 -0800

On Thu, Feb 14, 2013 at 06:26:29AM PST, Michael Peppard spake thusly:
The scan is a stopgap for killing the functionality of the virus and to get
information on the virus, it's not the first or last line of defence. 

So if the antivirus does not detect anything, what is your next step?

If the virus makes it past the antivirus, the antivirus has to be reinstalled
at a minimum. If the virus is unknown or has a rootkit which all your
antivirus/rootkit tools are incapable of getting rid of then the machine has
to be rebuilt off a clone for that type of desktop or server. 

I would say the machine has to be reinstalled. And I always recommend reinstall
regardless of whether the AV says it has "cleaned" the machine.

Why bother trying to save the machine? Because endusers get fussy when they
can't get kitten emails from their friends all day.

What's more important? The end-users kittens or the security of the enterprise?
If your execs don't understand and support you on this you are sunk anyway.

Tracy Reed

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]