Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: On the ultimate futility of server-based mail scanning
From: David Kennedy CISSP <david.kennedy () acm org>
Date: Tue, 05 Mar 2002 23:16:29 -0500

At 05:07 PM 3/4/02 -0500, David F. Skoll wrote:
Ultimately, the responsibility falls on the MUA and the end-user's OS
vendor.  We either put secure end-user software onto the desktop, or
we admit defeat.

I understand the complaints, but I don't admit defeat nor will I reject as
futile a solution that's working.  Server-based mail scanning has technical
limitations.  So?  If a server-based solution intercepts only 80% of the
inbound malicious code to an enterprise that still 80% less for the IS/IT
staff to worry about and 80% less for desktop scanners to catch or 80% less
for users to judge whether "new photos from my party" is a bad or good
thing.  Certainly there are ways to attack the scanner and cause a denial
of service, as there are ways to bypass some scanners.  The scanners must
keep up with the threats and so far most have.  Server-based scanning
provides a chokepoint in today's environments that is far easier to
maintain than thousands of Microsoft desktops with wide variations of
client anti-virus "solutions."

Ultimately we live with the deployed systems we have, and their
limitations.  I'm unaware of a solution available today that supports
management and user demands for "friendliness" and puts secure end-user
software on the desktop.  Server-based scanning provides a solution *today*
that, while imperfect, is manageable and effective in stopping most of the
malicious code in the wild.  "Most" is not "all," but it's a lot more than
"none."




-- 
Regards,

David Kennedy CISSP                         /"\
Director of Research Services,              \ / ASCII Ribbon Campaign
TruSecure Corp. http://www.trusecure.com     X  Against HTML Mail
Protect what you connect;                   / \
Look both ways before crossing the Net.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]