Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses

[imipak <imipak () gmail com>]

Exibar wrote:

> wow, disabling files to run from the root of all drives would never, ever
> fly in a corporate environment.  Although I do like the idea on stopping
> autorun malware, it would work... but oh the calls to the helpdesk! ;-)


Each of those support calls is an opportunity to find out why a user's
trying to run unauthorised software and either help them to find a way
to do what they want with existing apps, or get a new app reviewed and
authorised for use -- if it's a genuine business need. Alternatively,
sometimes they need an introduction to Doctor Cluestick, if they're
trying play poker online, install dancing hamster screensavers or what
have you.

Of course, blindly thwacking people / dragging them to HR by the hair
when they're really just trying to do their jobs is
counter-productive. The calls also show us where we, security, are
falling down. Perhaps it's poor awareness training (if the user didn't
know that they shouldn't run unapproved software, or why we have that
rule, or how to get a new app approved); or could be that the official
route is being seen as too slow or bureaucratic, in which case it
needs fixing. And so on.


=i

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/