[unisog] Request Opinions on Anti-Virus Software

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Jun 6 03:19:45 GMT 2005

On Fri, 03 Jun 2005 19:56:29 EDT, Jonathan Glass said:

> We're facing similar issues. Often the malware disables McAfee's
> autoupdate feature, and the system owners aren't aware of it until I
> block their machines for attacking other hosts.

Keep in mind that there's no easy way to win this one - if you're running *ANY*
AV or security software (firewalls, etc) that can be configured from the user
account, malware will disable it.

The *only* way to fix this requires 2 steps:

1) Run AV and security software that can only be enabled/confgured/disabled by
an Administrator/root/etc user.  If the user can configure it, then malware
running as the user can disable it. It's that simple.

2) Don't run an operating system where malware can easily get root/
Administrator access.

There's multiple right solutions here - and *all* of them will require some
drastic changes, and you will have to tell recalcitrant users "Well, are you
tired of viruses and worms and spamware? If so, you're just gonna have to suck
it up and deal with the changes..."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050605/3a4dc8a5/attachment.bin

More information about the unisog mailing list