On 10/26/2010 03:06 PM, Royce Williams wrote:
> Lee wrote, on 10/22/2010 11:41 AM:
>> Anyone heard of or used something called VIPRE for their AV/AM ?
>>
>> http://www.sunbeltsoftware.com/
>>
>> A number of our vendors/partners are switching over to this. Since switching large
>> organizations is not easy or fun, if they are deciding to change, I'm thinking this is
>> at least worth looking at. Of course, large organizations are also more prone to
>> sales-whiz.
>
> A little late, but I am personally not a fan. Lots of false positives
> for big-name stuff that they should know better about:
>
> http://supportforums.sunbeltsoftware.com/messageview.aspx?catid=218&threadid=3906
^^^ I think this sort of thing is laughable, especially when network security software
companies forget that they have a network available to them. They have a neat approach
toward whitelisting, but they can also graylist by reporting back checksums and looking
for new large clusters as they appear. Makes it easy to do what they want without a huge
headache on their side.
They may already be doing this... which would be spiffers.
> (search for 'royce')
>
> ... out of the box lack of awareness of admin/non-admin rights on some
> Windows platforms, and quite slow on realtime scanning, in my opinion.
> Also, its single process regularly takes up 300M on my XP machine at
> work.
>
> My impression was that they just weren't ready for the enterprise.
>
> Royce
<shaneweirding>
Speaking of which.. I'm not 100% sold on the 802.1x/802.1q based quarantine solutions out
there for corporate anti-theft/security measures. It's a damned clever idea that honestly
would have sounded like an amazing initiative back when I used more susceptible software
and could easily see the benefit of this hassle.
I've attempted to convince myself of something which encryption completely negates.. that
most countermeasures like site wide and computer based anti virus software should be
replaced by more intelligent hard to corrupt packet switches that do a bit of
investigation before passing along packets, it would have to inspect 100% of the packets
of course which would be painful. However if at any point a virus can simply communicate
to a target host after establishing encrypted communications with it.. then the switch is
complete poop... including all other countermeasures that still allow network connections.
So it seems that the best way to stop encouraging virus development is to whitelist from
the inside out and use webs of trust for personal communication.
I'm starting to think that simple use of simple services like GPG and operating systems
that don't allow inbound traffic and attempts to validate originated network sessions
would be treasonous on the grounds of crippling the economy of the country by reducing the
need for a multi-billion dollar industry.
- Shane (sigh)
</shaneweirding>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Oct 27 10:18:43 2010
This archive was generated by hypermail 2.1.8 : Wed Oct 27 2010 - 10:18:43 AKDT