HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
It doesn't matter if you have the best security on the planet, as long as you have that one employee that clicks on everything they see on the internet, you'll never be safe from malware. 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Modern Security Tactics Fail To Protect Against Malware
- Thread starter HardOCP News
- Start date
D
Deleted member 93354
Guest
I always said, "the weakest link to any secure system is the humans behind the computers"
It's simple. Every employee that needs internet access has two accounts and two computers. One internal intranet, the other for internet activities which contains absolutely no sensitive data....and neither the two shall cross on the same network circuits.
It's simple. Every employee that needs internet access has two accounts and two computers. One internal intranet, the other for internet activities which contains absolutely no sensitive data....and neither the two shall cross on the same network circuits.
VM's are your friend
You don't need two computers.
Uh, huh.. sure.. maybe if you have a 10Gb or higher link to each VM.
Or are you talking about running a VM on a local machine?
In that case, most users are too computer illiterate to ever be able to use a VM.
This, this, this. Anything that outside of "open web browser surf internet" is beyond what they are capable of doing, and I am not just being a dick saying that. It is the truth.
Working for large University with 80% of population including professors uses Mac products. I can concur.
fairlane
Limp Gawd
- Joined
- Jun 18, 2004
- Messages
- 297
It doesn't matter if you have the best security on the planet, as long as you have that one employee that clicks on everything they see on the internet, you'll never be safe from malware.
Not true...
www.bromium.com
Good luck explaining to the penny pinchers of your business why you need a $2000 spec machine to run "two" operating systems on the same computer. You'll just get a blank look and a firm "No"
GoldenTiger
Fully [H]
- Joined
- Dec 2, 2004
- Messages
- 29,656
Yep... and then they'll blame you and whine when they suffer millions in lost business, damages, repair, and data loss, should a breach ever end up occurring (odds are nowadays it will).
How much does that cost?
I'm curious on the system performance hit with this software. Good idea but I'd guess you'd need some beefy machines to handle the habits of the average user who never closes any browser tab or application all day.
B00nie
[H]F Junkie
- Joined
- Nov 1, 2012
- Messages
- 9,327
Just install adblock and scriptblock to all workstations and disable changes. No more malware, no more clicked ads/links.
Except for when they get an email from a customer and click on the attachment thinking it's an order (it's not and installs a virus that's so new the AV software doesn't catch it).
rudy
[H]F Junkie
- Joined
- Apr 4, 2004
- Messages
- 8,704
You shouldn't need anything more than an admin password to block all malicious software. Companies need to learn to keep their browsers, email clients and other common interface well coded so there are no exploits which can circumvent control. There is no excuse fo a virus being able to infect a machine through an email attachment, as that person should not have admin rights and should have been told you don't ever type in an admin password for an email attachment stupid.
You're kidding right?
rudy
[H]F Junkie
- Joined
- Apr 4, 2004
- Messages
- 8,704
No I am not kidding at all, but given the vagueness of your reply I can't say anymore.
rudy
[H]F Junkie
- Joined
- Apr 4, 2004
- Messages
- 8,704
Can any of you clowns explain to me why simply double clicking a file can give you a virus in a secure corporate setting? There is only one explanation ass hat programming on the part of the OS maker or email or web client.
Oh I dunno, virus's, adware, malware and self replicating "timer based" executable's that can easily auto run in the background without user interaction that have been around for...say...30+ years?
rudy
[H]F Junkie
- Joined
- Apr 4, 2004
- Messages
- 8,704
Which is enabled by ass hat programming time to fix it.
siliconnerd
[H]ard|Gawd
- Joined
- Jan 7, 2002
- Messages
- 1,768
Anti-virus software just uses blacklists to detect known threats and heuristic scanning to look for virus like patterns. This only really works for known threats and very limited set of unknown threats.
Instead the solution is to do whitelisting with something like Bit 9. It will only allow authorized software to run. If an employee clicks on every single .exe sent through email, nothing happens.
Instead the solution is to do whitelisting with something like Bit 9. It will only allow authorized software to run. If an employee clicks on every single .exe sent through email, nothing happens.