Virus Protection Expectations

R

RugenNixie

Weaksauce
Joined
Aug 29, 2004
Messages
123
I'm currently in a discussion with others at my company about expectations of our virus protection software. We use Symantec server-based virus protection. We have a computer located in a common area that uses a shared account (anyone can use it without using a personal log-in). There is also no management onsite at night, although operations are 24/7, and no limitations are in place to prevent someone from visiting the worst sites on the internet. This computer routinely must be taken out of service and cleaned of viruses. Symantec shows that viruses are being discovered and deleted on a regular basis, but over time one or more will overtake the computer or the virus protection. Virus definition files are updated every night and scans are run every day.

The expectation from management is that the virus protection should find and delete all viruses without a need for any intervention from IT. I believe that the virus protection should not be expected to be a guarantee, especially not when there is nothing to prevent people from visiting the worst sites on the internet.

What are our experiences? Can you bullet proof a computer by using virus protection alone?

In case anyone wants to ask. No, I am not allowed to add any limitations to this computer other than the virus protection.
 
What is the computer used for?

Maybe time for a unix os if it is just for web browsing...or software that reloads a clean image each reboot and schedule reboots.
 
mngl1200 said:
What is the computer used for?

Maybe time for a unix os if it is just for web browsing...or software that reloads a clean image each reboot and schedule reboots.
Click to expand...

It is supposed to be used for computer based training, writing reports, e-mail, and access to weather reports.
 
install Ubuntu

no AV is %100, and if your users are clicking "yes yes yes" to everything then it will happen no matter what AV is used, best thing to do is make all accounts guest accounts, or even use fartronic program - Deep Freeze, this would work great, you install it, and to get the system back to how it wasm, you just reboot! done deal
 
RugenNixie said:
What are our experiences? Can you bullet proof a computer by using virus protection alone?
Click to expand...

I consider the current AV model broken, I'll compare it to the American way.

Let someone break into your house, you can't do anything about it. They steal your stuff in front of you and leave. (In my state you can only shoot an intruder if your life is in danger) then you let the cops handle it.

AV works the same way, the virus gets in, you can't do anything about it, but the AV stops it after its in.

AV will be broken until they find a way to STOP the process from even starting, therefore you can't get a 100% AV
 
MrGuvernment said:
install Ubuntu

no AV is %100, and if your users are clicking "yes yes yes" to everything then it will happen no matter what AV is used, best thing to do is make all accounts guest accounts, or even use fartronic program - Deep Freeze, this would work great, you install it, and to get the system back to how it wasm, you just reboot! done deal
Click to expand...

I wouldn't be allowed to install Ubuntu. I've been completely surprised by the lack of support to install any type of controls to limit what is being done, but that's what I'm up against. Right now, I just trying to get everyone to understand that virus protection isn't foolproof. Someone that I work with suggested that we "upgrade" our virus protection to something that works. His suggestion... Spybot.
 
Have you tried locking down the system, so that it runs on a limited user account and blocking the browser (maybe IE) so that it cannot install or download any plugins? This would also help stop trojans/virus's getting onto the system.

You should also have the system go through a web proxy that has a different AV installed to that of the computer in question, it would help your detection rate and also allow you to control the sites it can goto and maybe with caching even save on the line usage.

As usual management wont take any actions until the said computer propagates the virus/trojans to others in the network and causes downtime and loss of money, then they will probably wake up.
 
As stated above...no antivirus brand is 100% effective. Now...there are some better ones than Symantec Corp..but even so..that's another debate, lets assume you're stuck with it.

Recommendations...Sandboxie the browser.
Run that "shared" account as limited
Beef up other security...install Spybot S&D, MalwareBytes, SuperAntispyware,
Periodically run scans with them, periodically update Spybot and Reimmunize it each time you update.
Install Firefox, adblock plus plugin, and set as the default browser. The plugin helps keeps some popups to a minimum...which helps people stray from clicking on the wrong thing.
 
Although I haven't looked into MalwareBytes or SuperAntiSpyware, I do know that Spybot S&D is only free to use for home use. For a company, you need to purchase a license. If you'd be purchasing a license for Spybot, you may want to look into other alternatives as well. I'm not saying Spybot isn't a great program (it is), but say... $30 (arbitrary price) toward Spybot or $30 toward something like Deep Freeze which may help prevent other issues as well.
 
k1pp3r said:
AV works the same way, the virus gets in, you can't do anything about it, but the AV stops it after its in.

AV will be broken until they find a way to STOP the process from even starting, therefore you can't get a 100% AV
Click to expand...

That's exactly what I've been saying for years (same analogy, too). That's why I'm working on getting my firewall all tweaked to handle it at a packet level (if possible) so it doesn't even get too far into my network. I let my uncle use my computer, and I'll be damned if I'm cleaning up the spyware and viruses. Damn porn sites. He was just playing around cracking jokes and crap, and I can't believe how much damage those things do.
 
Couldn't you setup a virtual machine, and let them use that. If infiltrated, you simply wipe and reload the virtual machine. The actual computer and OS never are at risk.
 
i would think steady state from MS would be good idea, user logs in, logs off back to default
 
Gambit said:
Although I haven't looked into MalwareBytes or SuperAntiSpyware, I do know that Spybot S&D is only free to use for home use. For a company, you need to purchase a license. If you'd be purchasing a license for Spybot, you may want to look into other alternatives as well. I'm not saying Spybot isn't a great program (it is), but say... $30 (arbitrary price) toward Spybot or $30 toward something like Deep Freeze which may help prevent other issues as well.
Click to expand...

yup, Deep Freeze, check it out, i would say it is your best options of those above you expect a solution but wont let you actually do anything.



http://www.faronics.com/html/deepfreeze.asp
 
xX_Jack_Carver_Xx said:
Couldn't you setup a virtual machine, and let them use that. If infiltrated, you simply wipe and reload the virtual machine. The actual computer and OS never are at risk.
Click to expand...

We've talked about doing that for this and other reasons, but right now I can't. Our current servers are old an severely overloaded. We are going to be replacing the servers this spring, so at that point it could be an option.
 
You must log in or register to reply here.
Back
Top