 |  |  |  |  |  |  |  |
Do you need AV and Firewall?
 |
I think this topic is heading down the path of character assassination to an alarming extent. Let's keep it to productive comment please.
Need to install Windows again?
Catweazle's News Desk
Search the expert answer database
'Flame free' PC games discussion.
Catweazle's News Desk
Search the expert answer database
'Flame free' PC games discussion.
•
•
Join Date: Aug 2003
Posts: 9,763
Reputation: 
Solved Threads: 511
thats no fun!LOL
Fallen Heroes Song ,
http://www.youtube.com/watch?v=-RfXBB0BRHY
Going with the Flow ,but the water is low and the rocks are big
http://www.youtube.com/watch?v=-RfXBB0BRHY
Going with the Flow ,but the water is low and the rocks are big
•
•
•
•
Originally Posted by navyjax2
Couldn't have said it better myself.
•
•
•
•
Originally Posted by navyjax2
I will agree that much, if not all, of what you said, catch, was stuff us as admins were not taught in our bachelor's or MCSA courses and would have to do graduate/specialized IT security training to learn (i.e. DBAC, RBAC, etc.), however - that does not make it foolproof as far as practicality to simply rely on OS security to avoid viruses or attacks, and I was speaking entirely of Windows, not any other OS you or your teams may have come across, created, or implemented, as Microsoft has 90% of the market today and what is really what people would want to worry about. Chances are, if you're speaking of any other OS, they have their own proprietary security or permissions or controls that probably DOES in some way allow you to do what you are trying to divulge, but are withholding. But I challenge you to do this with a typical corporate networked, multi-user Microsoft 2000 or XP Pro system.
This just keeps getting better as I read on! So now you're telling me the NSA is wrong? I'd suggest you submit a white-paper on your findings to them ASP.
In my work place, people don't argue with me. I deal almost exclusively with external clients who respect my opinions and appreciate the money I save them. Here, most just like to treat me like I'm stupid just because it is a different approach from their own.
"challenge/ corporate"
I mentioned some systems I've worked on and you thought I was talking about that 10% this whole time? I'm talking about NT.
Actually, trusted systems are quite frequently used by large corporations, though on limited servers. Rarely will you see an entire multi level subnet. I know for a fact that nearly ever major bank uses them as well as many technology companies, (IBM, HP, HDS, Intel, SUN, and SGI to name a few) and of course all secure US government/DoD systems.
We've designed security layouts (NT-C2 and above) system designs for General Electric, Citigroup, Exxon Mobil, Bank of America, Verizon, etc.... Those are Fortune500, is that corporate enough for you? Do you have security input on any Fortune500's systems?
I guess the difference is, I aim for perfect and see what compromises I can make/are needed to be made. You start from completely insecure and try to work up without a road map.
Sadly the majority of the world follows your method.
In reality, the end result is that given similar funds we will end up with similar systems. Mine however will be more comprehensively defined, will mesh better with high level policy, and will have less demanding personnel requirements. For most however this is mere nuance, though as the initial budget increases, so does the gap between the systems. Until eventually one method tops out perfect and the other as a rotten pork chop with heaps of fancy gravy on it.
Also, when has the best solution ever been the most popular one? People don't use some of the systems I speak of because they have uneducated "experts" being dishonest with them and rather than just saying they are not familiar they make up BS about how such systems are not applicable. (Yeah, cause if you did use one, you can typically cut your relevant security expenses by 25-33%... at least this has been my experience.) Don't let their ignorance and insecurity and forced, false job security seeking tactics spill over on to you.
This is of course why at any company with mature IS policy you will not find admins making decisions. Because they "know what they're doing." Admins are very low on the food chain and for good reason. They tend to be less educated and less experienced than those who do make decisions, and admins that spend their career as such tend to just be not very bright. No offense.
Would you trust your bank teller to give you financial advice? Of course not, but you would trust them to handle you individual transactions. An admin is the same thing; their job is to keep systems running in the manner in which they are supposed to run. Knowledge of why the system should run that way or details about the system's architecture in relation to other systems both fall beyond the scope of their job. I would trust an admin on how to configure a system to a specified configuration or on questions about day-to-day technical management. It's really a matter of exposure; I know that most admins lack any advanced study or training in security, so they will have a different viewpoint on such topics. Issues like applications level exploits and configuration issues are really about the scope of what they see and consequently the most important aspects to them, while in actuality these fall under system use and not system design. When evaluating system design, proper use is assume otherwise you end up with far too many variables to make anything useful. This of course assumes that information regarding proper use is made available.
This isn't a matter of lower level advice; it is a matter of right and wrong advice. I explained what firewalls are for and when they should be used, I tied that into why a firewall would be inappropriate for the situation at hand. In my original post, why "God" with his all mighty wisdom created this thread I haven't a clue, accept for being uneducated on the topics at hand. Who cares if this is above a "normal" user's head, how are they supposed to learn? Never be pressed to think and just fall into the habits of the flock?
And for the 3rd graders and their remarks. Five people make a few post in a thread with zero knowledge whatsoever, is that "F@ck-all help" commonplace around here?
Does it matter that I am arrogant etc..?
Did you need to make a post about it?
Does your post add any value to this thread?
I guess you'll do what you need to do to feel more comfortable about the situation, though I feel pity for you. I had no idea this site was so full of insecure little kids.
•
•
•
•
Originally Posted by navyjax2
In Windows, you can't always be logged on as a standard user - you will eventually have to install programs, and likely eventually have one you'll need to stay online, or at least networked to a computer that could be online, to complete. You can't lock down the Temporary Internet Files folder. There will always be some time, some where, at which you will be vulnerable if you stick with permissions and transitive trusts as your sole methods of keeping out the files and attackers that are bouncing around on the internet, unless you're willing to share your knowledge on how you guys have set things to where this really does become a non-issue on a Windows system. I don't see it happening, myself.
Just by going to this website on a Windows computer you'll have a number of files download to your computer to display it (icon_cool.gif, insertimage.gif, bold.gif, etc.) and any of those images could have a virus attached to them that, when the picture is displayed, could cause any picture you open on your computer after that to become corrupt. Do I have to send you this virus to prove that it exists and what it can do? It is W32/Klez@mm. I do know what I am talking about, and no security permissions in the world can prevent the spread, because you run the virus just by opening another picture (gif, bmp, jpg, tiff) or mp3 file. It doesn't install anything anywhere, so it doesn't need admin privileges to spread. The only thing that may save you is that it will likely be confined to just your current profile and not any other user on the machine as long as you don't open a file that could be open by any user as the user that downloaded the virus, and this is just a guess on my part.
I agree that running an AV software that won't have the definition file for the latest threat out there won't help you, but neither will Windows permissions, as this was what I thought we were originally discussing. Leave other OSs out and focus on what 90% of us know and have. It's useless to talk about a feature of Mac's Tiger or Linux' Enterprise 4 or Sun Solaris or any other proprietary OS when the rest of the world isn't using them. Especially if you aren't going to say specifically what you are doing to lock the systems down but leave them functional for an administrator to install programs, user to surf the 'net, etc.
What single piece of bad information have I given?
I am here to engage in security related conversation, to freely offer advice on problems, and to correct information that I know is incorrect.
People come to this site for information, what kind of information do you think they want?
Peoples' opinions and tastes about which FW/Av they like with no objective, quantifiable reasons?
Or...
Perhaps something a little more useful? The correction of misinformation, objective arguments backed up by leading standards organizations?
Here you get a Mod who dragged a tiff from a different site to this one and basically said to ignore my advice in another thread etc...
•
•
•
•
Originally Posted by techniner
I currently run roughly 10 linux machines at a datacneter.. 5 production... 5 offline..
ALl of them are equipped with what I like to call "nazi" a type firewall an virus protection.
The mail servers run spamassain and clamav.
It is simply a MUST. Just how you would put a lock on your door.
Want to know something about firewalls? Most banks do NOT use them on exposed servers, why? Because they know that firewalls are ONLY for the two uses I stated above. Also, if you disagree, you might want to start putting your money in an old mayo jar cause odds are I've had security related input where you bank.
cheers
catch
Yet another lengthy diatribe designed to denigrate others, blow your own trumpet, and offer no practical advice whatsoever to people wishing to improve security on their PCs.
Need to install Windows again?
Catweazle's News Desk
Search the expert answer database
'Flame free' PC games discussion.
Catweazle's News Desk
Search the expert answer database
'Flame free' PC games discussion.
|
Similar Threads
- Unneeded outgoing connections - Tiny Personal Firewall issue (Windows NT / 2000 / XP)
- win Xp Firewall vs. Norton and other... (Windows NT / 2000 / XP)
- redhat 8.0 firewall issue (*nix Software)
Other Threads in the Windows NT / 2000 / XP Forum
- Previous Thread: Compaq Presario System Recovery HELP!
- Next Thread: XP and Scanmaker E3 - keeps finding it!
| Thread Tools | Search this Thread |
Latest Windows NT / 2000 / XP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for Windows NT / 2000 / XP
.net 3.5 3daccelertion 64bit 2007 2010 activedirectory alaris android apache application arm auto automatically black blue book bsod bulletin canonical chinese chkdsk codeplex collaboration combofix computer crash deployments desktop desktops domain dotnetnuke downloads drive dual error explorer firefox folder fonts format freeze hardware install internet killprocess laptop linux load mac memory microsoft mobile monitor motionle1600 netbooks nvidia open opensource operatingsystems options osinstallationproblem partition product program proxy raid rds reformat remotedesktopconnection repair retail retrieve screen security server. slowperformance sp1 studios technology ubuntu uninstall update upgrade usb verizon virtual virus volume vpn vulnerability wab webos weecam windows windows7 windowsxp worm xp xpde
