> -----Original Message-----
> From: Jan-Peter Koopmann [mailto:Jan-Peter.Koopmann@seceidos.de]
> > for supposed "signatures" of malware. It's completely the most
> > bass-ackwards way of going about the task there is and it's
> > ultimately doomed from the start.
>
> And of course you have a totally differrent approach that will work in
> real life with all companies, does not use signatures, detects 100% of
> all viruses while letting pass all wanted attachments... What is the
> product called again? Utopia 2005 Second Edition?
Now, now. He's right in a way. Virus scanners are a stopgap. A useful
stopgap, but still a stopgap.
The underlying problem is that people are emailing around executable code to
begin with. There's almost no legitimate reason for it. (And before you
say something about Word documents and macros, I don't think there's any
legitimate reason for word processor documents to be able to carry
system-damaging code, either.)
The widespread use of virus scanners has, if anything, set us BACK by
allowing vendors to brush off this underlying problem by passing the buck.
"Don't worry about the insecurity of our products. Just use a virus
scanner, you'll be okay."
> > Any corporate security officer who even dreams of stopping covert
> > channels isn't worth even a penny of what he or she is
> being paid and
> > they'll ultimately do more damage to their company than good.
>
> Your perception. I agree it is nearly impossible if you have
> capable IT
> guys and to stop covert channes in an ISP-like company is close to
> impossible. But for many of our clients we are able to get unwanted
> communication close to zero. Without damage to the company.
So...no floppy drives, no USB ports, no cell phones...that's a start. Then
you get into the really tricky ones. (And that's leaving out the obvious
stuff, like monitoring phone conversations and blocking webmail providers.)
