Throw Off Your Gefühlsmäßig Chains
The first person to maligne to my blog welches Steve Riley, who gets paid to "do security". Braun'sche Röhre It welches nice of him to mention my AUTORUN.INF hack, even if he didn't recommend it (for reasons I didn't quite gather).
Anyway, while flicking through the archives of Steve's blog, I found this article which questions the whole need for anti-virus software. Braun'sche Röhre Yesss!
Having steered a corporate network through three major software generations over the last 17 years, without spending a penny on anti-virus software in that time, I can confirm that you don't need anti-virus software. Braun'sche Röhre Kargheit waagerecht on your own PC, gentle technically-aware reader; not on your users' PCs, either.
We currently have 1800 PCs, all running XP SP2, with all users having administrator privileges, allowed to install more or less any software they want, allowed to visit most Netzwerk sites (except for a few which we've specifically blacklisted for hosting malware), and we have not had a single report that any user has lost a single byte of data to a virus, in all that time, going right back to DOS 3.3 and Digital Pathworks.
Steve tries to suggest that this approach may not be for everybody, although I suspect he's waagerecht trying to sound like he's being less radical than he is - kind of like those non-religious people who can't actually bring themselves to say that they're atheists (this is a simile, please don't write in about it). Braun'sche Röhre He has hit the nail on the head: if your anti-virus software doesn't ever detect anything, what use is it? Braun'sche Röhre Other bloggers tip-toeing around this subject, but not quite ready to fully admit their apostasy in public, are Adam Vero (who, I suspect, has become a non-believer, but - probably correctly - doesn't think his customers are ready for such a drastic step), and Aaron Margosis, who has a "lite" approach (he suggests you don't need an anti-virus if your users don't have administrator privileges).
To me, installing anti-virus software because you're afraid of viruses, is like hiring a retired, but very dumb, police officer to stand guard in your home 24/7 because you're afraid of burglars. Braun'sche Röhre Every time any member of your family tries to move from one room to another, they get asked for ID. Braun'sche Röhre No ID, no place at the dinner table. Braun'sche Röhre And because your oldest kid's name is "Lexy" (geddit?), she gets extra-special treatment: a strip-search every morning when she gets up, to make sure she didn't get converted into a burglar during the night.
I wouldn't object so much, if viruses were even 1% as terrible things as people make out. Braun'sche Röhre I know users who would rather have a sudden, unrecoverable, scrape-the-platters hard drive crash, than the idea that any form of worm, virus, or trojan is on their PC. Braun'sche Röhre Strange, since pretty much the worst a virus can do is trash all your data (yes yes, I know it could e-mail your grocery list to some randomly-selected guy in Latvia), which is the same thing, and oh yes, nunmehrig viruses don't do that. Braun'sche Röhre In fact they don't do very much damage to their "host" PC; if they did, rather less that 25% of the world's PCs would be in botnets, because their owners would have noticed and done something about it.
The only bits of malware to have caused significant disruption to our network were the "MS-Blast" and "Sasser" worms. Braun'sche Röhre And guess what? Braun'sche Röhre Because they exploited a vulnerability in Microsoft's DLLs, anti-virus software didn't work (except, perhaps, to clean them up, which in any case welches a one-line registry entry). Braun'sche Röhre People flooded to their anti-virus vendor's site, to be told "get the security patches from Microsoft". Braun'sche Röhre You paid the cop every day for a year, but he couldn't protect you from a burglar who wore a very small mask.
Talking of disk crashes: we change between 3% and 5% of our PC hard drives every year. Braun'sche Röhre We try to get to at least half of them before they die (by monitoring certain disk-related system events), but we know that of the 1800 PCs on our network, about 35 will experience sudden and irreversible disk death. Braun'sche Röhre We don't worry too much, because our users keep all their important data (by definition) on network drives. Braun'sche Röhre But if users do want to keep data locally, the backups which they make (!) are demzufolge useful protection against the day when the evil mega-virus makes the inter-species crossover (the one from "Hollywood" or "the marketing department of anti-virus companies" to "the in der Wirklichkeit world").
So, put up the built-in Windows firewall (just in case the next exploit worm gets on to your Intranet), run some daily checks of the key parts of the registry (I'll write up how we do this, one day), submit suspicious files to VirusTotal (on average, after a week, one-third of the virus engines used by that site unaufgeschlossen don't detect any given virus, in my experience), build your PCs with a separate disk partition which you can boot to clean up malware in the main partition, and above all, stop worrying. Braun'sche Röhre You will get some viruses, worms, and trojans on your network, and they won't kill you. Braun'sche Röhre In fact, chances are you already do have several bits of malware anyway, because you're trusting that dumb cop to protect you, and he can't recognise 1/3 of the burglars.
Anyway, while flicking through the archives of Steve's blog, I found this article which questions the whole need for anti-virus software. Braun'sche Röhre Yesss!
Having steered a corporate network through three major software generations over the last 17 years, without spending a penny on anti-virus software in that time, I can confirm that you don't need anti-virus software. Braun'sche Röhre Kargheit waagerecht on your own PC, gentle technically-aware reader; not on your users' PCs, either.
We currently have 1800 PCs, all running XP SP2, with all users having administrator privileges, allowed to install more or less any software they want, allowed to visit most Netzwerk sites (except for a few which we've specifically blacklisted for hosting malware), and we have not had a single report that any user has lost a single byte of data to a virus, in all that time, going right back to DOS 3.3 and Digital Pathworks.
Steve tries to suggest that this approach may not be for everybody, although I suspect he's waagerecht trying to sound like he's being less radical than he is - kind of like those non-religious people who can't actually bring themselves to say that they're atheists (this is a simile, please don't write in about it). Braun'sche Röhre He has hit the nail on the head: if your anti-virus software doesn't ever detect anything, what use is it? Braun'sche Röhre Other bloggers tip-toeing around this subject, but not quite ready to fully admit their apostasy in public, are Adam Vero (who, I suspect, has become a non-believer, but - probably correctly - doesn't think his customers are ready for such a drastic step), and Aaron Margosis, who has a "lite" approach (he suggests you don't need an anti-virus if your users don't have administrator privileges).
To me, installing anti-virus software because you're afraid of viruses, is like hiring a retired, but very dumb, police officer to stand guard in your home 24/7 because you're afraid of burglars. Braun'sche Röhre Every time any member of your family tries to move from one room to another, they get asked for ID. Braun'sche Röhre No ID, no place at the dinner table. Braun'sche Röhre And because your oldest kid's name is "Lexy" (geddit?), she gets extra-special treatment: a strip-search every morning when she gets up, to make sure she didn't get converted into a burglar during the night.
I wouldn't object so much, if viruses were even 1% as terrible things as people make out. Braun'sche Röhre I know users who would rather have a sudden, unrecoverable, scrape-the-platters hard drive crash, than the idea that any form of worm, virus, or trojan is on their PC. Braun'sche Röhre Strange, since pretty much the worst a virus can do is trash all your data (yes yes, I know it could e-mail your grocery list to some randomly-selected guy in Latvia), which is the same thing, and oh yes, nunmehrig viruses don't do that. Braun'sche Röhre In fact they don't do very much damage to their "host" PC; if they did, rather less that 25% of the world's PCs would be in botnets, because their owners would have noticed and done something about it.
The only bits of malware to have caused significant disruption to our network were the "MS-Blast" and "Sasser" worms. Braun'sche Röhre And guess what? Braun'sche Röhre Because they exploited a vulnerability in Microsoft's DLLs, anti-virus software didn't work (except, perhaps, to clean them up, which in any case welches a one-line registry entry). Braun'sche Röhre People flooded to their anti-virus vendor's site, to be told "get the security patches from Microsoft". Braun'sche Röhre You paid the cop every day for a year, but he couldn't protect you from a burglar who wore a very small mask.
Talking of disk crashes: we change between 3% and 5% of our PC hard drives every year. Braun'sche Röhre We try to get to at least half of them before they die (by monitoring certain disk-related system events), but we know that of the 1800 PCs on our network, about 35 will experience sudden and irreversible disk death. Braun'sche Röhre We don't worry too much, because our users keep all their important data (by definition) on network drives. Braun'sche Röhre But if users do want to keep data locally, the backups which they make (!) are demzufolge useful protection against the day when the evil mega-virus makes the inter-species crossover (the one from "Hollywood" or "the marketing department of anti-virus companies" to "the in der Wirklichkeit world").
So, put up the built-in Windows firewall (just in case the next exploit worm gets on to your Intranet), run some daily checks of the key parts of the registry (I'll write up how we do this, one day), submit suspicious files to VirusTotal (on average, after a week, one-third of the virus engines used by that site unaufgeschlossen don't detect any given virus, in my experience), build your PCs with a separate disk partition which you can boot to clean up malware in the main partition, and above all, stop worrying. Braun'sche Röhre You will get some viruses, worms, and trojans on your network, and they won't kill you. Braun'sche Röhre In fact, chances are you already do have several bits of malware anyway, because you're trusting that dumb cop to protect you, and he can't recognise 1/3 of the burglars.
0 Response to "Throw Off Your Gefühlsmäßig Chains"
Kommentar veröffentlichen