On Fri, 28 Feb 1997 crumrig @
us-state .
gov wrote:
> I do not aggree with you totally on this. I did a study on Mimesweeper from integralis a few weeks back, and found little if no bottleneck occured. And this at about 15 to 20 thousand EMAILS a day rate. Plus, you were able to configure it to use any available, read that your favorite, virus checkers available. Multiple sweeps were also possible using more than one checker. In addition, for those of you concerned with possible release of sensative information, you could do dirty word searches on terms like project "xanadu" or SECRET or anything you wanted. You could stop the mailing of gifs etc. Everything was configurable, and once up and running, worked great. Ya got me on the price issue though. This thing was expensive, and I think that they have shot themselves in the foot on their licensing structure. The nice thing was I could use FPROT, DR SOLOMON's and MACAFEE or NORTON , and scan both directions. I do think that you would still need to do some checking at!
!
> the desktop as well, as this is w
> here a lot of these things start out life. Besides, I think cleaning up a virus at the wall as something comes in is a ton easier than having to clean up 4 thousand machines, don't you? I guess what I would like to say is that a case can be made for both.
>
Besides cost being a burden here, what was the effectiveness of this
application? I mean, how well did it do on your tests of finding viri in
attachemnts, macro viri, encrypted viri, etc?
I think everyone would love to beable to filter at the wall/gateway, but,
I think the effectiveness of such an approach at this time isn't the best
solution, nor should it be the only solution applied. Most
organizations, like I said before, have seen this to be true, and go to
the desktop to do the most efficient job.
Yes, it can take time and energy to get virus SW on each and every
desktop, and depending upon how ignoratn one keeps their users, can be a
pain to update virus definition files <those orgs that like to keep thier
users somewhat clued and knowledged accomplish this in a much more
managable way>. The biggest threat of viri at this time comes from both
e-mailed macros and lusers that boot with an infected floppy. Here at 3M,
that's the major issue facing the turn to NT on the desktop. There seems
to be nothing one can do to stop a boot sector virus in this manner, none
viable that we've found, and once an NTFS is hit this way, your best route
to recovery is to wipe the machine, fdsik /mbr the drive, and start from
scratch...
Later,
Ron Dufresne
>
> ---------------Original Message---------------
> On Thu, 27 Feb 1997, Pavel Galynin wrote:
>
> > --------------------------- cut ----------------------------------------
> > > > I don't think the virus filters come close to being worth the cost.
> > > >
> > >
> > > Every organization I have worked with found that the best way to handle
> > > the issue of viri is at the desktop workstation.
> > >
> > It is the most efficient way, efficience/cost ratiowise, but it is not
> > perfect and leaves HUGE scurity holes.
>
> Agreed it's not perfect, but is at this time the most viable solution
> available. Sure, one can scan at the wall/gateway, but, that's more
> imperfect a solution at this point in time, not to mention the possible
> bottlenecking that can most likely ensue. But as for this leaving "HUGE
> scurity holes", I'd certainly like to see you clarify that statement a tad
> <smile>...
>
> Later,
>
> Ron DuFresne
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D. Just don't touch anything.
>
>
>
> ----------End of Original Message----------
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
References:
|
|
