Re: [Fed-Talk] Purchase Justification
Re: [Fed-Talk] Purchase Justification
- Subject: Re: [Fed-Talk] Purchase Justification
- From: Michael Kluskens <email@hidden>
- Date: Sun, 7 May 2006 11:39:14 -0400
On May 6, 2006, at 12:20 AM, Brian Raymond wrote:
I'm wondering see if the frequency of viruses/trojans, etc. pick up
in the
next few months. I've always agreed with the concept of least
privilege and
appreciated the design of the *NIX OS however I imagine a good
portion of
the users out there are like me, most of the "valuable" stuff is in
their
home directory. The design of the OS may protect the machine itself
but when
your home directory is dropped I would call a virus/trojan quite a
success.
I'm not saying it is going to happen but if I was evaluating attack
vectors
and shooting for the most impact that is what I would target.
This is why regular incremental backups to safe media is important.
Few people generate that many new documents per day or hour. With
proper filtering you can avoid backing up irrelevant cache and other
temporary files. An incremental backup to a local or remote hard
disk is not real safe; however, the pull backup from a central server
to it's hard disks would protect the files. For local backups DVD-
RW's seem to be pretty safe, given that using a program like
Retrospect only that program can do much with the disks, though
potentially a virus could get the OS to erase a DVD-RW; however, you
can use a DVD-RW to evaluate your filtering and then switch to a DVD-
R -- my experience is that a DVD-R/RW lasts several months for
incremental backup of a single user's files, including email,
multiple times per day. Any machine processing large quantities of
data, like video or photos, probably should not be exposed to the
internet if you can't either backup the data or afford to lose the data.
Many people harp on antivirus software, but I have seen first hand on
day zero the brand new viruses pouring through two layers of anti-
virus software that protects the email where I work, there is always
a lag with the current antivirus software, we no longer have anything
like the old GateKeeper antivirus software which identified
suspicious activity on Mac OS systems.
The vulnerabilities are sitting there in OS X waiting to be used (not
only the new ones we see in the security updates but researchers have
discovered old BSD holes in OS X, many are local vulnerabilities but
that is what viruses and trojans need mostly), the question is
whether or not OS X is worth anyone's time to attack plus regular
viruses and worms require a certain critical mass of interconnected
machines in order to propagate.
The growing trend is targeted trojans written by security
"professionals," they don't make it into anti-virus databases because
they are targeted at only a few people and therefore don't get
discovered for a long time if ever.
Still the risks are greater on Windows than OS X and will be for some
time.
Michael
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden