Date: Fri, 27 Jul 2012 13:23:36 +0200 From: Polytropon <freebsd@edvax.de> To: Daniel Bye <freebsd-questions@slightlystrange.org> Cc: freebsd-questions@freebsd.org Subject: Re: On-access AV scanning Message-ID: <20120727132336.9d2289e8.freebsd@edvax.de> In-Reply-To: <20120727110019.GB4834@catflap.slightlystrange.org> References: <20120727104308.GA4834@catflap.slightlystrange.org> <alpine.BSF.2.00.1207271249160.20428@wojtek.tensor.gdynia.pl> <20120727110019.GB4834@catflap.slightlystrange.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 27 Jul 2012 12:00:19 +0100, Daniel Bye wrote: > All desktops/workstations (that is, all of them, every single one), > must have AV software running on them. There will be no exceptions, on pain > of dismissal. Why is the AV software running on FreeBSD not sufficient in the opinion of your superior (or by the guidelines of the corporate directives)? And those who bring a smartphone to work (private or company use), how do they run AV software on those _IT devices_? :-) Oh, and how is AV software brought to the company network printers, the LAN gear and WLAN APs and everything else that can be infected, exploited, ruined or damaged? Or do they simply not count as "desktop/workstation" as you mentioned? In that case: Happy attack vectors. :-) Excuse my sarcasm, but there's a little truth in it, when seen from an IT security point of view. Really, I _do_ understand your problem (or better the problems others created for you). Try to get more specific statements to what kind of AV software with which "action attributes" is required and try to construct a solution that will be sufficient in the _view_ of the responsible superiors. The less they do actually understand, the easier it should be. FreeBSD does _have_ AV software, but not _for_ FreeBSD per se (as it cannot be infected by viruses, trojans and malware that are designed explicitely for "Windows" platforms), but it can very well detect them. This all still does not help against human stupidity. Feel free to show this article and make use of its arguments: Robert McMillan: Is Antivirus Software a Waste of Money? http://www.wired.com/wiredenterprise/2012/03/antivirus/ A _responsible_ and well-educated IT representative should form his own intelligent opinions, instead of trying to blindly corporate guidelines which are possibly _impossible_ to instantiate. My idea for a solution: You can use a file access monitor (FAM) to detect when a new file enters the system, and then immediately have it scanned by a virus scanner you have already installed from ports. Next issue: "You need a virus scanner that inspects network packets!" :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120727132336.9d2289e8.freebsd>