Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 Jul 2012 20:47:32 +0200
From:      Polytropon <freebsd@edvax.de>
To:        Mark Felder <feld@feld.me>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: On-access AV scanning
Message-ID:  <20120727204732.c143bc3d.freebsd@edvax.de>
In-Reply-To: <op.wh393aps34t2sn@tech304>
References:  <20120727104308.GA4834@catflap.slightlystrange.org> <op.wh393aps34t2sn@tech304>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Fri, 27 Jul 2012 13:10:12 -0500, Mark Felder wrote:
> Virus scanning should not be your problem. If the Windows users in the  
> organization have an antivirus solution there is no need for you to have  
> one. It doesn't matter if you share files over SAMBA -- when they access  
> the files their virus scanner will check them.

His "problem" is that there's a corporate reglementation
of what he has to do, which he needs to obey in order to
keep his job. Even though this ruleset contains something
stupid (or even impossible), it's a requirement. Of course
a stupid one, but it does exist.

Surely it would be better for the company that has _admitted_
to have had more than one significant infection to do the
simplest, most stupid and absolutely basic tasks:

1. educate users, repeat educating users, continue
   educating users

2. connect "Windows" PCs through a non-"Windows" scanning
   facility to the Internet; think about who needs Internet
   and who doesn't

3. limit access to local storage (CD, DVD, USB sticks) and
   force those to be "inserted" to the network (e. g. as
   a CIFS share) again through a non-"Windows" scanning
   facility; again think about who should be allowed to
   enter "foreign data" to the company network and _how_
   it is _required_ to be done

4. consider the whole network, also think about (W)LAN or
   BT connected smartphones, printers, networking gear

5. learn about viruses, trojans, malware: how they work,
   how they are used and therefore how to "actively act
   against them"

6. understand security as a process, not a stupid list that
   tells you to "have a virus scanner on the system that
   works on access"; now go to item 1 again

Of course, _none_ of those points seems to be on the agenda
at the moment. There's still the rule "You must have a
virus scanner on your computer that acts as on-access scanner
and scans for any viruses." It misses both that FreeBSD is
not infectable by "Windows" viruses, and it does not prevent
any "non-virus" attacks (such as per smartphone, per printer,
per human stupidity and carelessness).

So I think Daniel is actually on the best road at the moment.
Sure, it won't make _his_ system safer, and it won't make
other systems safer, but it will conform to the rules. If
he's able to use FAM/Ganim as the "on-access" part, and
a virus scanner he finds suitable for the "virus scan" part,
that should be sufficient.

	if(system_has_scanner && scan_on_access)
		allow_system();
	else
		if(insist_on_system)
			fire(Daniel);
		else
			deny_system();

Obeying can be fun, if it _is_ that easy. :-)

Maybe later on, he can convince his superior to switch
on his brain for thinking about the corporate guidelines.
It's worth it, and it saves money. I'm confident that it
is a chance to finally dump the stupid idea of insisting
to have a virus scanner on FreeBSD where there are no
viruses it could scan for.



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20120727204732.c143bc3d.freebsd>