Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 Jul 2012 13:23:36 +0200
From:      Polytropon <freebsd@edvax.de>
To:        Daniel Bye <freebsd-questions@slightlystrange.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: On-access AV scanning
Message-ID:  <20120727132336.9d2289e8.freebsd@edvax.de>
In-Reply-To: <20120727110019.GB4834@catflap.slightlystrange.org>
References:  <20120727104308.GA4834@catflap.slightlystrange.org> <alpine.BSF.2.00.1207271249160.20428@wojtek.tensor.gdynia.pl> <20120727110019.GB4834@catflap.slightlystrange.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Fri, 27 Jul 2012 12:00:19 +0100, Daniel Bye wrote:
> All desktops/workstations (that is, all of them, every single one),
> must have AV software running on them. There will be no exceptions, on pain
> of dismissal.

Why is the AV software running on FreeBSD not sufficient in
the opinion of your superior (or by the guidelines of the
corporate directives)?

And those who bring a smartphone to work (private or company
use), how do they run AV software on those _IT devices_? :-)

Oh, and how is AV software brought to the company network
printers, the LAN gear and WLAN APs and everything else
that can be infected, exploited, ruined or damaged?

Or do they simply not count as "desktop/workstation" as you
mentioned? In that case: Happy attack vectors. :-)



Excuse my sarcasm, but there's a little truth in it, when
seen from an IT security point of view.



Really, I _do_ understand your problem (or better the problems
others created for you). Try to get more specific statements
to what kind of AV software with which "action attributes" is
required and try to construct a solution that will be sufficient
in the _view_ of the responsible superiors. The less they do
actually understand, the easier it should be. FreeBSD does
_have_ AV software, but not _for_ FreeBSD per se (as it cannot
be infected by viruses, trojans and malware that are designed
explicitely for "Windows" platforms), but it can very well
detect them. This all still does not help against human
stupidity.

Feel free to show this article and make use of its arguments:

Robert McMillan: Is Antivirus Software a Waste of Money?

http://www.wired.com/wiredenterprise/2012/03/antivirus/

A _responsible_ and well-educated IT representative should
form his own intelligent opinions, instead of trying to
blindly corporate guidelines which are possibly _impossible_
to instantiate.



My idea for a solution: You can use a file access monitor
(FAM) to detect when a new file enters the system, and then
immediately have it scanned by a virus scanner you have
already installed from ports.



Next issue: "You need a virus scanner that inspects network
packets!" :-)


-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20120727132336.9d2289e8.freebsd>