I have a completely different view. I think that AV, while not the
silver bullet, is a solid line of defence.
Perhaps, but from what? It won't protect the box from being broken
into, and the argument that it will protect you from things we don't
know about yet just doesn't hold.
[Brady] - I think it does hold for a lot of us. If it doesn't for you,
that's ok. And I still think in some cases it can help protect the box
from being broken in to, in cases of worms and script-kiddies.
The more
lines of defence you have, the more proactively you have secured your
environment.
And the more things you have to manage, and the more things you have to
look at when troubleshooting an issue...and yet another set of logs that
you have to review.
[Brady] - My AV client writes to the application log. Nothing more to
review.
In a perfect world everything would be nicely secured, things like
Windows and TCP/IP would have been designed for security and we would
all be proactive not reactive.
But you can be proactive with Windows...there are a great number of
things you can do to secure a Windows system proactively. The problem
is that few of them are done.
[Brady] - True, and one of things that can be done is installing an AV
client.
Harlan
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
