Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Do we still need scheduled scan?

from [Steven Hay] Network Security [Permanent Link]
Subject: RE: Do we still need scheduled scan?
Date: Thu, 29 Dec 2005 11:37:01 -0700 
 
We've been fortunate to have our users "trained" to log off or restart
their systems at night so nightly scans can take place.  But we face the
same pain with our laptop users (including myself when on call) as when
we start up our laptops in the morning the "background" scan makes
systems painfully slow for a few hours.

But, we've had inactive viruses dropped into systems from web sites that
weren't caught by our gateway filter that has been picked up by the
nightly scans.  We've picked up latent malware through our nightly scans
as well.  The Internet is such a hostile business necessity that we just
can't ignore any opportunity to increase our defence in depth, including
full nightly scans.

Steven Hay
Community Savings

-----Original Message-----
From: kyle.moffitt@sophos.com [mailto:kyle.moffitt@sophos.com] 
Sent: December 29, 2005 10:07 AM
To: Bruce Martins
Cc: dfox168@hotmail.com; focus-virus@securityfocus.com
Subject: Re: Do we still need scheduled scan?

I guess I'm not "telling" anyone anything, except which parameters
generally dictate best practices when considering system-wide scanning
strategy.  Either way, "my" AV product is irrelevant to the question
posed
-- and further qualified by a legitimate business problem -- which was
essentially "is this additional scan necessary with respect to all my
other defensive measures, AND the substantial overhead it consumes?".
If I thought the conclusion reached based on those parameters was a
recipe for disaster I wouldn't have offered such a reckless suggestion,
especially under my moniker.

Is schedule scanning "pointless"?  In a perfect world, no.  But as it
stands, its business value may decrease when all other things are
considered.  It's just another risk calculation we all must face in this
topsy-turvy world, my friend, so I'm just offering it as I hope you
would take it:  FWIW.  No apologies necessary.

Kyle Moffitt
Sophos, Inc.



 

             "Bruce Martins"

             <BMartins@extend.

             COM>
To 
                                       <kyle.moffitt@sophos.com>

             12/29/2005 11:43
cc 
             AM                        <dfox168@hotmail.com>,

                                       <focus-virus@securityfocus.com>

 
Subject 
                                       Re: Do we still need scheduled

                                       scan?

 

 

 

 

 

 





So your telling everyone that scheduled scanning is pointless because
your av products with real time scanning are perfect? That is recipe for
disaster, no impact on a user that isn't there running a full scan every
hour doesn't make sense either, using all of the capabilities of the
products is best and having a fall back layer of a scheduled full system
scan doesn't hurt, calling this costly is nothing compared to lost data
or downtime to the user and or network

Apologies if I misread your response as I am on the move at the moment
Bruce Martins Systems Administrator
EXTEND>>MEDIA
190 Liberty Street
Toronto, Ontario
Canada
M6K 3L5
_______________________
e:bmartins@extend.com
t: (416) 535-4222 ext. 2307
f: (416) 535-1201
http://www.extend.com
--------------------------
Sent from my BlackBerry Wireless Handheld


-----Original Message-----
From: kyle.moffitt@sophos.com <kyle.moffitt@sophos.com>
To: Bruce Martins <BMartins@extend.COM>
CC: dfox168@hotmail.com <dfox168@hotmail.com>;
focus-virus@securityfocus.com <focus-virus@securityfocus.com>
Sent: Thu Dec 29 10:35:10 2005
Subject: Re: Do we still need scheduled scan?

This approach presumes updates are infrequent (> 1hr apart), and/or
innacurate or expensive proactive detection is employed.  The
cost/benefit of relying on on-access scanning (esp. for client machines)
vs. costly and redundant scheduled scanning is almost always in the end
user's favor.
FYI, best practices differ based on the engineering of AV software, and
a particular vendor's global response capability to emerging threats.
Suffice to say, no two AV are alike.

Kyle Moffitt
Sophos, Inc.




             "Bruce Martins"
             <BMartins@extend.
             COM>
To
                                       <dfox168@hotmail.com>,
             12/29/2005 09:59          <focus-virus@securityfocus.com>
             AM
cc

 
Subject
                                       Re: Do we still need scheduled
                                       scan?










You should still run a scheduled scan sometimes things are missed in
between dat file updates, if you run the scan late at night there should
be minimal impact.
Bruce Martins
Systems Administrator
EXTEND>>MEDIA
190 Liberty Street
Toronto, Ontario
Canada
M6K 3L5
_______________________
e:bmartins@extend.com
t: (416) 535-4222 ext. 2307
f: (416) 535-1201
http://www.extend.com
--------------------------
Sent from my BlackBerry Wireless Handheld


-----Original Message-----
From: Doug Fox <dfox168@hotmail.com>
To: focus-virus@securityfocus.com <focus-virus@securityfocus.com>
Sent: Wed Dec 28 17:28:04 2005
Subject: Do we still need scheduled scan?

If we have already implemented virus scan at the gateway, on the mail
server, on individual servers, and real time scan on
workstations/laptops, do we still need scheduled, e.g., weekly, scan on
workstations and laptops as well as servers?

Schdeuled scans really slow down some machines.

Any comments are appreciated.

Thanks,

Doug






--
Kyle Moffitt
Senior Account Executive, Sophos

Tel: 781 973 0110
Web: www.sophos.com
Sophos - integrated threat management






--
Kyle Moffitt
Senior Account Executive, Sophos

Tel: 781 973 0110
Web: www.sophos.com
Sophos - integrated threat management
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Do we still need scheduled scan?, Mark Brunner
Next by Date:  RE: Do we still need scheduled scan?, James Knowles
Previous by Thread:  RE: Do we still need scheduled scan?, Derick Anderson
Next by Thread:  RE: Do we still need scheduled scan?, Sewell, Cathy
Indexes:  [Date] [Thread] [Top] [All Lists]