|
Wow, someone is angry, or is this what everyone was talking about before? I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE
|
# ? May 6, 2016 00:15 |
|
|
# ? Jun 8, 2024 11:57 |
|
yes
|
# ? May 6, 2016 00:19 |
|
Yeah someone in the infosec thread got a bit sensitive about something.
|
# ? May 6, 2016 00:20 |
|
go3 posted:yes Lol, I'm butthurt, gonna go spend 50bux to show those fuckers that I'm mad about them calling me a jerk. (this was clearly what infosec crybaby was thinking) MF_James fucked around with this message at 00:22 on May 6, 2016 |
# ? May 6, 2016 00:20 |
honestly this is the funniest thing to happen to the thread since the last update from Larches' old job
|
|
# ? May 6, 2016 00:24 |
|
bleh shouldn't do this This kind of made my day *edit* Also, someone in IRC just brought up that according to offical SA rules, we just won the internet MF_James fucked around with this message at 00:38 on May 6, 2016 |
# ? May 6, 2016 00:25 |
|
As Goons, we are all far from winners.
|
# ? May 6, 2016 00:36 |
|
online friend posted:goondolences You can save users from their own stupidity only so much. We have a BYOD policy, *but* you have to agree to have policy applied (mostly password and remote-wipe enforcement) if you connect to our email, you can't connect to resources that aren't cloud based, and even then you need a cert installed to access them. Plus you get your own special-snowflake VLAN, WLAN and BSSID on the APs that's ACL'd away from anything internal. Oh, and you also have your own gateway that's separate from corporate's and has lower bandwidth and a shittier SLA than our corporate network links. It is useful for the person who wants to access email, calendar, and contacts on his own phone or tablet. And we do reimburse a percentage of the monthly bill. But at the same time the end user acknowledges that IT don't support their poo poo, and if their device causes problems it will be blacklisted faster than they can blink. And not get un-listed, not even if you're an SVP. No one can cry ignorance, since all the security policies are online and some of the more important ones are even broken down into simple explanatory documents. We have online training resources available as well. Howls of "I didn't know" are cast into the void, as they get, at the least, a written reprimand in their employee record (which is fairly serious and involves probation). It mostly works out, and you get the occasional complaint from the new guy, but overall both IT and real people are OK with it.
|
# ? May 6, 2016 00:37 |
|
yeah byod works if youve got the infrastructure in place to treat that poo poo like a leper and enough c-level backbone to make it stick. otherwise you're just asking for a giant bag of problems
|
# ? May 6, 2016 00:39 |
|
Colorfinger posted:So I noticed you guys liked the VOD of us performing this so I recorded it properly (without me making a bunch of mistakes in the piano) and then I got real ambitious and made a lyric video, here it is Since it was hit at the bottom of last page. This is amazing and everyone should watch.
|
# ? May 6, 2016 00:44 |
|
go3 posted:yeah byod works if youve got the infrastructure in place to treat that poo poo like a leper and enough c-level backbone to make it stick. otherwise you're just asking for a giant bag of problems I think in the least you can save yourself a gently caress load of hassle by asking these sorts of questions before accepting a job offer if it's going to be your responsibility. I have worked in a place where IT weren't allowed to push back on things and it was horrific, and having someone decent heading up your department makes a huge difference. If your representative to the rest of the company is a grumpy sarcastic prick then your life will become a hell of cloud services that you didn't know about and problems that go on for months without being reported. Edit: Also what Migishu said.
|
# ? May 6, 2016 00:51 |
|
I bet the goon who did this really loves checkboxes and marking off his lists during audits where he can get them wiley users and IT people.
|
# ? May 6, 2016 00:58 |
|
Virigoth posted:I bet the goon who did this really loves checkboxes and marking off his lists during audits where he can get them wiley users and IT people. Nah probably loves when machines need to be re-images because "LOLZ DUMB USER GOT CRYPTO ON THERI MACHINE AND WIPED THEIR OWN FILEZA" Not realizing that having to re-image machines constantly causes OTHER people work, but he can sit and because he doesn't have extra work to do. alright I'm done poo poo talking
|
# ? May 6, 2016 01:03 |
|
what the gently caress did I miss
|
# ? May 6, 2016 01:07 |
|
But what's the best anti-virus software?
|
# ? May 6, 2016 01:07 |
|
We need it for our accreditation but I'll just tell the guys who do it that it's bad and we don't need it- I'm sure that will be fine with them
|
# ? May 6, 2016 01:10 |
|
uPen posted:But what's the best anti-virus software? The friendships we made along the way
|
# ? May 6, 2016 01:11 |
|
Potato Alley posted:what the gently caress did I miss yosposers who are salty about internet pixels, if you can believe it 'twasn't I who did the deed, but damned if I'm not lol'ing at how poorly they take their own medicine Paul MaudDib fucked around with this message at 01:14 on May 6, 2016 |
# ? May 6, 2016 01:12 |
|
uPen posted:But what's the best anti-virus software?
|
# ? May 6, 2016 01:26 |
|
MF_James posted:Nah probably loves when machines need to be re-images because "LOLZ DUMB USER GOT CRYPTO ON THERI MACHINE AND WIPED THEIR OWN FILEZA" you actually seem more angry about the this than the person who gave you the av
|
# ? May 6, 2016 01:28 |
|
Paul MaudDib posted:yosposers who are salty about internet pixels, if you can believe it you said a lot of dumb poo poo and then someone gave you an av that tells other people how much you love to say dumb poo poo seems reasonable imo
|
# ? May 6, 2016 01:32 |
|
Maybe we can stop trying to say how much we don't care that someone gifted us the red text and move on from this dumb derail.
|
# ? May 6, 2016 01:41 |
|
jre posted:Using anti virus has become more of a compliance thing than actually improving the security of your network. This should be quoted so many times that the button becomes a useless, flaming wreckage of what once was a useful function of posting. It's only purpose is to catch the lowest hanging fruit imaginable.
|
# ? May 6, 2016 01:43 |
|
Anti-virus is 99% useless, but for that 1%, its worth it. You install it for compliance these days, that's about all.
|
# ? May 6, 2016 01:58 |
|
I think there's an element of CYA about it as well. If you compile a bunch of papers to show how AV is no help in terms of security, fight the auditors and prove that you have other ways of mitigating the sorts of attacks that AV is advertised as protecting you from, and then get Crypto'd, you're going be in a pretty vulnerable position. Edit: I guess CYA and compliance are actually pretty similar. Or at least you can use 'we are compliant with x and these auditors say so' as part of a CYA strategy if required. Thanks Ants fucked around with this message at 02:07 on May 6, 2016 |
# ? May 6, 2016 02:02 |
|
First of all i'm pissed I didn't get red text. Second, ESET has a "Track my device" function for when poo poo goes missing that I like.
|
# ? May 6, 2016 02:08 |
|
Every AV is adding random poo poo on though to try and gain one over the competition. If you need to manage your endpoints then use MDM on them or something designed for anti-theft which (I assume?) doesn't have the same exploitable low-level OS hooks in it. In the Apple world you can use DEP which is straight up awesome. Had a client running Sophos Endpoint Protection which comes with a firewall element and it just flat out stopped people doing anything on the Internet, and their support were less than useless at handling it.
|
# ? May 6, 2016 02:12 |
|
Thanks Ants posted:They're pretty secretive about it on the website, but they do say you just change your DNS records. Does this gently caress things up for clients that are in the office needing to access internal resources since they don't get the internal DNS servers any more, or is there an agent that deals with swapping the servers out? Your internal DNS servers still work normally but you put the OpenDNS servers as forwarders on them so they talk to OpenDNS for external queries and will drop or block any requests to sites that are blacklisted.
|
# ? May 6, 2016 02:18 |
|
Thanks Ants posted:Every AV is adding random poo poo on though to try and gain one over the competition. If you need to manage your endpoints then use MDM on them or something designed for anti-theft which (I assume?) doesn't have the same exploitable low-level OS hooks in it. In the Apple world you can use DEP which is straight up awesome. Yeah the key things to remember when tasked with choosing AV for a business are: 1. It won't stop poo poo. Sort your firewall out properly and educate users. 2. Make sure your backup solution is solid. 3. Make sure whatever bandaid you buy doesn't open more security holes. 4. Try to get one that doesn't use too many system resources and is easily administered. EDIT: My new fortinet is spazzing out over false positives such as gmails tracking bullshit eg: http://secure-au.imrworldwide.com/cgi-bin/cfg so yeah nothing is going to be set and forget.
|
# ? May 6, 2016 02:18 |
|
Wiggly posted:Your internal DNS servers still work normally but you put the OpenDNS servers as forwarders on them so they talk to OpenDNS for external queries and will drop or block any requests to sites that are blacklisted.
|
# ? May 6, 2016 02:19 |
|
Wrath of the Bitch King posted:This should be quoted so many times that the button becomes a useless, flaming wreckage of what once was a useful function of posting.
|
# ? May 6, 2016 02:23 |
|
online friend posted:you actually seem more angry about the this than the person who gave you the av Not mad just amused. for actual content: Today I raged for like 15 minutes trying to sort out a permissions issue, the user I am using to run a scheduled task has full control to the folder structure, but keeps failing to move a file. I forgot to put the directory to work from in the "start (in)" aka the working directory, felt dumb
|
# ? May 6, 2016 02:24 |
|
Im not on helpdesk, but here's what I do to secure myself 1) Use chrome 2) install ublock origin 3) disable all plugins and require a user click to enable 4) gently caress the intenret without a condom cuz I can tell which ones is nasty Clean bill of health so far. Most of the malware I used to get was from lovely plugin exploits (flash, acrobat), so without the ads and the click to run I'm pretty good. Thats just my two cents, not saying its what everyone should do or that its right.
|
# ? May 6, 2016 02:25 |
|
Thanks Ants posted:Every AV is adding random poo poo on though to try and gain one over the competition. If you need to manage your endpoints then use MDM on them or something designed for anti-theft which (I assume?) doesn't have the same exploitable low-level OS hooks in it. In the Apple world you can use DEP which is straight up awesome. If you're concerned about the threat posed by AV then you should forget about anti-theft software, stuff like LoJack can actually live in the BIOS image and drops an executable that is automatically copied on startup (if removed) and run with system-admin privileges by Windows installations. The mechanism is called the Windows Platform Binary Table. I'm sure you can imagine like a half-dozen practical exploits for any vulnerability in that executable. The host file in particular is probably super vulnerable.
|
# ? May 6, 2016 02:31 |
|
Paul MaudDib posted:If you're concerned about the threat posed by AV then you should forget about anti-theft software, stuff like LoJack can actually live in the BIOS image and drops an executable that is automatically copied on startup (if removed) and run with system-admin privileges by Windows installations. The mechanism is called the Windows Platform Binary Table. I'm sure you can imagine like a half-dozen practical exploits for any vulnerability in that executable. The host file in particular is probably super vulnerable.
|
# ? May 6, 2016 02:33 |
|
Yeah it's the same method that Lenovo (and possibly Dell, not sure) used to make little helper apps persistent across OS re-images. Standard MDM that hooks into the OS APIs shouldn't do that. And yes you lose the ability to track the device down if it's stolen and wiped but to be honest that's what insurance is for. You only need to be concerned about ensuring the data isn't readable.
Thanks Ants fucked around with this message at 02:37 on May 6, 2016 |
# ? May 6, 2016 02:35 |
|
Paul MaudDib posted:If you're concerned about the threat posed by AV then you should forget about anti-theft software, stuff like LoJack can actually live in the BIOS image and drops an executable that is automatically copied on startup (if removed) and run with system-admin privileges by Windows installations. The mechanism is called the Windows Platform Binary Table. I'm sure you can imagine like a half-dozen practical exploits for any vulnerability in that executable. The host file in particular is probably super vulnerable. Thats not how the ESET anti theft stuff works though. It creates a shadow user with limited privileges. A quick CVE search doesn't show any exploits with it yet so linking it with rootkits is a bit simplistic.
|
# ? May 6, 2016 02:42 |
|
Data Graham posted:Curious, what would be better? CLI
|
# ? May 6, 2016 08:00 |
|
Thanks man, I am ready to go forth and IT even harder than before. With paddles.
|
# ? May 6, 2016 08:06 |
|
|
# ? Jun 8, 2024 11:57 |
|
anthonypants posted:You'd think people could wrap this around their head, but then they still want the best antivirus with the best heuristics and the best reviews and the best memory/cpu footprint, and they will link at all sorts of reviews and parrot numbers they don't understand to defend their choice. But if the best reason for antivirus is to fill in an auditor's checkbox or to catch the lowest of the low-hanging fruit, then all of those metrics are completely meaningless, and you should instead go with the least bad antivirus. All antivirus are as good as each other at the task of dealing with malware, because all the researchers know each other and talk to each other. And hate marketing. Some are better for some threat this month, next month it'll be another one. (source: used to work at one.) The important difference is all the crap on top and how much of a PITA it is to administer, so think in terms of that.
|
# ? May 6, 2016 08:35 |