WhiteHat Consulting

Verizon Business has released a report that touches on what they found after looking through 500 forensic investigations involving 230 million records, and analyzes hundreds of corporate breaches. These breaches include three of the five largest breaches ever reported. Here is a few items they discovered:

• 87% of corporate data breaches could have been prevented if they had reasonable security measures been in place (duh!).
• Less than 25 percent of attacks took advantage of a known or unknown vulnerability.
• Asian attacks (mainly China and Vietnam) are usually application exploits that are used for data compromise.
• Most defacements originate out of the Middle East.

There’s also some very good information in the article regarding how to protect your network and data. I would strongly encourage any network/system administrator to, at the very least, browse this part of the report.

It’s been a long time since I’ve used a virus scanner at home, and I’ll tell you why:

1. Well, I’ve been using Linux since 1998. However, let’s put that aside as this still applies to before I completely converted to using strictly Linux in 2002.

2. It eats up system resources like you wouldn’t believe. Thanks, but I’d rather put my processor to better use – something other than doubling the processor power it takes to open a spreadsheet. FreeAVG seems to be the only decent anti-virus solution for Windows that doesn’t kill the processor usage by default.

3. They can only find known viruses. Maybe being “protected” from tens of thousands of viruses comforts you, but I’m worried about the few no one knows about yet, and AV software provides no protection against those.

4. They are only partially successful in removing viruses. How many times have you seen “Delete Failed! click here for more info”? I saw it a few times too many. I SHOULD NEVER EVER SEE THIS MESSAGE! This is a design failure.

5. AV software is not effective as a means of prevention. Virii come in two flavors, trojans and worms. Trojan – idiot user clicked on BrittneySpearsNaked.jpg.pif.bat.js.exe; AV cannot prevent this. Worm – Windows security issue; AV cannot prevent this. This is an over-simplification, and may not be 100% technically accurate, but you get the picture.

6. If AV software can’t prevent infection, and if it sometimes can’t even remove the infection, what good is it again? It’s good for Symantec, its good for Macafee, and its good for IT professionals who get to say “its not my fault, I did everything i could to prevent it” next time a code red happens.

Today while visiting Davenport’s library, even when I first logged on, I kept getting bombarded with a “Realtime Infection Alert” that appears to be an eTrust antivirus false positive (and an annoying one at that). Hopefully this is fixed soon…