Friday, 20 August 2010

Antivirus is not enough

Psst: Can You Keep A Secret? over at Biztech Magazine tells the story of a SME that seemed to be relying solely on their antivirus software to provide protection and as a result suffered a devastating virus outbreak.

“Small businesses are definitely more at risk than large businesses with respect to security because if they are attacked and their information is compromised, they can go out of business quickly,” observes Dr. Sushil Jajodia, director of the Center for Secure Information Systems at George Mason University. “As such, there is very little margin for error.”

While there’s no mention of Least Privilege Security, there are some encouraging signs:

MobiTV also customizes domain policies to enforce and lock down different aspects of its Windows and Linux machines and uses monitoring agents that not only report back performance and health statistics but also monitor for security events and patch management gaps.

Monday, 16 August 2010

Two more book reviews

Another short review of Least Privilege Security for Windows 7, Vista and XP at Ward Vissers:

I have read already some chapters. I think it is a great book to have on your collection.
You have always not enough time thinking about security. This book does it for you.

And here at Anything about IT:

I haven’t read the entire book yet, but from what i have seen thus far, it’s definitely a must have for any IT Pro who working within the Client Desktop management space. I’ll submit further feedback when I have completed the review.

AV alone is not enough

According to an article on Help Net Security, AV vendors detect on average 19% of malware attacks, a recent study by Cyveillance claims that the most popular antivirus products detect less than 19% of new malware threats, and that rate increases only to to 61.7% after 30 days.

Top AV solutions take an average of 11.6 days to catch up to new malware. Since this does not include malware signatures undetected even after 30 days, users should not rely on the AV industry as their only line of defense.

The full report can be downloaded here (registration required).