Staging Virus Definition Updates

In the wake of McAfee’s false positive that rendered Windows XP computers unbootable there has been a lot of talk. What I wanted to talk about today was the staging of virus definition updates. I saw a lot of comments that companies took the McAfee update and deployed it company-wide without any testing. I dont …

Continue reading ‘Staging Virus Definition Updates’ »

SEP 11.0.6

Symantec Endpoint Protection 11.0.6 is available on fileconnect. The release notes are here. Release Highlights •”Symantec Protection Center v1.0″ introduces a centralized management console with single sign-on to integrated Symantec applications including Endpoint Protection, Brightmail Gateway, Data Loss Prevention, Web Gateway, Critical System Protection, and IT Analytics •”SEP Manager Web Console” delivers web-based access to …

Continue reading ‘SEP 11.0.6’ »

Unicorn sighting

A few weeks ago my officemate posted to Facebook, I’ve just been told by two different Mac Geniuses that installing an antivirus software could actually make the Mac computer less secure. Unfortunately, both were phone conversations because I’m almost certain they were doing the Jedi mind trick hand motions.   As I read that, I figured …

Continue reading ‘Unicorn sighting’ »

Antivirus Exclusions

For many years Microsoft has had an exclusion list of files and folder that antivirus should not scan. I’ve seen similar knowledgebase articles from antivirus venders. For some reason this became blogworthy over at TrendMicro. That has set off the usual echo chamber of anti-Microsoft handwringing. (wait a second an echo chamber of handwringing? exactly …

Continue reading ‘Antivirus Exclusions’ »

VanMorrison.com Iframe

Saw a virus alert today. A user performed an AOL Search (that alone should be banned in our end user behavior policy) on “van morrison” (another termination offense). He/She clicked on a link for www.vanmorrison.com. The antivirus detected an iframe attack. Manually looking at www.vanmorrison.com’s source, I currently see a iframe loading ‘http://iqsp.ru:8080/index.php’. Perhaps someone …

Continue reading ‘VanMorrison.com Iframe’ »

Email Security

Last Friday Purewire blogged about a fake Microsoft Outlook update that one of their employees received via email. Typically when a security company blogs about an email virus they’ve seen in the wild, it clear that its something the research team found, or something that got through to a home address or to their wife’s …

Continue reading ‘Email Security’ »

Some People Really Need to Look Into NAC

Over the weekend I was talking to someone who has a mandatory requirement at work to have their computer inspected by the helpdesk every 60 days. If the computer is not inspected the computer is not allowed onto the network. I’ve heard of such requirements for remote users. Remote users who don’t connect to the …

Continue reading ‘Some People Really Need to Look Into NAC’ »

Alternatives to Desktop Lockdown

This is another post based on notes from the Gartner Information Security Summit. Neil MacDonald gave a talk titled Five Alternatives to Desktop Lockdown: Balancing Control and Creativity. Desktop Lockdown has failed. But so has complete freedom. So what do you do? From an operational perspective, desktop lockdown was performed to reduce the number of …

Continue reading ‘Alternatives to Desktop Lockdown’ »