Thread: Running program files on XP with non-executable extension?
View Single Post
  #20 (permalink)  
Old 11-04-2005, 01:26 AM
Winged
Guest
  
Posts: n/a
Default Re: Running program files on XP with non-executable extension?
Leythos wrote:
> In article <aghkm1tjfd53jjrrhblug111uu7d0q3sij@4ax.com>,
> support@replace_with_domain.com says...
>
>>Leythos <void@nowhere.lan> wrote:
>>
>>
>>>In article <4369728B.4080900@wapda.com>, ekron@wapda.com says...
>>>
>>>> This is what an anti-virus program will do if you choose to rename
>>>>the file to keep it for observation purposes
>>>
>>>Not true, that's what SOME Av products will do if you rename the file.
>>>We have our AV software set to scan EVERY file on access,
>>
>>Overkill, and time wasteful.
>
>
> Depends on the environment, not everyone has data they don't care about.
>
>
>>>except the
>>>database and exchange store files (as defined by MS and the Av
>>>provider), but if you were to rename myvirus.exe to myvirus.txt, it
>>>would still be detected as a virus.
>>>
>>>Good settings for any AV product would be to scan all files accessed.
>>
>>God forbid.
>
>
> Funny, how many networks have you designed and maintain that have NEVER
> been compromised?
>

Afraid we too scan everything. While I agree this is wasteful of
resources, it really doesn't have enough impact in real world
environment to be an issue.

We scan files on write, open and modify. Overkill yes, but our flip
flops have yet to unionize.

We wake our system on weekends (during non-work hours) to do full scans.
One advantage to this is it is an easy way to flag something that is
talking outbound when it's not supposed to, yes it does happen.

We even open IE on a intranet page to ensure something doesn't
communicate that wasn't caught with other methods. Pretty easy to
identify the firewall communication.while this method is by no means a
check for much, it is surprising it finds sometimes. When the net is
loaded with users it can hide activity when your dealing in multiple t3s
and T9s and dual gigabit between subnets.

We wake our machines nightly as required for patching. CPU cycles are
pretty cheap these days. Afraid I have not issue wasting the computer
time, they work cheap.

If you are not careful things hide in JAR files or other places may be
easily missed. Easiest to scan everything and march on. AV is the
easiest to manage these days, now if someone can just stop those damn
patches from breaking stuff I would be happy.

The idea here is to avoid doing system maintenance tasks that impact
user operations, that gets expensive very fast. You have to avoid
system downtime when it costs $100,000 an hour to bring networks down
due to a virus event.

Winged

Reply With Quote