>>try a mixed solution of Microsoft Windows Security Essentials for servers and workstations to detect and eliminate
Besides the fact that Microsoft Windows Security Essentials can be a resource hog that brings numerous systems to their knees, it's not a very robust anti-malware solution. In comparison to the top 5 or top 10, it will miss a LOT of infections. It also has other false-positive issues, specifically related to Zeus, which is one of the malware items that Tony wanted to focus on.
From late 2011:
"Some Chrome users reported persistent problems Monday related to Microsoft's Security Essentials and Forefront security products blocking--and in some cases, deleting--copies of the Google Chrome browser after labeling it as a "severe" threat. Microsoft had released an emergency update for the problem on Friday.
According to an update announcement from Microsoft, its products began "incorrect detection of Google Chrome as PWS:Win32/Zbot," which is another name for the password-stealing Trojan application known as Zeus, which is designed to harvest people's financial data."
Google Chrome = Zeus? Wow!
From the self-promoting post .sig:
>>CISSP, ITIL, CEH, MCT
Obviously throwing a bunch of acronyms behind one's name doesn't translate to wisdom. I guess all advice needs to be taken with a grain of salt. I don't mean to be a d*ck, but your advice is bad sir.
In closing, MS Security Essentials is not your best bet for identifying and defeating said malware.
Peace,
Vic,
CISSP, SSCP, HIJKLMNOP, etc.
(cough, wink)
----- Original Message -----
From: Savvy95 (at) gmail (dot) com [email concealed]
To: security-basics (at) securityfocus (dot) com [email concealed]
Sent: Thursday, July 19, 2012 6:50:44 AM
Subject: Re: Re: Malware detection
My 2 cents.....
If you are not looking for a "large robust solution" and you have Windows, try a mixed solution of Microsoft Windows Security Essentials for servers and workstations to detect and eliminate,
Windows inherent AppLocker for Windows 2008/Windows 7/Vista for whitelisting authorized apps.
For Windows XP, try Microsoft SteadyState to "freeze" the machine configuration and any changes are automaticallly removed on reboot. Note: It's been discontinued since 2011 and support for XP will be too in the near future.
I hope you don't have Windows 98/ME/NT/2000 in your environment as there is no hope for you. ;-)
Applocker (How to Guide): http://technet.microsoft.com/en-us/library/dd723686(v=WS.10).aspx
SteadyState (search for the download) there is also a reference document for all settings in SteadyState here: http://windowsteamblog.com/windows/b/springboard/archive/2010/09/27/stea
dy-state-for-windows-7.aspx
You could use Microsoft System Center to what you want and more.
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>try a mixed solution of Microsoft Windows Security Essentials for servers and workstations to detect and eliminate
Besides the fact that Microsoft Windows Security Essentials can be a resource hog that brings numerous systems to their knees, it's not a very robust anti-malware solution. In comparison to the top 5 or top 10, it will miss a LOT of infections. It also has other false-positive issues, specifically related to Zeus, which is one of the malware items that Tony wanted to focus on.
From late 2011:
"Some Chrome users reported persistent problems Monday related to Microsoft's Security Essentials and Forefront security products blocking--and in some cases, deleting--copies of the Google Chrome browser after labeling it as a "severe" threat. Microsoft had released an emergency update for the problem on Friday.
According to an update announcement from Microsoft, its products began "incorrect detection of Google Chrome as PWS:Win32/Zbot," which is another name for the password-stealing Trojan application known as Zeus, which is designed to harvest people's financial data."
Google Chrome = Zeus? Wow!
From the self-promoting post .sig:
>>CISSP, ITIL, CEH, MCT
Obviously throwing a bunch of acronyms behind one's name doesn't translate to wisdom. I guess all advice needs to be taken with a grain of salt. I don't mean to be a d*ck, but your advice is bad sir.
In closing, MS Security Essentials is not your best bet for identifying and defeating said malware.
Peace,
Vic,
CISSP, SSCP, HIJKLMNOP, etc.
(cough, wink)
----- Original Message -----
From: Savvy95 (at) gmail (dot) com [email concealed]
To: security-basics (at) securityfocus (dot) com [email concealed]
Sent: Thursday, July 19, 2012 6:50:44 AM
Subject: Re: Re: Malware detection
My 2 cents.....
If you are not looking for a "large robust solution" and you have Windows, try a mixed solution of Microsoft Windows Security Essentials for servers and workstations to detect and eliminate,
Windows inherent AppLocker for Windows 2008/Windows 7/Vista for whitelisting authorized apps.
For Windows XP, try Microsoft SteadyState to "freeze" the machine configuration and any changes are automaticallly removed on reboot. Note: It's been discontinued since 2011 and support for XP will be too in the near future.
I hope you don't have Windows 98/ME/NT/2000 in your environment as there is no hope for you. ;-)
Security Essentials:http://www.microsoft.com/en-us/download/details.aspx?id=5201
Applocker (How to Guide): http://technet.microsoft.com/en-us/library/dd723686(v=WS.10).aspx
SteadyState (search for the download) there is also a reference document for all settings in SteadyState here: http://windowsteamblog.com/windows/b/springboard/archive/2010/09/27/stea
dy-state-for-windows-7.aspx
You could use Microsoft System Center to what you want and more.
Good Luck
Glen Victor
CISSP, ITIL, CEH, MCT
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]