Why not run users' desktops in a quarantined sandbox or virtual environment? Wouldn't that prevent these types of attacks from being so damaging? Or at least allow for faster response to and cleanup of an attack?
I have to agree with the response to the first posted reply - in .gov there is too much emphasis placed on reporting compliance, without actually being compliant. As I type this, I know that the system I am using is not up to date on security patches and fixes - and there is nothing I can do about it. We're told that it is all automated, and once a month, the patches are pushed out.
I have to agree with the response to the first posted reply - in .gov there is too much emphasis placed on reporting compliance, without actually being compliant. As I type this, I know that the system I am using is not up to date on security patches and fixes - and there is nothing I can do about it. We're told that it is all automated, and once a month, the patches are pushed out.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/641/2303#2303