[Cialug] Home DLP, Anyone?

kristau kristau at gmail.com
Tue May 6 13:39:43 CDT 2014


The primary factor that makes AV software useless is when end-users have
full administrator privileges. All exploits run with the privileges of the
user. If the user has full admin rights, then the malware can easily make
disabling AV its first attack. Very few exploits attempt privilege
escalation for this very reason. They simply do not need to escalate.

Yes, it is a PITA to apply upgrades, install software, make system changes,
etc. when you are not an administrator, but it is a small price to pay to
protect your system from a very large percentage of malware.


On Tue, May 6, 2014 at 1:13 PM, David Champion <dchamp1337 at gmail.com> wrote:

> Symantec AV has been dead for a long time. I've seen several PC's running
> Symantec that have all kinds of virus / spyware on them. It's nearly as
> worthless as McAffee.
>
> -dc
>
>
> On Tue, May 6, 2014 at 12:52 PM, <j.bengtson at mchsi.com> wrote:
>
> > If we didn't need to persist SOME data, we could just use a live CD and
> > reboot every couple of hours or so.  You don't have to worrry so much
> about
> > viruses, worms, and other miscellaneous malware because they're gone when
> > you reboot.
> >
> > ----- Original Message -----
> > From: jim kraai
> > To: Central Iowa Linux Users Group
> > Sent: Tue, 6 May 2014 11:57:36 -0500 (CDT)
> > Subject: Re: [Cialug] Home DLP, Anyone?
> >
> > I have relatives, a couple, who have explicitly, intentionally done what
> > you suggested on the, arguably flawed, assumption that they have nothing
> to
> > hide and nothing worth stealing.  They now pay best buy $300/yr on some
> > blanket security/repair plan, $100+/yr on cloud backup, and I spend about
> > 50 hrs/yr helping them deal with the problems that aren't covered by the
> > commercial services
> >
> > So, that's my current mental model for how wanton neglect benefits normal
> > users.
> > On May 6, 2014 11:42 AM, "Dave Hala"  wrote:
> >
> > > My day job is fairly dull this time of year, so I guess you could say
> > > those thoughts are born of boredom.
> > >
> > > :) Dave
> > >
> > > On Tue, May 6, 2014 at 11:25 AM, jim kraai  wrote:
> > > > If that was very zen or sarcastic, I get it :-)
> > > >
> > > > I remember an old sci-fi story about a world that was polluted with
> > > > quadrillions of little surveillance lense/transmitter things.  There
> > was
> > > no
> > > > way to tell who produced a given lens or even whether one was of
> > civilian
> > > > or commercial origin.  The protagonist struggled with the problem of
> > > > keeping all of them out of his house, meticulously vacuuming, etc.,
> > > > spending a significant portion of his time and resources on the
> > problem.
> > > > In the way that such stories end, he finally gave up and dove into a
> > > > swimming pool sized pile of them.
> > > >
> > > > You raise a good point.  Who's paying you to say such things?  Does
> it
> > at
> > > > least pay the mortgage?  :-)
> > > >  On May 6, 2014 11:09 AM, "Dave Hala"  wrote:
> > > >
> > > >> Try approaching the problem from a different perspective, by asking
> > > >> the question: What If do nothing? or What if I do the same thing as
> > > >> everyone else?
> > > >>
> > > >> (I'm *not* suggesting doing nothing.)
> > > >>
> > > >> :) Dave
> > > >>
> > > >> On Tue, May 6, 2014 at 10:57 AM, jim kraai  wrote:
> > > >> > This email contains fever-induced, half-baked thoughts. Proceed
> with
> > > >> > caution.
> > > >> >
> > > >> >
> > > >>
> > >
> >
> http://it.slashdot.org/story/14/05/06/1343210/anti-virus-is-dead-but-still-makes-money-says-symantec(uh
> > > >> ,
> > > >> > I guess I'm obligated to say, "Slashdot sux" or something like
> that)
> > > >> >
> > > >> > The piece says "Meanwhile, other security firms including FireEye,
> > > >> RedSocks
> > > >> > and Imperva are casting doubt on AV, suggesting a focus on data
> loss
> > > >> > prevention might be better."
> > > >> >
> > > >> > I used to work at a DLP company.
> > > >> >
> > > >> > I came to view DLP is an interesting, but terribly ineffective
> > thing.
> > > >> > Rather, it's effective against terribly naive agents/hackers.
> > > >> >
> > > >> > What's the general consensus here on using DLP as a way to secure
> > home
> > > >> and
> > > >> > small business networks?
> > > >> >
> > > >> > Here's a weird way of looking at it long term:
> > > >> > 1. Passive:  Door locks and windows are passive security. One time
> > > cost
> > > >> > plus infrequent replacement.
> > > >> > 2. Active:  Home firewall/DLP/whatever that actively burns
> Watt/hrs
> > > >> > constantly which must be constantly updated against new threats
> > > >> > 3? Aggressive:  Due to the rapidly increasing rate of change, in
> the
> > > >> future
> > > >> > will we have to install things that actively, preemptively hunt
> down
> > > >> > threats, or fund some company or agency that does that for us?
> > > >> >
> > > >> > If the internet ever gets fixed via to aggressive, knee-jerk
> > > >> overreactions,
> > > >> > it might really, really suck.
> > > >> >
> > > >> > I probably need to step away from the keyboard for a bit
> > > >> > _______________________________________________
> > > >> > Cialug mailing list
> > > >> > Cialug at cialug.org
> > > >> > http://cialug.org/mailman/listinfo/cialug
> > > >> _______________________________________________
> > > >> Cialug mailing list
> > > >> Cialug at cialug.org
> > > >> http://cialug.org/mailman/listinfo/cialug
> > > >>
> > > > _______________________________________________
> > > > Cialug mailing list
> > > > Cialug at cialug.org
> > > > http://cialug.org/mailman/listinfo/cialug
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > http://cialug.org/mailman/listinfo/cialug
> > >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>



-- 
Tired programmer
Coding late into the night
The core dump follows


More information about the Cialug mailing list