I don't follow, what you've just described is a whitelisting feature, right?
-
-
yes, but it's super flawed - e.g. just get Comodo to sign something, you'll see samples like that in Virustotal too. I don't know if you've ever done it at scale but it's.. not great. As always, combination - disable for users who never need it, add app whitelisting etc.
2 replies 1 retweet 6 likes -
Replying to @GossiTheDog @taviso and
Don’t let perfect be the enemy of good. The ASD E8 has a nice progression of whitelisting/macro restrictions: https://acsc.gov.au/publications/protect/essential-eight-maturity-model.htm …
1 reply 0 retweets 8 likes -
I kinda know about that, haha
1 reply 0 retweets 1 like -
Replying to @GossiTheDog @taviso and
Notice how AV doesn’t appear in that model at all.
1 reply 0 retweets 1 like -
Sure. Also notice how almost nobody runs it (yet).
1 reply 0 retweets 0 likes -
Replying to @GossiTheDog @markeldo and
Antivirus is entrenched real good, but you agree it doesn't work and we need to make things better, right? I don't understand the pushback, it's like you're saying "nah it's good enough" to me, then I see you complain how terrible it is in other tweets
1 reply 0 retweets 2 likes -
Pragmatism and realism. If most orgs turned off AV right now, they wouldn't have a network in a week. That's my experience. There's a very long road to getting almost every org to a position where they can be AV free.
3 replies 1 retweet 15 likes -
Replying to @GossiTheDog @markeldo and
You're talking about keeping an dangerously insecure network operational, not keeping it secure. You can keep a jet in the air with duct tape, but I hope you're not transporting anything important. So we're in agreement that whitelisting is a good solution, and AV isn't?
5 replies 0 retweets 9 likes -
Security and operations go hand in hand. Lots of orgs have vastly under invested in IT and lurch from one near miss to another - they're also still in business. I'm not about idealism because the trench reality is very different outside tech company budgets.
2 replies 1 retweet 13 likes
Is it idealism to give up on homeopathy when your patients start dying? You say "security and operations go hand in hand", but there exists no security today, and you argue for maintaining that status quo so as not to risk operations!
-
-
Nope, not arguing for status quo. Just saying that, say you've got a crab paste company with 10k staff depending on it - if you uninstall AV, you don't have a company shortly after. Maybe you need a plan to get better, which can include, for example, app whitelisting with AV etc
1 reply 0 retweets 5 likes -
Replying to @GossiTheDog @markeldo and
You need a plan of course, nobody would dispute that. It can certainly include a transition period or staged rollout, whatever works to get to safety. I think your position seems to be more nuanced than your flowchart suggested, which people have been pasting at me nonstop
2 replies 0 retweets 2 likes - 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.