Posted by Danny M2Z on 26/12/2019 22:23:56:
Posted by Ed Duffner on 26/12/2019 11:47:11:.
…The virus collection was archived from when I worked as an IT specialist.
…
Part of one report that I wrote emphasised that the delivery mechanism (getting it into a victim's system) was the weak link and isolation coupled with education was recommended, including a total ban of people bringing media onto the sites.
Interestingly enough, NONE of the commercial a/v products had a 100% success rate and many gave false positives.
…
* Danny M *
Plenty of valid reasons for owning a large collection of computer viruses even if you aren't a super-criminal!
I agree with Danny's total ban, and have reinforced it in practice by configuring computers so they can't read or write media, and are fully encrypted, plus keeping virus and malware protections active, and with all the data in a physically secure computer room, not on local hard-drives etc. This is because people (including me) are unreliable.
Education is essential, but often ineffective. Unless someone has a particular interest in computer security, most people in my experience fail to pay attention or can't maintain their guard over long periods. There's another group who don't believe any of it applies to them: they see no harm in writing their password on a label under the keyboard, or copying all their customers bank details on a memory stick and then leaving it in a pub.
The level of protection required is related to the value of the data being protected and the risks to it. For example, the CIA has to manage the threat of well-funded professional attacks mounted by any of several foreign intelligence services, including Allies. Elderly gentlemen using XP only to browse this forum, never spending money online, viewing porn, or sharing private details willy-nilly on social media can be more relaxed about computer security. But no-one is immune!
Security gets really interesting when balancing usability against security needs. Security experts are only happy after the entire system has been disconnected, shredded and incinerated. Not possible, so real computer systems doing real work, always have loop-holes and vulnerabilities. It's the job of the security team to manage the risks, a particularly hard job when most of us don't understand security, are naive about the risks, get lazy, make stupid mistakes or take bribes.
Corporates often use as many as three or four different AVM products in parallel as a way of reducing virus risks: one on the internet gateway, another on all the workstations, and a third on the servers. Developers and system administrators loading new software may add a fourth. It's necessary to update all of them regularly; ideas about this vary, but weekly isn't enough! The most at risk systems will have someone monitoring virus threats continually, perhaps reacting 24×7 to dangerous issues by applying patches or by disconnecting services. Also important to keep a careful eye on AVM products because they aren't consistently effective over time. Untested loyalty to Brand-X is unwise because AVM products rely on an engine and a database of signatures. Both can get out of date, or – in the worst case – be unable to adapt to new threats without major rework. They're not like quality physical tools that stay reliable for decades.
Dave