Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Time To Dump Antivirus As Endpoint Protection?
Newest First  |  Oldest First  |  Threaded View
da cappin
50%
50%
da cappin,
User Rank: Apprentice
5/16/2013 | 4:31:50 PM
re: Time To Dump Antivirus As Endpoint Protection?
Antivirus is a poor infosec control that should have been commonly replaced by alternate control(s) long ago, such as compartmenting. A low-risk-tolerance web-browsing compartment could be further controlled by something like whitetrash.sf.net. Discussion of isolation and containers just sounds like "cardboard" layers of boundary scoping that don't actually prevent or protect -- they simply require an adversary with more persistence.

We know for fact that adding a layer of controls like EMET or ChromeFrame will do a lot more than upgrading/fully-patching IE and installing X AV from vendor Y. Additionally, Enterprise management agents (e.g. ePO, AirWatch, et al) open up the surface attack area with new concepts of trust that adversaries can utilize for exploitation/pivoting.
macker490
50%
50%
macker490,
User Rank: Ninja
4/19/2013 | 12:20:42 PM
re: Time To Dump Antivirus As Endpoint Protection?
point #5
Learn to use ( e.g. PGP ) Electronic Signatures to authenticate transmittals

Transmittals include e/mail, EFTs, Credit Cards, online shopping/banking/tax reports, and most particularly software .- if you are using a computer for commercial purposes the old garage computer concept of "run anything you find" -- has to go,.... back to the garage computer. not the commercial one.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
GDPR Enforcement Loosens Amid Pandemic
Seth Rosenblatt, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4306
PUBLISHED: 2020-05-29
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
CVE-2020-4352
PUBLISHED: 2020-05-29
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.
CVE-2020-4490
PUBLISHED: 2020-05-29
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 1...
CVE-2020-5572
PUBLISHED: 2020-05-29
Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.
CVE-2020-5573
PUBLISHED: 2020-05-29
Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors.