[dba-Tech] Win 10 virus protection
Jim Lawrence
accessd at shaw.ca
Wed Mar 16 15:50:36 CDT 2016
H Gustav:
I tend to like running my own system application in-shop but when it comes to mail servers that is where I draw the line. A properly run mail-server can be a whole career in itself. Dealing with spam, malware, white-lists, black-lists, groups, users, attachments, remote access, quotas and so on can be very time consuming. To my way of thinking, lets some else do it that knows what they are doing. I have only installed an Exchange server (actually have the original Microsoft 2013 DVD) once and realized it was as complex as a big Oracle install.
I have nothing against Microsoft after all, they were my business from the first DOS disks. But sometimes, I am not particularly impressed with the companies direction. I think the latest Windows allowing MS to suck up the clients data is a little too greedy and invasive of a businesses' privacy...if they dial their aggressive approach back a bit, I will be happier.
I have retired and I can no longer justify the monthly expenses from Microsoft but I can see the attraction for a small business. For the last decade most of my work was at the system and server BE level for a variety of banks and large franchises. They all use (UNIX) Linux exclusively and from then on that environment has been my preference.
In addition, big companies tend to be a bit excessive about their security and privacy and I have picked up a bit of their philosophy... Microsoft, as I see it, is going a bit against the grain. Maybe Microsoft doesn't understand this, as in their world, for years, it has been mostly the desktop and small networks...but times are changing and hidden security flaws along with internet exposure are taken very seriously. They should look to IBM as that company abandoned their proprietary OS and switched to Linux, a few years back, as that is what their customers wanted.
As for whether I am "Microsoft paranoid" hardly, cautious but not without good reasons.
Jim
----- Original Message -----
From: "Gustav Brock" <gustav at cactus.dk>
To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com>
Sent: Wednesday, March 16, 2016 1:04:56 AM
Subject: Re: [dba-Tech] Win 10 virus protection
Hi Jim
My plan was to replace or Novell Groupwise with an in-house Exchange (part of the MAPS deal). One consideration was what to replace our spam filter, SpamBunker, which had ceased further development.
However, just at that time Office 365 was introduced, and I moved our mail host to its Exchange on-line with its included spamfilter. Then I could set up our in-house Exchange server later.
Well, it never happened. Exchange on-line works so well that I see no reason for setting up an Exchange server except for the fun and, believe me, I can think of tasks more fun than that. Also, a bit to my surprise, the spamfilter is not very effective but extremely effective with about zero false positives and less than five bad mails not caught per year. One was received by me, and just for fun I extracted the zip but Microsoft Defender ate the content.
For us, Office 365 has proven to be a zero issue choice that delivers - and our five main users are covered by our MAPS deal. Highly recommend if you are not MS paranoid.
/gustav
-----Oprindelig meddelelse-----
Fra: dba-Tech [mailto:dba-tech-bounces at databaseadvisors.com] På vegne af Jim Lawrence
Sendt: 15. marts 2016 20:52
Til: Discussion of Hardware and Software issues <dba-tech at databaseadvisors.com>
Emne: Re: [dba-Tech] Win 10 virus protection
Hi John:
I will make some comments on how to do things and subtle changes in our approach but as you said this group is techs and we are not typical (if ever) users and therefore not prone to making dumb and simple errors.
That said; your over-view is excellent. Below are my comments.
Mail is the most dangerous application on any network. Its port (80) is always open and virtually every bug comes into a PC or network via that address. Some clients are doing their mail via virtual drive or Container on their own PCs. Then there is the server solution where mail is isolated through a Hyper-V and user just connect through a web interface. As Hyper-V is not really Windows, its OS is not as susceptible to the standard viruses. (Then of course there are Linux mail servers which are only prone to a very few pieces of malware.) My ISP (Shaw) runs a copy Zimbra which is a web based mail server which can scale up from a simple client system to a huge internet/network Exchange like server (50 million clients or is it messages a day?)...unfortunately it is Linux based. One of the new trends is to host mail services through a Cloud based cluster of client mail boxes. The over all trend is to isolate client mail from any system but these alternatives are either corpora!
te based or still fledgeling.
Backups are the next most critical point in any system. Cloud based backups are great but in a real catastrophic failure these data sources may become unavailable. To my way of thinking, the best backups are local, varied and continuous. Local; is always faster and accessible. Varied: One; there are a host of synchronization applications out there...when a program or data is changed a backup is kept of the changed information for a defined number of hours...(in the event of disaster, recovery can be time consuming.) Two; a good multiple backup system; daily, with a good range of copies and a high level of password protection (a backup password that is only used for the backup and is encapsulated and automated.). Three; off-site storage...there is no protection against a natural disaster. Four; a good file system design...one that makes client side restore points...but getting clients to do this regularly is difficult.) There is a trending FS called ZFS. For years it has been!
the domain of servers but now it is becoming a option for all operating systems...even Windows 10. The whole ZFS is designed to guarantee data integrity, with multiple layers of redundancy, auto-restore points, built in encryption for files and directories, expandable across multiple desktops and servers.
Isolation is one of the best methods to keep malware segregated from the main network. Always isolate the mail system from the companies data. Some network guys keep their mail on a different subnet from the rest of the business. Aside: On one client, I had her mail hosted on a server accessed via a RPD client connection after the fourth time she managed to get her station compromised and the problem disappeared.
My forte has been to protect a system before it can and does get compromised. You have a great understanding of how to protect a network or PC when to does get compromised. ;-)
Jim
----- Original Message -----
From: "John R Bartow" <jbartow at winhaven.net>
To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com>
Sent: Tuesday, March 15, 2016 9:41:56 AM
Subject: Re: [dba-Tech] Win 10 virus protection
Hi Tina,
Disclaimer: we're all very technical people on these lists so my discussion does reflect people that know what they're doing. ;-)
I haven't abandoned Vipre. After being sold/spun off for the third time in about 1/2 dozen years, I expected there may have been some staff drainage at Vipre HQ. But et, I've had no problems with it in my client base. But then I also don't rely on one program to secure my clients. (Layering is a must.) Vipre seems to be better than Bitdefender at blocking the annoying crapware add-ons like conduit based toolbars and such. But Bitdefender had a better solution for preventing ransomware and that is currently the most damaging exploit there is and is only getting worse. All it takes is to click on one email attachment that starts the process and a disaster begins. But even where I am replacing Vipre on PCs, if they have a server Vipre will stay on it. That's two AMs scanning the same files.
For instance I like to have Vipre and HitmanPro web alert. It seems to be very effective (either that or I have very smart clients) at blocking web born exploits. Also CryptoPrevent is a good product for small businesses to aid in resisting ransomware (and there is a free version.) It coexists nicely with the normal AM like Vipre or BitDefender. And for clients that have gateways with malware scanning support, it is usually Kaspersky or Sophos AM scanners.
No AMs can stop the latest exploits immediately, there's a reaction curve.
The problem is the users. Specifically users being duped into doing something they shouldn't. That is the #1 cause of problems and it's hard to get people to stop clicking on attachments, advertisements, fake update pop-ups etc. So, we try to block all of that stuff. For every solution there is a reaction from the bad guys and the circle continues. I insist on popup blockers in browsers - currently I install AdBlockPlus on all browsers because it is the only free solution I know of that works easily, and supports IE, FF and Chrome. (Most of my client base still have to use IE for some websites.)
Also mail filtering is SO important. Currently mail filters should remove any attachment with embedded javascript as that is the latest attack vector of ransomware exploits. And it needs to strip the, by now, run of the mill fake UPS or FedEx email with the infected attachments that have been duping people for decades.
But the biggest thing people need to have is disconnected backup. Sticking an external drive onto a PC, backing up to it every day and thinking that will save has been outmoded since the inception of ransomware, encrypting exploits. Anything they can get to now, they encrypt, including external devices, mapped and unmapped networks shares, DropBox/OneDrive/GoogleDrive/SugarSync synchronizations folders (and hence their cloud counterparts). Disconnected backup includes the old rotational backups and/or true cloud backup solutions.
Prevention is much less expensive than reactionary remediation.
I still get a lot of PCs to clean up for people that aren't my RMS clients.
They come in with all sorts of "security" programs installed and mostly ignored. Hence my attitude towards "free" security solutions. They're only free until I have to get the PC ;-)
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com
More information about the dba-Tech
mailing list