Access "Schneier-Ranum Face-Off: Is antivirus dead?"
This article is part of the November 2009 issue of How to implement a change management that works and reduces security risks
Point: Marcus Ranum What amazes me is that it's 2009 and the security world's response to viruses and malware is still oriented toward "detect the bad" rather than "permit the good." And, consequently, we still have viruses and malware. To me, it just seems so gosh-darned obvious that our problem is that we have lost control over our runtime environment, and regaining that control is "simply" a matter of deciding what programs we want to allow to run. Of course, most organizations don't know (or haven't got the courage to discover) what programs they allow--and, ultimately, isn't that the root of their security problems? When I read the security news and hear that thus-and-such government agency is trying to decide if Facebook is a necessary application, it makes my head spin. In Marcus-land, where I come from, you decide what is a necessary application first, not after you have 40,000 employees who have gotten so used to it that they now think Twitter is a constitutionally protected right. Isn't a virus or malware just unauthorized execution that someone ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Messaging security risks have upper hand on solutions
Spam, phishing and infected attachments continue to plague messaging platforms, despite sophisticated protection. What's the answer?
-
Enterprises must treat Insider risk as they do external threats
Enterprises can no longer differentiate between insiders and external threats. That's such a 2003 paradigm.
-
Messaging security risks have upper hand on solutions
-
-
Metasploit Project acquisition ups ante for penetration testing market
Rapid7's acquisition of the Metasploit Project takes down one of the few remaining open source security projects. But expect a smooth transition; there have been many success stories and mistakes made to learn from.
-
Integrated change management reduces security risks
by Diana Kelley and Ed Moyle
Unmanaged changes to IT systems and networks can recklessly increase risk to enterprises. The key is rolling out an accepted change management process, and sticking to it.
-
Metasploit Project acquisition ups ante for penetration testing market
-
Columns
-
Time is now for pandemic flu planning
Safeguarding your organization against a H1N1 outbreak should be a top priority.
-
Schneier-Ranum Face-Off: Is antivirus dead?
Security experts Bruce Schneier and Marcus Ranum debate the longterm viability of antivirus software.
-
Standards compliance does not equal sound information security risk management
The checklist approach to security is easy, but the result is poor security.
-
Time is now for pandemic flu planning
More Premium Content Accessible For Free
Compliance and risk modeling
E-Zine
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...
Essentials: Threat detection
E-Zine
Antivirus and intrusion prevention aren’t the threat detection stalwarts they used to be. With mobile endpoints and new attack dynamics, enterprises ...
Managing identities in hybrid worlds
E-Zine
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based ...