Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
COMODO Internet Security 10 BETA (Techie vs User)
Message
<blockquote data-quote="509322" data-source="post: 576157"><p>Despite the industry-wide best efforts, software cannot be made "fool-proof." There is one way that comes close outlined below.</p><p></p><p></p><p></p><p>I am not interested in any kind of debate. I am not promoting one product versus another. I am not promoting one protection model versus another. To each his own...</p><p></p><p>The purpose of this is just to point out how some enterprises have tackled the issue of unrestrained, unknowledgeable users and thereby protect their systems (almost completely).</p><p></p><p>Various enterprise case studies have shown that this methodology will invariably protect the system from being physically infected:</p><p></p><p>1. Start with a verified-clean baseline operating system</p><p>2. Install verified-clean desired softs</p><p>3. Install or configure software restriction policies and enable protections</p><p>4. Password protect the SRP and lock the user out so that they cannot disable protections and modify the baseline system configuration</p><p></p><p>In one case study, workstations were configured with obsolete versions of the most commonly exploited programs and OS built-in protections disabled. The SRP was configured as above and not modified for two years. The workstation users had tried to download and run all manner of stuff. The final review showed Poweliks, Kovter, Ursnif, PUAs\PUPs, malware, adware, riskware, malicious scripts, etc - none of which had been able to execute on the system. Exploits had succeeded, but the payloads had been blocked from execution. Encrypted malicious registry keys from file-less malware had been neutered.</p><p></p><p>With the above protection in-place, there was no impact on typical computing and productivity tasks such as online activities, working with PDFs, creating documents - including those with macros, video creation, etc.</p><p></p><p>In other words, the best option all the way around is to prevent any user decisions or actions from modifying the system.</p><p></p><p>It does not get any more simple than that.</p></blockquote><p></p>
[QUOTE="509322, post: 576157"] Despite the industry-wide best efforts, software cannot be made "fool-proof." There is one way that comes close outlined below. I am not interested in any kind of debate. I am not promoting one product versus another. I am not promoting one protection model versus another. To each his own... The purpose of this is just to point out how some enterprises have tackled the issue of unrestrained, unknowledgeable users and thereby protect their systems (almost completely). Various enterprise case studies have shown that this methodology will invariably protect the system from being physically infected: 1. Start with a verified-clean baseline operating system 2. Install verified-clean desired softs 3. Install or configure software restriction policies and enable protections 4. Password protect the SRP and lock the user out so that they cannot disable protections and modify the baseline system configuration In one case study, workstations were configured with obsolete versions of the most commonly exploited programs and OS built-in protections disabled. The SRP was configured as above and not modified for two years. The workstation users had tried to download and run all manner of stuff. The final review showed Poweliks, Kovter, Ursnif, PUAs\PUPs, malware, adware, riskware, malicious scripts, etc - none of which had been able to execute on the system. Exploits had succeeded, but the payloads had been blocked from execution. Encrypted malicious registry keys from file-less malware had been neutered. With the above protection in-place, there was no impact on typical computing and productivity tasks such as online activities, working with PDFs, creating documents - including those with macros, video creation, etc. In other words, the best option all the way around is to prevent any user decisions or actions from modifying the system. It does not get any more simple than that. [/QUOTE]
Insert quotes…
Verification
Post reply
Top