with half of the respondents citing the fact that it's "better than nothing" as their rationale for doing so.:o
The study was commissioned by CoreTrace, which produces security software that uses [b]whitelists[/b] to decide whether applications may be executed.
For zero day attacks in particular, two thirds of the administrators surveyed did not believe that standard anti-virus products helped to prevent attacks.That is straight up Comodo's alley; lemme see: Default deny, whitelisting, BO protection, Defense +
Around 40 per cent had thought about getting rid of their anti-virus protection, one reason being that it reduces system performance.Now, that is scary
However, 66 per cent had concerns about adding new applications for users, wanting the process to be as quick and simple as possible.They have a point. Make the Trusted Vendor list bigger I would say.....
According to the survey, 40 per cent of users were not aware of alternatives to blacklisting and signature-based approaches
43 per cent considered the absence of system scans when using a whitelisting approach, to be a positive factor.Here is a world to win for Comodo not only business wise speaking.....
Where I live and go to study they hire retards to setup the systems… F-Secure, just the antivirus is on every computer, I do have “almost” admin access to everything, and so does everyone else there. :-\ :-\
I sometimes feel the “urge” to lock out all the others from the “public” maps… but since I love my school…
However, I know the security has been tampered with on some computers, Ive seen hidden-files with names like blabla1931249.exe starting with some of the computers.
The three out of four who do not trust antiviruses is doing the right thing… Default deny is what they should apply on public computers… Anti viruses isn’t gonna work in the long run…
Setup a demo PC with CIS for you School’s admin, and show him that it will would still be clean after a week or 2.
Use proative security, and maybe disable the trusted venders list. ;D
Why? (supposing it was meant real-time anti-virus protection)
I understood 40% of the questioned would consider ditching the AV. I find performance not a good reason to ditch an AV. However much I like and support Default Deny and HIPS based solutions I think there should be layer of protection as well; the user makes mistakes whether we like it or not.
I can’t believe there is still that 25% who call themselves techies/sys admins who think AV works! Scary!
User can make mistakes indeed.
But in enterprise environment user should not be involved in interaction with HIPS software (my opinion). It is admin who should set up HIPS policies for all working applications, put HIPS into “silent mode” and make sure user has no access to HIPS configuration. Especially taking into account that enterprise environment is rather stable thing once workplaces were set up with all needed applications for particular tasks.
If done this way any malware would get blocked without user knowing about that.
This approach works for me with Defense+ in home “enironment”. And results persuaded me that real time AV solution may be excessive.
Of course on demand AV scanner may be indispensable solution (for sys admin).