I don't get it. If anti-virus isn't good enough for the detection of malware once it's installed, how is anti-virus going to be good enough on a gateway?
Why not detect and block ALL executable files unless from an known good source; Microsoft updates, Adobe, Intuit, etc. Then when your gateway reports that someone is trying to download a file, the "gatekeepers" can contact that user and see if it's something they really need. Nine times of out ten, they're going to either say "no" or "I wasn't trying to download a file".
If they weren't trying to download a file then you have a real good candidate for further investigation.
Why continue to rely on signatures when we all know the bad guys know how to evade them?
Why not stick to a policy of "only traffic that is absolutely necessary for the business"?
This strategy combined with Layer 7 identification of protocols can prevent and detect infection. No signatures to update, no anti-whatever to update. Just good sound security policies.
Latest security headlines from Network World:
Browser war redux, patch time, iPod news
Microsoft to release four critical patches
'It's the data, stupid' so you'd better vote to protect it
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
URL Filtering Gateways
While you have a good point in just not allowing exe file it just is that simple- who manages the known good sources? Who verifies that the known good sources havn't been compromised?
Drive by attacks can utilize java script, activeX, java applets so this just doesn't fall under the exe umbrella like it used to. A device that actually does packet inspection, can AV/malware/spyware scan, knows about compromised sites and can manage access is the direction that we all need to take.