From owner-freebsd-questions@FreeBSD.ORG Sun Jul 29 16:36:07 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9C247106566B for ; Sun, 29 Jul 2012 16:36:07 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (relay2.tomsk.ru [212.73.124.8]) by mx1.freebsd.org (Postfix) with ESMTP id 9B1B58FC12 for ; Sun, 29 Jul 2012 16:36:06 +0000 (UTC) X-Virus-Scanned: by clamd daemon 0.93.1 for FreeBSD at relay2.tomsk.ru Received: from admin.sibptus.tomsk.ru (account sudakov@sibptus.tomsk.ru [212.73.125.240] verified) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16) with ESMTPSA id 27915224 for freebsd-questions@freebsd.org; Sun, 29 Jul 2012 23:35:58 +0700 Received: from admin.sibptus.tomsk.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.tomsk.ru (8.14.5/8.14.5) with ESMTP id q6TGZvIH023248 for ; Sun, 29 Jul 2012 23:35:58 +0700 (NOVT) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.tomsk.ru (8.14.5/8.14.5/Submit) id q6TGZvjW023247 for freebsd-questions@freebsd.org; Sun, 29 Jul 2012 23:35:57 +0700 (NOVT) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.tomsk.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Sun, 29 Jul 2012 23:35:57 +0700 From: Victor Sudakov To: freebsd-questions@freebsd.org Message-ID: <20120729163557.GA23103@admin.sibptus.tomsk.ru> References: <20120727104308.GA4834@catflap.slightlystrange.org> <20120727204732.c143bc3d.freebsd@edvax.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120727204732.c143bc3d.freebsd@edvax.de> Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.livejournal.com/pubkey.bml?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: On-access AV scanning X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jul 2012 16:36:07 -0000 Polytropon wrote: > Surely it would be better for the company that has _admitted_ > to have had more than one significant infection to do the > simplest, most stupid and absolutely basic tasks: Sorry for the offtopic, but from my experience, the risk of virus infection on can be greatly reduced by two simple steps: 1. Users should not have administrative privileges on their systems. 2. A software restriction policy (SRP) should be configured which allows the execution of files only from the %windir% and "Program Files". Such a SRP is the Windows equivalent of "mount -o noexec" only it is more versatile. As a user without administrative privileges has no possibility to put files into the %windir% and "Program Files", and no code can run from other places such as flash drives and browser downloads, these two measures combined are very effective. With these two simple measures, I was able to prevent virus infection on Windows hosts with a very high risk (such as public computers in a summer children's camp). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@sibptus.tomsk.ru