Arg! The money spent the month before I stated here.
-
You haven't had to deal with it because we went through it. Doesn't change the fact that they can't be trusted. They just can't pull that stunt any more because we've been so vocal about it since.
-
@scottalanmiller said in Arg! The money spent the month before I stated here.:
I've brought it up a ton, every time someone mentions considering ESET.
I've never seen anything about, regardless of how often you brought it up. I guess I just haven't opened those threads and seen it.
But now I'm aware of what they did, and I do believe you.
-
So in this case, it's good that there is a gateway A/V since ESET 0%... good thing huh?
-
@tim_g said in Arg! The money spent the month before I stated here.:
So in this case, it's good that there is a gateway A/V since ESET 0%... good thing huh?
That's a contrived case, though. Just put on a reliable AV product. Maybe the UTM has the same issue.
-
@tim_g said in Arg! The money spent the month before I stated here.:
@scottalanmiller said in Arg! The money spent the month before I stated here.:
I've brought it up a ton, every time someone mentions considering ESET.
I've never seen anything about, regardless of how often you brought it up. I guess I just haven't opened those threads and seen it.
But now I'm aware of what they did, and I do believe you.
What's worse was that they provided no working contact information. Somewhere on SW you could track down a thread were we, and some others, believed that ESET went out of business as ALL of their available contact avenues dead ended. All of their available extensions pointed to each other and they had shut down their products. It was weeks that they were completely unreachable. They had pulled this extortion prank AND forgotten to ensure that they were even up and functioning with email or phones!
-
There's a bigass ESET place in central San Diego... you can see it when you are driving. I know they exist.
-
-
I hear everything you say about the gateway AV... but I've personally seen a lot of cases where the gateway AV had not been in place, the AV on the client did not detect or the lack of AV would not have detected.
-
I'm sure most places may not need it at all, but some environments may.. such as those with a number of devices that may not have AV (not theoretical, because there's some that don't) and some with outdated definitions.
I've seen a lot of AV clients that are running outdated definitions... they are broken and wont update.
There's a lot of places a gateway AV makes sense. Maybe by your technical definition it's not layered security... but in a lot of cases it's the only layer, in which it becomes important... even though you can argue AV should be on those devices.
There are also devices like iPads that won't have AV... if one obtains ransomware on there from the internet... a point is to not even allow the ransomware on the network... block it before it even gets to a device.
-
@tim_g said in Arg! The money spent the month before I stated here.:
I hear everything you say about the gateway AV... but I've personally seen a lot of cases where the gateway AV had not been in place, the AV on the client did not detect or the lack of AV would not have detected.
That can happen, of course. But this implies that better AV is being used in one place and a lesser one is being kept in the more important place. The takeaway shouldn't have been "good thing we had a UTM", it should have been "oh boy, we need better AV clients."
Also, just because I don't like UTM doesn't mean that I am universally against network access layer AV scanning. I just never want that in my firewall. UTM isn't the same as "scanning AV on the network". The issue that Jared and I have with UTM is where that function is placed.
-
@tim_g said in Arg! The money spent the month before I stated here.:
I'm sure most places may not need it at all, but some environments may.. such as those with a number of devices that may not have AV (not theoretical, because there's some that don't) and some with outdated definitions.
I've seen a lot of AV clients that are running outdated definitions... they are broken and wont update.
But the answer is... fix them. That makes the UTM a dangerous band aid... a false sense of security.
-
@tim_g said in Arg! The money spent the month before I stated here.:
There's a lot of places a gateway AV makes sense. Maybe by your technical definition it's not layered security... but in a lot of cases it's the only layer, in which it becomes important... even though you can argue AV should be on those devices.
Right. This is a contrived scenario. It's actually one of the reasons that I think that it is bad. One mistake leading to another, and the second one used to justify the first.
-
@scottalanmiller said in Arg! The money spent the month before I stated here.:
@tim_g said in Arg! The money spent the month before I stated here.:
How do you protect devices without A/V?
I feel like this is a trick question. It's one of those "what about this unnamed or unkown threat" that isn't a real world threat. We don't need to protect against things that don't exist. It sounds sensible... what if "X" happens, what will you do? But that's not how security works. Security you have to assess what are reasonable, realistic threats. AV isn't a broadly useful tool, it's useful in the Windows desktop world and the Mac world, but beyond that, it's not really a valuable thing. You don't need AV on your router, right? You don't need it on your switches.
But asking the question creates an emotional response. Oh no, no antivirus on your switches or access points? How will you protect yourself without a UTM?
Um... I protect myself by that not being a threat vector. There's nothing to protect against.
I was talking client devices, like computers and laptops.. and servers.
-
@tim_g said in Arg! The money spent the month before I stated here.:
@scottalanmiller said in Arg! The money spent the month before I stated here.:
@tim_g said in Arg! The money spent the month before I stated here.:
How do you protect devices without A/V?
I feel like this is a trick question. It's one of those "what about this unnamed or unkown threat" that isn't a real world threat. We don't need to protect against things that don't exist. It sounds sensible... what if "X" happens, what will you do? But that's not how security works. Security you have to assess what are reasonable, realistic threats. AV isn't a broadly useful tool, it's useful in the Windows desktop world and the Mac world, but beyond that, it's not really a valuable thing. You don't need AV on your router, right? You don't need it on your switches.
But asking the question creates an emotional response. Oh no, no antivirus on your switches or access points? How will you protect yourself without a UTM?
Um... I protect myself by that not being a threat vector. There's nothing to protect against.
I was talking client devices, like computers and laptops.. and servers.
Then don't deploy them without AV.
-
@scottalanmiller said in Arg! The money spent the month before I stated here.:
@tim_g said in Arg! The money spent the month before I stated here.:
@scottalanmiller said in Arg! The money spent the month before I stated here.:
@tim_g said in Arg! The money spent the month before I stated here.:
How do you protect devices without A/V?
I feel like this is a trick question. It's one of those "what about this unnamed or unkown threat" that isn't a real world threat. We don't need to protect against things that don't exist. It sounds sensible... what if "X" happens, what will you do? But that's not how security works. Security you have to assess what are reasonable, realistic threats. AV isn't a broadly useful tool, it's useful in the Windows desktop world and the Mac world, but beyond that, it's not really a valuable thing. You don't need AV on your router, right? You don't need it on your switches.
But asking the question creates an emotional response. Oh no, no antivirus on your switches or access points? How will you protect yourself without a UTM?
Um... I protect myself by that not being a threat vector. There's nothing to protect against.
I was talking client devices, like computers and laptops.. and servers.
Then don't deploy them without AV.
We don't.
They break, they get weird... they stop updating. They run Windows... crap happens.
People get the company WiFi password (not the guest wifi) and connect their phones and other devices to it without AV.
There's just a ton of things without AV... in your perfect world, i'm sure isn't the case. But in my world it's how thigns are and there isn't always something I can personally do about it.
I just don't want malware on the network. The SonicWALL has this stuff built in, and easily handels it without performance degradation... the only thing passing through it is internet... it's not like clients accessing the fileserver get slowed down because AV is running on the SonicWALL.
It's great to use if you have it.
It beats having a crappy box doing it. The SonicWALL handles it extremely well.
-
I don't want to be part of the reason the company gets ransomware because I wanted to say "I told you so" or to prove a point.
-
@tim_g said in Arg! The money spent the month before I stated here.:
I don't want to be part of the reason the company gets ransomware because I wanted to say "I told you so" or to prove a point.
It's not about proving a point. It's about factors like cost and social engineering (even when unintentional.) Companies with UTMs, I would wager, are vastly more likely to do things like have machines deployed without proper protections, AV break and not be fixed, patches not kept up with... because it creates a sense of security.
UTMs don't keep malware off of the network. In a perfect world they keep it from entering through one vector. But all those things that people are plugging in that you don't control - they have all bypassed the UTM and are the bigger threat. If having a UTM ever makes someone feel that they can have AV that isn't updated or a system that isn't matched because they feel that malware was kept off of the network - that's my whole point. I'd rather have the fear and the pressure to keep the network protected universally and not rely on LAN security, than to have LAN security feel good enough to maybe not worry about other things.
It's the human factor more than anything. If the UTM is secret and even management doesn't know... you could make a better case. But if people in decision making positions know about it, I bet it influences how they react to other risk vectors.
-
In a perfect world, of course a UTM might be a good thing. If the UTM never introduced risks, costs, people, or performance issues. But UTMs aren't universally good. At best, they always bring cost, at worst, they bring all of the above. It's a neat idea, but it isn't a pure win. It always comes with trade offs.
-
Yeah the trick is treating it as if you have not UTM. That's the case, but even so there's those things I mentioned before. So in my case it's beneficial because without the UTM, nothing would change no matter what I do.
-
@scottalanmiller said in Arg! The money spent the month before I stated here.:
It's not about proving a point. It's about factors like cost and social engineering (even when unintentional.) Companies with UTMs, I would wager, are vastly more likely to do things like have machines deployed without proper protections, AV break and not be fixed, patches not kept up with... because it creates a sense of security.
It's the other way. You are an airline or other company who doesn't control 80% of the code going into production...