[24571] in bugtraq
Re: On the ultimate futility of server-based mail scanning
daemon@ATHENA.MIT.EDU (David Kennedy CISSP)
Wed Mar 6 17:43:41 2002
Message-Id: <3.0.5.32.20020305231629.052f0cf0@pop.fuse.net>
Date: Tue, 05 Mar 2002 23:16:29 -0500
To: "David F. Skoll" <dfs@roaringpenguin.com>, bugtraq@securityfocus.com
From: David Kennedy CISSP <david.kennedy@acm.org>
In-Reply-To: <Pine.LNX.4.44.0203041700530.11204-100000@shishi.roaringpen
guin.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 05:07 PM 3/4/02 -0500, David F. Skoll wrote:
>Ultimately, the responsibility falls on the MUA and the end-user's OS
>vendor. We either put secure end-user software onto the desktop, or
>we admit defeat.
I understand the complaints, but I don't admit defeat nor will I reject as
futile a solution that's working. Server-based mail scanning has technical
limitations. So? If a server-based solution intercepts only 80% of the
inbound malicious code to an enterprise that still 80% less for the IS/IT
staff to worry about and 80% less for desktop scanners to catch or 80% less
for users to judge whether "new photos from my party" is a bad or good
thing. Certainly there are ways to attack the scanner and cause a denial
of service, as there are ways to bypass some scanners. The scanners must
keep up with the threats and so far most have. Server-based scanning
provides a chokepoint in today's environments that is far easier to
maintain than thousands of Microsoft desktops with wide variations of
client anti-virus "solutions."
Ultimately we live with the deployed systems we have, and their
limitations. I'm unaware of a solution available today that supports
management and user demands for "friendliness" and puts secure end-user
software on the desktop. Server-based scanning provides a solution *today*
that, while imperfect, is manageable and effective in stopping most of the
malicious code in the wild. "Most" is not "all," but it's a lot more than
"none."
--
Regards,
David Kennedy CISSP /"\
Director of Research Services, \ / ASCII Ribbon Campaign
TruSecure Corp. http://www.trusecure.com X Against HTML Mail
Protect what you connect; / \
Look both ways before crossing the Net.
