|
|
> The cycle goes like this:
>
> 1. Destructive virus is released.
>
> 2. It takes 72 hours for any AV companies to even notice it exists, much
> less obtain a useable sample for analysis.
>
> 3. It takes another 72 hours to analyse the virus and develop a virus
> definition for it.
>
> 4. The new definition is deployed.
>
> 5. Our server downloads and applies the definition.
>
> My point is, that's 144 hours between the virus being released and the
> virus definition being released. An extra 24 hours before the server picks
> up the new definition seems quite trivial by conparison. The virus has
> already had plenty of time to wreck your entire network, long before the
> AV vendor has anything to offer you...
Probably not, as I doubt the person who released the virus aimed it straight
at your network. Likely it took several days to build up worldwide before
it got into your network somehow.
> [Ooo... the thought of 50 machines all trying to hit the same server onc
> per second over a 2 MB Internet link... that's not even funny.]
Try having just one machine check and download the updates, then deal them
out to everyone on your network. That's how we do it here, as you say,
seems kinda stupid to have all your machines all downloading the same
software from the same place the whole time, especially with a limited
network link.
Post a reply to this message
|
|