 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"Invisible" <voi### [at] dev null> wrote in message
news:47835028$1@news.povray.org...
> Yes. But if the updates only appear once every 24 hours, doing zillions
> of update checks per day is really quite futile.
Unless your update runs at 6am and a new version is added an hour later
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"scott" <sco### [at] laptopcom> wrote in message news:4783300a@news.povray.org...
> A virus can do a lot of damage to a company in 4 hours...
Especially if it gets on to your DC.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Gail Shaw wrote:
> "Invisible" <voi### [at] devnull> wrote in message
> news:47835028$1@news.povray.org...
>
>> Yes. But if the updates only appear once every 24 hours, doing zillions
>> of update checks per day is really quite futile.
>
> Unless your update runs at 6am and a new version is added an hour later
The cycle goes like this:
1. Destructive virus is released.
2. It takes 72 hours for any AV companies to even notice it exists, much
less obtain a useable sample for analysis.
3. It takes another 72 hours to analyse the virus and develop a virus
definition for it.
4. The new definition is deployed.
5. Our server downloads and applies the definition.
My point is, that's 144 hours between the virus being released and the
virus definition being released. An extra 24 hours before the server
picks up the new definition seems quite trivial by conparison. The virus
has already had plenty of time to wreck your entire network, long before
the AV vendor has anything to offer you...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"Invisible" <voi### [at] devnull> wrote in message
news:4783995b$1@news.povray.org...
> My point is, that's 144 hours between the virus being released and the
> virus definition being released. An extra 24 hours before the server
> picks up the new definition seems quite trivial by conparison. The virus
> has already had plenty of time to wreck your entire network, long before
> the AV vendor has anything to offer you...
Considering how nasty some viruses can be these days, why take the risk? 24
hours could be the difference between one machine has it and the entire
network has it. And you're not necessarily going to get infected the instant
the virus comes out.
Update checks are very quick. Why not do one an hour?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> My point is, that's 144 hours between the virus being released and the
>> virus definition being released. An extra 24 hours before the server
>> picks up the new definition seems quite trivial by conparison. The virus
>> has already had plenty of time to wreck your entire network, long before
>> the AV vendor has anything to offer you...
>
> Considering how nasty some viruses can be these days, why take the risk? 24
> hours could be the difference between one machine has it and the entire
> network has it. And you're not necessarily going to get infected the instant
> the virus comes out.
>
> Update checks are very quick. Why not do one an hour?
Well, hey, why not do one an minute? Or even better, once per second?
[Ooo... the thought of 50 machines all trying to hit the same server onc
per second over a 2 MB Internet link... that's not even funny.]
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"Invisible" <voi### [at] devnull> wrote in message
news:47839baf$1@news.povray.org...
> Well, hey, why not do one an minute? Or even better, once per second?
There is a point where it becomes stupid
> [Ooo... the thought of 50 machines all trying to hit the same server onc
> per second over a 2 MB Internet link... that's not even funny.]
Or one machine (server-type machine) hits the internet site and download the
definition. All the other machines retrieve the definition from the local
source.
Do all your machines get patches straight from the internet as well?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Well, hey, why not do one an minute? Or even better, once per second?
>
> There is a point where it becomes stupid
Agreed. So it becomes a question of where you [subjectively] percieve
that point to be.
Personally, I have always had it set to update once per day, since our
supplier only releases updates once per week and I want to be able to
control exactly when all the PCs on our network will slow to a crawl for
20 minutes. I don't actually know how frequently or not Trend Micro
release them...
>> [Ooo... the thought of 50 machines all trying to hit the same server onc
>> per second over a 2 MB Internet link... that's not even funny.]
>
> Or one machine (server-type machine) hits the internet site and download the
> definition. All the other machines retrieve the definition from the local
> source.
Indeed, this would be the optimal solution.
> Do all your machines get patches straight from the internet as well?
Currently yes. Hopefully that will be rectified eventually.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> The cycle goes like this:
>
> 1. Destructive virus is released.
>
> 2. It takes 72 hours for any AV companies to even notice it exists, much
> less obtain a useable sample for analysis.
>
> 3. It takes another 72 hours to analyse the virus and develop a virus
> definition for it.
>
> 4. The new definition is deployed.
>
> 5. Our server downloads and applies the definition.
>
> My point is, that's 144 hours between the virus being released and the
> virus definition being released. An extra 24 hours before the server picks
> up the new definition seems quite trivial by conparison. The virus has
> already had plenty of time to wreck your entire network, long before the
> AV vendor has anything to offer you...
Probably not, as I doubt the person who released the virus aimed it straight
at your network. Likely it took several days to build up worldwide before
it got into your network somehow.
> [Ooo... the thought of 50 machines all trying to hit the same server onc
> per second over a 2 MB Internet link... that's not even funny.]
Try having just one machine check and download the updates, then deal them
out to everyone on your network. That's how we do it here, as you say,
seems kinda stupid to have all your machines all downloading the same
software from the same place the whole time, especially with a limited
network link.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> My point is, that's 144 hours between the virus being released and the
>> virus definition being released. An extra 24 hours before the server
>> picks up the new definition seems quite trivial by conparison. The
>> virus has already had plenty of time to wreck your entire network,
>> long before the AV vendor has anything to offer you...
>
> Probably not, as I doubt the person who released the virus aimed it
> straight at your network. Likely it took several days to build up
> worldwide before it got into your network somehow.
Maybe you'll be unlucky. Most likely you won't. Either way, shaving 4
hours off the window of opportunity seems a little moot when the window
is theoretically hundreds of hours wide to start with, that's all.
>> [Ooo... the thought of 50 machines all trying to hit the same server
>> onc per second over a 2 MB Internet link... that's not even funny.]
>
> Try having just one machine check and download the updates, then deal
> them out to everyone on your network. That's how we do it here, as you
> say, seems kinda stupid to have all your machines all downloading the
> same software from the same place the whole time, especially with a
> limited network link.
Yes, our current solution does that, and hopefully the new software will
eventually be configured that way too. (It requires updating a server to
a newer version of Windows.)
As I said to Gail, our current AV solution tries to update once per day,
which is 7x more often than the actual update release frequency. Seems
fine to me. I don't know how often (if at all) our new provider releases
these things...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Gail Shaw nous apporta ses lumieres en ce 2008/01/08 10:57:
> "Invisible" <voi### [at] devnull> wrote in message
> news:47839baf$1@news.povray.org...
>
>> Well, hey, why not do one an minute? Or even better, once per second?
>
> There is a point where it becomes stupid
>
>> [Ooo... the thought of 50 machines all trying to hit the same server onc
>> per second over a 2 MB Internet link... that's not even funny.]
>
> Or one machine (server-type machine) hits the internet site and download the
> definition. All the other machines retrieve the definition from the local
> source.
>
> Do all your machines get patches straight from the internet as well?
>
>
Make that 50 servers from 50 corporations accessing your server every second or
so...
--
Alain
-------------------------------------------------
If That Phone Was Up Your Butt, Maybe You Could Drive A Little Better!
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
