On-access AV scanning

Victor Sudakov vas at mpeks.tomsk.su
Sun Jul 29 16:36:07 UTC 2012

Polytropon wrote:
> Surely it would be better for the company that has _admitted_
> to have had more than one significant infection to do the
> simplest, most stupid and absolutely basic tasks:

Sorry for the offtopic, but from my experience, the risk of virus
infection on can be greatly reduced by two simple steps:

1. Users should not have administrative privileges on their systems.

2. A software restriction policy (SRP) should be configured which allows the
execution of files only from the %windir% and "Program Files". Such a
SRP is the Windows equivalent of "mount -o noexec" only it is more

As a user without administrative privileges has no possibility to put
files into the %windir% and "Program Files", and no code can run from
other places such as flash drives and browser downloads, these two
measures combined are very effective.

With these two simple measures, I was able to prevent virus infection
on Windows hosts with a very high risk (such as public computers in a
summer children's camp).

Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru

More information about the freebsd-questions mailing list