On-access AV scanning
vas at mpeks.tomsk.su
Sun Jul 29 16:36:07 UTC 2012
> Surely it would be better for the company that has _admitted_
> to have had more than one significant infection to do the
> simplest, most stupid and absolutely basic tasks:
Sorry for the offtopic, but from my experience, the risk of virus
infection on can be greatly reduced by two simple steps:
1. Users should not have administrative privileges on their systems.
2. A software restriction policy (SRP) should be configured which allows the
execution of files only from the %windir% and "Program Files". Such a
SRP is the Windows equivalent of "mount -o noexec" only it is more
As a user without administrative privileges has no possibility to put
files into the %windir% and "Program Files", and no code can run from
other places such as flash drives and browser downloads, these two
measures combined are very effective.
With these two simple measures, I was able to prevent virus infection
on Windows hosts with a very high risk (such as public computers in a
summer children's camp).
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the freebsd-questions