<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_03_22_1232234</id>
	<title>How To Avoid a Botnet Infection?</title>
	<author>CmdrTaco</author>
	<datestamp>1269262260000</datestamp>
	<htmltext>Taco Cowboy writes <i>"Two of the networks in the company I work for have been zombified by different botnets. They are taken off the grid as we speak. We thought we had taken precautions against infection, such as firewall and anti-viral programs, but for some reasons we have failed. Is there any list of precautionary steps available?"</i>  I'd suggest port blocking 80 for any computer that is detected running a web browser, but that might prevent some percentage of legitimate work.</htmltext>
<tokenext>Taco Cowboy writes " Two of the networks in the company I work for have been zombified by different botnets .
They are taken off the grid as we speak .
We thought we had taken precautions against infection , such as firewall and anti-viral programs , but for some reasons we have failed .
Is there any list of precautionary steps available ?
" I 'd suggest port blocking 80 for any computer that is detected running a web browser , but that might prevent some percentage of legitimate work .</tokentext>
<sentencetext>Taco Cowboy writes "Two of the networks in the company I work for have been zombified by different botnets.
They are taken off the grid as we speak.
We thought we had taken precautions against infection, such as firewall and anti-viral programs, but for some reasons we have failed.
Is there any list of precautionary steps available?
"  I'd suggest port blocking 80 for any computer that is detected running a web browser, but that might prevent some percentage of legitimate work.</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566522</id>
	<title>Re:In an ideal world...</title>
	<author>Anonymous</author>
	<datestamp>1269268020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>We have to take a step back and understand what the various piece of technology do in the environment.  Firewalls traditionally protect layers 3-4 and antivirus usually protect layer 6/7.  That leaves a gap of 5-6 that is unprotected.  You also factor in the user aspect of it and you have a big hole in your security.  There are products out there that try to fill the gaps like firewalls that try to cover layers 3-6 (Forinet and Palo Alto) and niche technology solutions the cover layer 5-7 (Juniper UAC, MS UAC, Cisco CSA or NAC) but the bottom line is that there is no one silver bullet that will do it all and guarantee complete coverage.  There needs to be a concerted effort on the part of the IT organization and buy in from management to implement the restrictions and safeguards necessary to secure the environment.  Users won't like it for the short turn but that will easily be made up in the log term as downtime is reduced.</p></htmltext>
<tokenext>We have to take a step back and understand what the various piece of technology do in the environment .
Firewalls traditionally protect layers 3-4 and antivirus usually protect layer 6/7 .
That leaves a gap of 5-6 that is unprotected .
You also factor in the user aspect of it and you have a big hole in your security .
There are products out there that try to fill the gaps like firewalls that try to cover layers 3-6 ( Forinet and Palo Alto ) and niche technology solutions the cover layer 5-7 ( Juniper UAC , MS UAC , Cisco CSA or NAC ) but the bottom line is that there is no one silver bullet that will do it all and guarantee complete coverage .
There needs to be a concerted effort on the part of the IT organization and buy in from management to implement the restrictions and safeguards necessary to secure the environment .
Users wo n't like it for the short turn but that will easily be made up in the log term as downtime is reduced .</tokentext>
<sentencetext>We have to take a step back and understand what the various piece of technology do in the environment.
Firewalls traditionally protect layers 3-4 and antivirus usually protect layer 6/7.
That leaves a gap of 5-6 that is unprotected.
You also factor in the user aspect of it and you have a big hole in your security.
There are products out there that try to fill the gaps like firewalls that try to cover layers 3-6 (Forinet and Palo Alto) and niche technology solutions the cover layer 5-7 (Juniper UAC, MS UAC, Cisco CSA or NAC) but the bottom line is that there is no one silver bullet that will do it all and guarantee complete coverage.
There needs to be a concerted effort on the part of the IT organization and buy in from management to implement the restrictions and safeguards necessary to secure the environment.
Users won't like it for the short turn but that will easily be made up in the log term as downtime is reduced.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566084</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566942</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>Anonymous</author>
	<datestamp>1269269100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I enjoy bashing Microsoft - but I have been led to believe that they have fixed that little problem.  In the days of Win98, my kid asked me to install a game for him.  Soon after installing it, he told me that he needed admin privileges just to run the stupid game.</p><p>I can't really verify it, but I've been told repeatedly that doesn't happen in Vista and Win7.  I do know that while I was testing Win7, everything that I installed ran fine in limited user accounts.</p></htmltext>
<tokenext>I enjoy bashing Microsoft - but I have been led to believe that they have fixed that little problem .
In the days of Win98 , my kid asked me to install a game for him .
Soon after installing it , he told me that he needed admin privileges just to run the stupid game.I ca n't really verify it , but I 've been told repeatedly that does n't happen in Vista and Win7 .
I do know that while I was testing Win7 , everything that I installed ran fine in limited user accounts .</tokentext>
<sentencetext>I enjoy bashing Microsoft - but I have been led to believe that they have fixed that little problem.
In the days of Win98, my kid asked me to install a game for him.
Soon after installing it, he told me that he needed admin privileges just to run the stupid game.I can't really verify it, but I've been told repeatedly that doesn't happen in Vista and Win7.
I do know that while I was testing Win7, everything that I installed ran fine in limited user accounts.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566148</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566888</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>Anonymous</author>
	<datestamp>1269268920000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>A coder with no knowledge of security? Isn't that how we end up with such problems in the first place?</p></htmltext>
<tokenext>A coder with no knowledge of security ?
Is n't that how we end up with such problems in the first place ?</tokentext>
<sentencetext>A coder with no knowledge of security?
Isn't that how we end up with such problems in the first place?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566546</id>
	<title>Re:I hope Taco doesn't work in IT</title>
	<author>Anonymous</author>
	<datestamp>1269268080000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>You missed the vast, vast, vast majority of the joke.</p></htmltext>
<tokenext>You missed the vast , vast , vast majority of the joke .</tokentext>
<sentencetext>You missed the vast, vast, vast majority of the joke.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568484</id>
	<title>Re:I hope Taco doesn't work in IT</title>
	<author>jep77</author>
	<datestamp>1269273060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You didn't feel the breeze? Your hair sure got messed up when that whooshed by you.</p><p>I've found something even more effective than blocking port 80 and 443 on browser equipped machines. Unplugging and placing the computer in its original packaging and using it as a chair or an end table is nearly fool proof. Issue pencils and paper to all workers. Computer security problem solved.</p></htmltext>
<tokenext>You did n't feel the breeze ?
Your hair sure got messed up when that whooshed by you.I 've found something even more effective than blocking port 80 and 443 on browser equipped machines .
Unplugging and placing the computer in its original packaging and using it as a chair or an end table is nearly fool proof .
Issue pencils and paper to all workers .
Computer security problem solved .</tokentext>
<sentencetext>You didn't feel the breeze?
Your hair sure got messed up when that whooshed by you.I've found something even more effective than blocking port 80 and 443 on browser equipped machines.
Unplugging and placing the computer in its original packaging and using it as a chair or an end table is nearly fool proof.
Issue pencils and paper to all workers.
Computer security problem solved.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571052</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>Anonymous</author>
	<datestamp>1269280740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>&gt; In the days of Win98, my kid asked me to install a game for him. Soon after installing it, he told me that he needed admin privileges just to run the stupid game</p><p>Not quite.  Windows 98 was completely unsecured - any user had full rights over the entire box.  Windows NT had the limited user security model (albeit flawed) which was refined with Windows 2000.  Windows XP was the major introduction of limited user accounts to domestic users, and thus a large number of applications that had hitherto expected to be able to write anywhere to the machine got broken.</p><p>Windows Vista / 7 use shimming (basically a redirect) to try and trap system calls and route them to the user's hive where appropriate.  I'm not keen on this as an alternative to getting developers to write code that is happy running in an LUA, but in some circumstances this is not possible.</p></htmltext>
<tokenext>&gt; In the days of Win98 , my kid asked me to install a game for him .
Soon after installing it , he told me that he needed admin privileges just to run the stupid gameNot quite .
Windows 98 was completely unsecured - any user had full rights over the entire box .
Windows NT had the limited user security model ( albeit flawed ) which was refined with Windows 2000 .
Windows XP was the major introduction of limited user accounts to domestic users , and thus a large number of applications that had hitherto expected to be able to write anywhere to the machine got broken.Windows Vista / 7 use shimming ( basically a redirect ) to try and trap system calls and route them to the user 's hive where appropriate .
I 'm not keen on this as an alternative to getting developers to write code that is happy running in an LUA , but in some circumstances this is not possible .</tokentext>
<sentencetext>&gt; In the days of Win98, my kid asked me to install a game for him.
Soon after installing it, he told me that he needed admin privileges just to run the stupid gameNot quite.
Windows 98 was completely unsecured - any user had full rights over the entire box.
Windows NT had the limited user security model (albeit flawed) which was refined with Windows 2000.
Windows XP was the major introduction of limited user accounts to domestic users, and thus a large number of applications that had hitherto expected to be able to write anywhere to the machine got broken.Windows Vista / 7 use shimming (basically a redirect) to try and trap system calls and route them to the user's hive where appropriate.
I'm not keen on this as an alternative to getting developers to write code that is happy running in an LUA, but in some circumstances this is not possible.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566942</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569092</id>
	<title>Don't let your users run as Administrator</title>
	<author>Anonymous</author>
	<datestamp>1269274560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This is the most reliable way to avoid malware problems with Windows.</p><p>It certainly won't solve everything. But non-administrators can only bork their own profile; not the whole system.</p><p>Not letting users run as admin is the one security step you can take that will have the largest impact on improving computer security in any organization.</p></htmltext>
<tokenext>This is the most reliable way to avoid malware problems with Windows.It certainly wo n't solve everything .
But non-administrators can only bork their own profile ; not the whole system.Not letting users run as admin is the one security step you can take that will have the largest impact on improving computer security in any organization .</tokentext>
<sentencetext>This is the most reliable way to avoid malware problems with Windows.It certainly won't solve everything.
But non-administrators can only bork their own profile; not the whole system.Not letting users run as admin is the one security step you can take that will have the largest impact on improving computer security in any organization.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31573164</id>
	<title>enteprrise solutions</title>
	<author>Anonymous</author>
	<datestamp>1269287160000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Predictable a lot of slashdotters have just gone with the knee-jerk "install Linux" response. Over here in the real world here are some solutions I've done/seen in enterprise environments.</p><p>network level<br>1 - block all outgoing network traffic from the internal network. You can have a proxy server for web access.<br>2 - The proxy server can also be a content filter (IE bluecoat)<br>3 - Block all outgoing connections from the DMZ</p><p>physical controls<br>1 - don't allow USB drives. If they're needed, use something like pointsec to only allow company owned USB sticks on, which can then be encrypted and password protected. The result is that only company USB systems can use the company USB drives, and there's a much lower risk of outside data getting on (or off).<br>2 - don't allow CD/DVD drives. See above.</p><p>OS controls<br>1 - use Software restriction policies. (To be called Applocker in Windows 7). This is essentially whitelisting/blacklisting at the app level. If you say that only a specific group of apps can be run, then no other program will be able to execute.<br>2 - turn on Data Execution Prevention. (Google if you don't know how - it's simple and can be done through a GPO).</p><p>Email<br>1 - do antivirus scanning on email.<br>2 - block outside webmail sites people may be using (also check the corporate policies on this while your at it. What are people doing using gmail on company time anyway?)</p><p>Other<br>1 - block social networking sites (myspace, facebook, etc.)</p></htmltext>
<tokenext>Predictable a lot of slashdotters have just gone with the knee-jerk " install Linux " response .
Over here in the real world here are some solutions I 've done/seen in enterprise environments.network level1 - block all outgoing network traffic from the internal network .
You can have a proxy server for web access.2 - The proxy server can also be a content filter ( IE bluecoat ) 3 - Block all outgoing connections from the DMZphysical controls1 - do n't allow USB drives .
If they 're needed , use something like pointsec to only allow company owned USB sticks on , which can then be encrypted and password protected .
The result is that only company USB systems can use the company USB drives , and there 's a much lower risk of outside data getting on ( or off ) .2 - do n't allow CD/DVD drives .
See above.OS controls1 - use Software restriction policies .
( To be called Applocker in Windows 7 ) .
This is essentially whitelisting/blacklisting at the app level .
If you say that only a specific group of apps can be run , then no other program will be able to execute.2 - turn on Data Execution Prevention .
( Google if you do n't know how - it 's simple and can be done through a GPO ) .Email1 - do antivirus scanning on email.2 - block outside webmail sites people may be using ( also check the corporate policies on this while your at it .
What are people doing using gmail on company time anyway ?
) Other1 - block social networking sites ( myspace , facebook , etc .
)</tokentext>
<sentencetext>Predictable a lot of slashdotters have just gone with the knee-jerk "install Linux" response.
Over here in the real world here are some solutions I've done/seen in enterprise environments.network level1 - block all outgoing network traffic from the internal network.
You can have a proxy server for web access.2 - The proxy server can also be a content filter (IE bluecoat)3 - Block all outgoing connections from the DMZphysical controls1 - don't allow USB drives.
If they're needed, use something like pointsec to only allow company owned USB sticks on, which can then be encrypted and password protected.
The result is that only company USB systems can use the company USB drives, and there's a much lower risk of outside data getting on (or off).2 - don't allow CD/DVD drives.
See above.OS controls1 - use Software restriction policies.
(To be called Applocker in Windows 7).
This is essentially whitelisting/blacklisting at the app level.
If you say that only a specific group of apps can be run, then no other program will be able to execute.2 - turn on Data Execution Prevention.
(Google if you don't know how - it's simple and can be done through a GPO).Email1 - do antivirus scanning on email.2 - block outside webmail sites people may be using (also check the corporate policies on this while your at it.
What are people doing using gmail on company time anyway?
)Other1 - block social networking sites (myspace, facebook, etc.
)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571504</id>
	<title>Re:Yeah...</title>
	<author>raddan</author>
	<datestamp>1269281940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I think they said "too obscure".  I know, it sounds the same.</htmltext>
<tokenext>I think they said " too obscure " .
I know , it sounds the same .</tokentext>
<sentencetext>I think they said "too obscure".
I know, it sounds the same.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568318</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575100</id>
	<title>Re:Yeah...</title>
	<author>Ephemeriis</author>
	<datestamp>1269251160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Competent users maybe?</p></div><p>You can't blame everything on the users.</p><p>A well-designed system is going to mitigate the effects of stupid users.</p><p>If I plug in some faulty equipment in my office I'm likely going to trip a breaker...  My office might go dark - hell the entire floor might go dark.  But, unless the electrical guys have done a spectacularly bad job, I'm probably not going to burn down the building.</p><p>Similarly, doing something stupid on my workstation should not bring down the entire building.</p><p>It might kill my workstation...  It might get my particular workgroup/subnet/segment/whatever shut down...  But it should not take out the entire network.</p></div>
	</htmltext>
<tokenext>Competent users maybe ? You ca n't blame everything on the users.A well-designed system is going to mitigate the effects of stupid users.If I plug in some faulty equipment in my office I 'm likely going to trip a breaker... My office might go dark - hell the entire floor might go dark .
But , unless the electrical guys have done a spectacularly bad job , I 'm probably not going to burn down the building.Similarly , doing something stupid on my workstation should not bring down the entire building.It might kill my workstation... It might get my particular workgroup/subnet/segment/whatever shut down... But it should not take out the entire network .</tokentext>
<sentencetext>Competent users maybe?You can't blame everything on the users.A well-designed system is going to mitigate the effects of stupid users.If I plug in some faulty equipment in my office I'm likely going to trip a breaker...  My office might go dark - hell the entire floor might go dark.
But, unless the electrical guys have done a spectacularly bad job, I'm probably not going to burn down the building.Similarly, doing something stupid on my workstation should not bring down the entire building.It might kill my workstation...  It might get my particular workgroup/subnet/segment/whatever shut down...  But it should not take out the entire network.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565962</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567134</id>
	<title>How is Botnet formed ?</title>
	<author>Anonymous</author>
	<datestamp>1269269640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>How is Botnet formed ?<br>How computer get infected ?</p><p>There should be a way to instain hacker who infected computer because<br>computer cant fright back.<br>I read from a sysadm in AR who lost their computer to botnet.</p></htmltext>
<tokenext>How is Botnet formed ? How computer get infected ? There should be a way to instain hacker who infected computer becausecomputer cant fright back.I read from a sysadm in AR who lost their computer to botnet .</tokentext>
<sentencetext>How is Botnet formed ?How computer get infected ?There should be a way to instain hacker who infected computer becausecomputer cant fright back.I read from a sysadm in AR who lost their computer to botnet.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566348</id>
	<title>Re:block some email attachments and facebook</title>
	<author>Anonymous</author>
	<datestamp>1269267540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>No need to block Facebook, it's restrictive enough about its HTML that it shouldn't be able to infect anyone's machine unless someone clicks on a rogue link that someone posts, but that can happen anywhere.  May as well block the whole web.</p><p>Virus-scanning of email attachments along with aggressive blocking of email attachments (we are instructed to rename<nobr> <wbr></nobr>.zip files to another extension, and tell the recipient to rename it back - it prevents people from auto-clicking something accidentally, they MUST save it and rename it to open it.) will help a lot.</p><p>Also, to the OP - were these local-machine firewalls, or a firewall at the edge of the company's network?  Lots of malware explicitly targets local-machine firewalls and attacks them first.  Attacking a firewall at the network edge on a remote machine is a LOT harder.</p><p>Blocking port 80 is silly.  Too many people use that for legitimate work nowadays.  Blocking SMTP, on the other hand, is VERY smart.  In fact, you may want to explicitly set up your firewall at the network edge to block EVERYTHING, and force all clients to use a proxy server to access the outside world.  (Actually, this is effectively blocking port 80 while still allowing people to access the web.)  You can then potentially configure the proxy to block "known dangerous" sites.  Where I work we have a system that has three high-level classifications:<br>1)  Blocked due to being dangerous, porn, etc.<br>2)  Categorized and known to be safe<br>3)  Uncategorized and unknown - blocked with an option to manually override by the user using an RSA SecurID fob.  (i.e. no bot is ever going to authenticate for the override, even if it is smart enough to try.)</p></htmltext>
<tokenext>No need to block Facebook , it 's restrictive enough about its HTML that it should n't be able to infect anyone 's machine unless someone clicks on a rogue link that someone posts , but that can happen anywhere .
May as well block the whole web.Virus-scanning of email attachments along with aggressive blocking of email attachments ( we are instructed to rename .zip files to another extension , and tell the recipient to rename it back - it prevents people from auto-clicking something accidentally , they MUST save it and rename it to open it .
) will help a lot.Also , to the OP - were these local-machine firewalls , or a firewall at the edge of the company 's network ?
Lots of malware explicitly targets local-machine firewalls and attacks them first .
Attacking a firewall at the network edge on a remote machine is a LOT harder.Blocking port 80 is silly .
Too many people use that for legitimate work nowadays .
Blocking SMTP , on the other hand , is VERY smart .
In fact , you may want to explicitly set up your firewall at the network edge to block EVERYTHING , and force all clients to use a proxy server to access the outside world .
( Actually , this is effectively blocking port 80 while still allowing people to access the web .
) You can then potentially configure the proxy to block " known dangerous " sites .
Where I work we have a system that has three high-level classifications : 1 ) Blocked due to being dangerous , porn , etc.2 ) Categorized and known to be safe3 ) Uncategorized and unknown - blocked with an option to manually override by the user using an RSA SecurID fob .
( i.e. no bot is ever going to authenticate for the override , even if it is smart enough to try .
)</tokentext>
<sentencetext>No need to block Facebook, it's restrictive enough about its HTML that it shouldn't be able to infect anyone's machine unless someone clicks on a rogue link that someone posts, but that can happen anywhere.
May as well block the whole web.Virus-scanning of email attachments along with aggressive blocking of email attachments (we are instructed to rename .zip files to another extension, and tell the recipient to rename it back - it prevents people from auto-clicking something accidentally, they MUST save it and rename it to open it.
) will help a lot.Also, to the OP - were these local-machine firewalls, or a firewall at the edge of the company's network?
Lots of malware explicitly targets local-machine firewalls and attacks them first.
Attacking a firewall at the network edge on a remote machine is a LOT harder.Blocking port 80 is silly.
Too many people use that for legitimate work nowadays.
Blocking SMTP, on the other hand, is VERY smart.
In fact, you may want to explicitly set up your firewall at the network edge to block EVERYTHING, and force all clients to use a proxy server to access the outside world.
(Actually, this is effectively blocking port 80 while still allowing people to access the web.
)  You can then potentially configure the proxy to block "known dangerous" sites.
Where I work we have a system that has three high-level classifications:1)  Blocked due to being dangerous, porn, etc.2)  Categorized and known to be safe3)  Uncategorized and unknown - blocked with an option to manually override by the user using an RSA SecurID fob.
(i.e. no bot is ever going to authenticate for the override, even if it is smart enough to try.
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566048</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31572552</id>
	<title>Shoot the laptops</title>
	<author>DrVomact</author>
	<datestamp>1269284940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I used to work for a company whose anonymity I'll protect by giving only its initials&mdash;HP. It was a few years back, but a couple of viruses (I think it was Code Red and Nimda) took down the entire freaking corporate network for a total of at least two weeks. They'd get it fixed, then it would go down again; it was a big game of whack-a-mole. The principal cause was eventually determined to be laptops. IT had no policy to prevent users from taking their laptops home or traveling and connecting to insecure networks, doing stupid things, and then simply bringing them to work and plugging them into the corporate network. That couldn't possibly be the case in your organization, could it?</p><p>
When I take my laptop traveling, I image it before I leave home, then when I return I take any files I need off via a thumb drive, and plunk the old image over the disk. That's for my <em>personal</em> laptop. </p></htmltext>
<tokenext>I used to work for a company whose anonymity I 'll protect by giving only its initials    HP .
It was a few years back , but a couple of viruses ( I think it was Code Red and Nimda ) took down the entire freaking corporate network for a total of at least two weeks .
They 'd get it fixed , then it would go down again ; it was a big game of whack-a-mole .
The principal cause was eventually determined to be laptops .
IT had no policy to prevent users from taking their laptops home or traveling and connecting to insecure networks , doing stupid things , and then simply bringing them to work and plugging them into the corporate network .
That could n't possibly be the case in your organization , could it ?
When I take my laptop traveling , I image it before I leave home , then when I return I take any files I need off via a thumb drive , and plunk the old image over the disk .
That 's for my personal laptop .</tokentext>
<sentencetext>I used to work for a company whose anonymity I'll protect by giving only its initials—HP.
It was a few years back, but a couple of viruses (I think it was Code Red and Nimda) took down the entire freaking corporate network for a total of at least two weeks.
They'd get it fixed, then it would go down again; it was a big game of whack-a-mole.
The principal cause was eventually determined to be laptops.
IT had no policy to prevent users from taking their laptops home or traveling and connecting to insecure networks, doing stupid things, and then simply bringing them to work and plugging them into the corporate network.
That couldn't possibly be the case in your organization, could it?
When I take my laptop traveling, I image it before I leave home, then when I return I take any files I need off via a thumb drive, and plunk the old image over the disk.
That's for my personal laptop. </sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567234</id>
	<title>Make a star topology and secure the center</title>
	<author>WetCat</author>
	<datestamp>1269269880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Make a star topology off the ethernet (for example by mandating pptp to central server for web access).<br>Monitor IP connections there.<br>Put a filtering proxy po<br>Do not allow IP view from one workstation to other. No workstation should see each other on IP. Each one should see only the server.</p></htmltext>
<tokenext>Make a star topology off the ethernet ( for example by mandating pptp to central server for web access ) .Monitor IP connections there.Put a filtering proxy poDo not allow IP view from one workstation to other .
No workstation should see each other on IP .
Each one should see only the server .</tokentext>
<sentencetext>Make a star topology off the ethernet (for example by mandating pptp to central server for web access).Monitor IP connections there.Put a filtering proxy poDo not allow IP view from one workstation to other.
No workstation should see each other on IP.
Each one should see only the server.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31573012</id>
	<title>SRP ... free as in beer</title>
	<author>Anonymous</author>
	<datestamp>1269286740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>One thing that is quite effective is Microsoft's built-in software restriction policies, however implementing this on a default block, white-list known good process requires a fair amount of knowledge of what EXACTLY runs on your network as a business application.  More info here http://technet.microsoft.com/en-us/library/bb457006.aspx.</p></htmltext>
<tokenext>One thing that is quite effective is Microsoft 's built-in software restriction policies , however implementing this on a default block , white-list known good process requires a fair amount of knowledge of what EXACTLY runs on your network as a business application .
More info here http : //technet.microsoft.com/en-us/library/bb457006.aspx .</tokentext>
<sentencetext>One thing that is quite effective is Microsoft's built-in software restriction policies, however implementing this on a default block, white-list known good process requires a fair amount of knowledge of what EXACTLY runs on your network as a business application.
More info here http://technet.microsoft.com/en-us/library/bb457006.aspx.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567084</id>
	<title>Nuke your boxen regularly</title>
	<author>Bearhouse</author>
	<datestamp>1269269520000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>In addition to the sound advice already give above, I'd suggest also regularly just re-installing everything.<br>This sounds scary, but actually has a lot of benefits:<br>1. It forces you to get good at configuration management and massive deployment<br>2. You can schedule and apply security &amp; application updates in one hit, hence avoiding cross- or retro-infection, and also ensuring that patches really are applied<br>3. It forces users to take responsibility for data backup &amp; restore, (or at least makes sure you get your centralised system working reliably and transparently<br>4. All the crap that people install 'by accident' but then never use vanishes, and the security holes with them)<br>5. A lot of miscellaneous error reports will also vanish, as stuff that people had broken is reset, (slow PCs, random hangs, network glitches...)</p><p>It sounds like a lot of work, but since I've never found any security produce that detects, and then reliably removes, 100\% of all known nasties, it's actually the only way to be sure your systems are 100\% clean, (albeit probably only briefly).  You'll also, ultimately, spend less time.  NEVER waste time trying to disinfect a machine - reinstall...</p></htmltext>
<tokenext>In addition to the sound advice already give above , I 'd suggest also regularly just re-installing everything.This sounds scary , but actually has a lot of benefits : 1 .
It forces you to get good at configuration management and massive deployment2 .
You can schedule and apply security &amp; application updates in one hit , hence avoiding cross- or retro-infection , and also ensuring that patches really are applied3 .
It forces users to take responsibility for data backup &amp; restore , ( or at least makes sure you get your centralised system working reliably and transparently4 .
All the crap that people install 'by accident ' but then never use vanishes , and the security holes with them ) 5 .
A lot of miscellaneous error reports will also vanish , as stuff that people had broken is reset , ( slow PCs , random hangs , network glitches... ) It sounds like a lot of work , but since I 've never found any security produce that detects , and then reliably removes , 100 \ % of all known nasties , it 's actually the only way to be sure your systems are 100 \ % clean , ( albeit probably only briefly ) .
You 'll also , ultimately , spend less time .
NEVER waste time trying to disinfect a machine - reinstall.. .</tokentext>
<sentencetext>In addition to the sound advice already give above, I'd suggest also regularly just re-installing everything.This sounds scary, but actually has a lot of benefits:1.
It forces you to get good at configuration management and massive deployment2.
You can schedule and apply security &amp; application updates in one hit, hence avoiding cross- or retro-infection, and also ensuring that patches really are applied3.
It forces users to take responsibility for data backup &amp; restore, (or at least makes sure you get your centralised system working reliably and transparently4.
All the crap that people install 'by accident' but then never use vanishes, and the security holes with them)5.
A lot of miscellaneous error reports will also vanish, as stuff that people had broken is reset, (slow PCs, random hangs, network glitches...)It sounds like a lot of work, but since I've never found any security produce that detects, and then reliably removes, 100\% of all known nasties, it's actually the only way to be sure your systems are 100\% clean, (albeit probably only briefly).
You'll also, ultimately, spend less time.
NEVER waste time trying to disinfect a machine - reinstall...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566560</id>
	<title>Re:I hope Taco doesn't work in IT</title>
	<author>IBBoard</author>
	<datestamp>1269268080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Made sense to me - although I'm not sure how it'd be done. If a computer runs a web <i>browser</i> then 99\%+ of the time it won't need to run a web <i>server</i>, so blocking inbound requests on port 80 would stop it being used as a server. I assume that's important and that it is indicative of zombies, but I could be trusting Taco too much there!</p></htmltext>
<tokenext>Made sense to me - although I 'm not sure how it 'd be done .
If a computer runs a web browser then 99 \ % + of the time it wo n't need to run a web server , so blocking inbound requests on port 80 would stop it being used as a server .
I assume that 's important and that it is indicative of zombies , but I could be trusting Taco too much there !</tokentext>
<sentencetext>Made sense to me - although I'm not sure how it'd be done.
If a computer runs a web browser then 99\%+ of the time it won't need to run a web server, so blocking inbound requests on port 80 would stop it being used as a server.
I assume that's important and that it is indicative of zombies, but I could be trusting Taco too much there!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31572016</id>
	<title>You all know the words...</title>
	<author>Chris Tucker</author>
	<datestamp>1269283320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Botnets. Worldwide Botnets.<br>What kind of boxes are on botnets?</p><p>Gateway, HP, Dell &amp; Sony, true!<br>Compaq, Packard Bell, maybe even Asus, too!</p><p>Are boxes, found on botnets.<br>And they all run Windows, Foo!</p></htmltext>
<tokenext>Botnets .
Worldwide Botnets.What kind of boxes are on botnets ? Gateway , HP , Dell &amp; Sony , true ! Compaq , Packard Bell , maybe even Asus , too ! Are boxes , found on botnets.And they all run Windows , Foo !</tokentext>
<sentencetext>Botnets.
Worldwide Botnets.What kind of boxes are on botnets?Gateway, HP, Dell &amp; Sony, true!Compaq, Packard Bell, maybe even Asus, too!Are boxes, found on botnets.And they all run Windows, Foo!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571254</id>
	<title>Re:Yeah...</title>
	<author>Anonymous</author>
	<datestamp>1269281340000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Actually, there are better methods for securing a network First, do not only run one anti-virus on each machine. Run several. I know, the vendors tell you not to. but they are actually biased. I was running stopzilla and webroot, and catching most everything, with occasional runs of spywareblaster for imunizing, and spybot search and destroy. They did not conflict (I do not use teatimer in spybot).  Eventually, I had to step up and now run superantispyware and malwarebytes antimalware as well. I start and stop the stopzilla service to run stopzilla. I have no conflicts. The deal is, malwarebytes catches stuff others do not. Same for other scanners. running several good scanners keeps me fairly safe. I would say also to have different major vendor antivirus running on various machines in each network. Make sure to setup for system administration when viruses are found.<br>I would suggest setting up a few machines on each network that are just test pots, so that you can run a wide variety of antivirus scanners on them every day, to see if you can get advanced notification. Set them up as email receivers, and put their email addresses at the top of the internal email disti list, so that any machine which gets an email virus and spams other machines will hit them as well.<br>Make sure that USB drive insertion triggers antivirus scans. Floppy insertion as well (if you still have that ancient tech, heh heh).<br>A good firewall is also essential. I use zonealarm. I do not know if it is the best.</p></htmltext>
<tokenext>Actually , there are better methods for securing a network First , do not only run one anti-virus on each machine .
Run several .
I know , the vendors tell you not to .
but they are actually biased .
I was running stopzilla and webroot , and catching most everything , with occasional runs of spywareblaster for imunizing , and spybot search and destroy .
They did not conflict ( I do not use teatimer in spybot ) .
Eventually , I had to step up and now run superantispyware and malwarebytes antimalware as well .
I start and stop the stopzilla service to run stopzilla .
I have no conflicts .
The deal is , malwarebytes catches stuff others do not .
Same for other scanners .
running several good scanners keeps me fairly safe .
I would say also to have different major vendor antivirus running on various machines in each network .
Make sure to setup for system administration when viruses are found.I would suggest setting up a few machines on each network that are just test pots , so that you can run a wide variety of antivirus scanners on them every day , to see if you can get advanced notification .
Set them up as email receivers , and put their email addresses at the top of the internal email disti list , so that any machine which gets an email virus and spams other machines will hit them as well.Make sure that USB drive insertion triggers antivirus scans .
Floppy insertion as well ( if you still have that ancient tech , heh heh ) .A good firewall is also essential .
I use zonealarm .
I do not know if it is the best .</tokentext>
<sentencetext>Actually, there are better methods for securing a network First, do not only run one anti-virus on each machine.
Run several.
I know, the vendors tell you not to.
but they are actually biased.
I was running stopzilla and webroot, and catching most everything, with occasional runs of spywareblaster for imunizing, and spybot search and destroy.
They did not conflict (I do not use teatimer in spybot).
Eventually, I had to step up and now run superantispyware and malwarebytes antimalware as well.
I start and stop the stopzilla service to run stopzilla.
I have no conflicts.
The deal is, malwarebytes catches stuff others do not.
Same for other scanners.
running several good scanners keeps me fairly safe.
I would say also to have different major vendor antivirus running on various machines in each network.
Make sure to setup for system administration when viruses are found.I would suggest setting up a few machines on each network that are just test pots, so that you can run a wide variety of antivirus scanners on them every day, to see if you can get advanced notification.
Set them up as email receivers, and put their email addresses at the top of the internal email disti list, so that any machine which gets an email virus and spams other machines will hit them as well.Make sure that USB drive insertion triggers antivirus scans.
Floppy insertion as well (if you still have that ancient tech, heh heh).A good firewall is also essential.
I use zonealarm.
I do not know if it is the best.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567538</id>
	<title>I'm tired of the user being the scape goat for IT</title>
	<author>Anonymous</author>
	<datestamp>1269270600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>As a user who has a more advanced degree, more hands on experience, more interest, and broader programming experience than 90\% of the IT personnel where I work I find the constant blaming of the user to be offensive.  I have been down right lied to by IT personnel because they were either too lazy or too stupid to do their job correctly.  I have had dedicated equipment stolen by IT personnel because they didn't understand what it was doing and thought they could make better use of it else where.  Take some pride in your work, learn how to do your job correctly, and grow some balls (i.e. take responsibility for your failures).</p></htmltext>
<tokenext>As a user who has a more advanced degree , more hands on experience , more interest , and broader programming experience than 90 \ % of the IT personnel where I work I find the constant blaming of the user to be offensive .
I have been down right lied to by IT personnel because they were either too lazy or too stupid to do their job correctly .
I have had dedicated equipment stolen by IT personnel because they did n't understand what it was doing and thought they could make better use of it else where .
Take some pride in your work , learn how to do your job correctly , and grow some balls ( i.e .
take responsibility for your failures ) .</tokentext>
<sentencetext>As a user who has a more advanced degree, more hands on experience, more interest, and broader programming experience than 90\% of the IT personnel where I work I find the constant blaming of the user to be offensive.
I have been down right lied to by IT personnel because they were either too lazy or too stupid to do their job correctly.
I have had dedicated equipment stolen by IT personnel because they didn't understand what it was doing and thought they could make better use of it else where.
Take some pride in your work, learn how to do your job correctly, and grow some balls (i.e.
take responsibility for your failures).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568850</id>
	<title>It's not that difficult</title>
	<author>foxalopex</author>
	<datestamp>1269273960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I run IT for a small company of around 60 computers and to the best of my knowledge I haven't seen a breach in 2 years since I've taken over.  It's NOT that difficult.  Here's how you do it:</p><p>1. Disable or discourage people from browsing the Internet with IE.  Use SeaMonkey, FireFox or some other safer browser.<br>2. Use at least a simple NAT firewall to the Internet.  No computer including the servers should be exposed to the Internet.  If need be forward the necessary ports into your servers but no computer should be fully exposed to the Internet.<br>3. Use a good viral scanner and keep your workstation's windows updated with patches.  You don't need to be right up to date but if you're still using service pack 1 for windowsXP that's a BAD sign.<br>4. Use a spam / viral scanner to protect your mail system.<br>5. Make sure users do not have ADMINISTRATOR access on any system including their own workstations.  Yes, it can be a pain because then you have to install any customized applications but at least they won't install a virus on their own system.<br>6. Make it clear in the company policy that you're not suppose to visit porn or questionable sites.  It's rare that official sites have viruses and that installation of software is an admin only privilage.</p><p>Most modern viruses aren't as clever as the ones I recall from my DOS days.  They typically exploit major bugs in IE, expect Administrator access, require a user dumb enough to install it or use ancient bugs in systems Administrators have neglected to patch in years.  While nothing is foolproof, after seeing how well things have run for me in years, I suspect you're not up to speed on one or more of these points.</p></htmltext>
<tokenext>I run IT for a small company of around 60 computers and to the best of my knowledge I have n't seen a breach in 2 years since I 've taken over .
It 's NOT that difficult .
Here 's how you do it : 1 .
Disable or discourage people from browsing the Internet with IE .
Use SeaMonkey , FireFox or some other safer browser.2 .
Use at least a simple NAT firewall to the Internet .
No computer including the servers should be exposed to the Internet .
If need be forward the necessary ports into your servers but no computer should be fully exposed to the Internet.3 .
Use a good viral scanner and keep your workstation 's windows updated with patches .
You do n't need to be right up to date but if you 're still using service pack 1 for windowsXP that 's a BAD sign.4 .
Use a spam / viral scanner to protect your mail system.5 .
Make sure users do not have ADMINISTRATOR access on any system including their own workstations .
Yes , it can be a pain because then you have to install any customized applications but at least they wo n't install a virus on their own system.6 .
Make it clear in the company policy that you 're not suppose to visit porn or questionable sites .
It 's rare that official sites have viruses and that installation of software is an admin only privilage.Most modern viruses are n't as clever as the ones I recall from my DOS days .
They typically exploit major bugs in IE , expect Administrator access , require a user dumb enough to install it or use ancient bugs in systems Administrators have neglected to patch in years .
While nothing is foolproof , after seeing how well things have run for me in years , I suspect you 're not up to speed on one or more of these points .</tokentext>
<sentencetext>I run IT for a small company of around 60 computers and to the best of my knowledge I haven't seen a breach in 2 years since I've taken over.
It's NOT that difficult.
Here's how you do it:1.
Disable or discourage people from browsing the Internet with IE.
Use SeaMonkey, FireFox or some other safer browser.2.
Use at least a simple NAT firewall to the Internet.
No computer including the servers should be exposed to the Internet.
If need be forward the necessary ports into your servers but no computer should be fully exposed to the Internet.3.
Use a good viral scanner and keep your workstation's windows updated with patches.
You don't need to be right up to date but if you're still using service pack 1 for windowsXP that's a BAD sign.4.
Use a spam / viral scanner to protect your mail system.5.
Make sure users do not have ADMINISTRATOR access on any system including their own workstations.
Yes, it can be a pain because then you have to install any customized applications but at least they won't install a virus on their own system.6.
Make it clear in the company policy that you're not suppose to visit porn or questionable sites.
It's rare that official sites have viruses and that installation of software is an admin only privilage.Most modern viruses aren't as clever as the ones I recall from my DOS days.
They typically exploit major bugs in IE, expect Administrator access, require a user dumb enough to install it or use ancient bugs in systems Administrators have neglected to patch in years.
While nothing is foolproof, after seeing how well things have run for me in years, I suspect you're not up to speed on one or more of these points.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570328</id>
	<title>In a Windows network: WSUS + NAP + Vista/7</title>
	<author>benjymouse</author>
	<datestamp>1269278220000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><ol>

<li>Use a reputable antivirus/antimalware suite. (You probably already do)</li>

<li>Never allow users to run as admins on the boxes. If some user types must be able to do so (like developers), isolate those in a separate OU for which you can design specific policies.</li>

<li>Use a WSUS server which will let you control which patches are available. Instead of evaluating/testing if/when to allow a patch through, consider segmenting the clients/servers and do a gradual rollout of all patches (like 15\% the first day (tuesday), 35\% the next day and the rest on the 3rd day). This will lower the risk of a bad patch messing everything up but will ensure a fast rollout.</li>

<li>Use Network Access Protection (only available for Vista/7 clients IIRC). This is a service which will use an agent program to ensure that the client meets certain policies, like patch level. The clients which do not meet requirements should be quarantined and only allowed to download from the WSUS server. This way you can ensure that old machines do not suddenly appear on the network in an unpatched state.</li>

<li>Use Windows 7 or Vista clients. These have much better protection against e.g. memory corruption bugs and supports integrity level for e.g. Internet Explorer 7+ and Chrome.</li>

<li>Use Chrome or IE8 as browsers. Both are designed with proper sandboxing ind mind. IE8 is more AD-policy friendly and can be locked down pretty tightly. Chrome is less of a target but is somewhat harder to manage in an enterprise.</li>

<li>Consider an OU for "vanilla users" with a policy which includes Applocker rules. With Applocker you can whitelist applications signed with certain signatures to execute and prevent all others. I.e. you can allow digitally signed MS, Adobe, Apple, Google apps to execute and bar all others. In-house apps can be self-signed (no need to buy an expensive cert).</li>

<li>Filter dangerous content at the firewall, e.g. block "executable content". Consider subscribing to a reputation service which can block pr0n and warez sites etc.</li>

<li>Lastly, for the ultimate in client resilience, consider deploying Microsoft SteadyState. With SteadyState you can set up policies to virtualize harddisks so that any change to the system partition will be reverted on every reboot. It can still be set to allow automatic patching.</li>

</ol></htmltext>
<tokenext>Use a reputable antivirus/antimalware suite .
( You probably already do ) Never allow users to run as admins on the boxes .
If some user types must be able to do so ( like developers ) , isolate those in a separate OU for which you can design specific policies .
Use a WSUS server which will let you control which patches are available .
Instead of evaluating/testing if/when to allow a patch through , consider segmenting the clients/servers and do a gradual rollout of all patches ( like 15 \ % the first day ( tuesday ) , 35 \ % the next day and the rest on the 3rd day ) .
This will lower the risk of a bad patch messing everything up but will ensure a fast rollout .
Use Network Access Protection ( only available for Vista/7 clients IIRC ) .
This is a service which will use an agent program to ensure that the client meets certain policies , like patch level .
The clients which do not meet requirements should be quarantined and only allowed to download from the WSUS server .
This way you can ensure that old machines do not suddenly appear on the network in an unpatched state .
Use Windows 7 or Vista clients .
These have much better protection against e.g .
memory corruption bugs and supports integrity level for e.g .
Internet Explorer 7 + and Chrome .
Use Chrome or IE8 as browsers .
Both are designed with proper sandboxing ind mind .
IE8 is more AD-policy friendly and can be locked down pretty tightly .
Chrome is less of a target but is somewhat harder to manage in an enterprise .
Consider an OU for " vanilla users " with a policy which includes Applocker rules .
With Applocker you can whitelist applications signed with certain signatures to execute and prevent all others .
I.e. you can allow digitally signed MS , Adobe , Apple , Google apps to execute and bar all others .
In-house apps can be self-signed ( no need to buy an expensive cert ) .
Filter dangerous content at the firewall , e.g .
block " executable content " .
Consider subscribing to a reputation service which can block pr0n and warez sites etc .
Lastly , for the ultimate in client resilience , consider deploying Microsoft SteadyState .
With SteadyState you can set up policies to virtualize harddisks so that any change to the system partition will be reverted on every reboot .
It can still be set to allow automatic patching .</tokentext>
<sentencetext>

Use a reputable antivirus/antimalware suite.
(You probably already do)

Never allow users to run as admins on the boxes.
If some user types must be able to do so (like developers), isolate those in a separate OU for which you can design specific policies.
Use a WSUS server which will let you control which patches are available.
Instead of evaluating/testing if/when to allow a patch through, consider segmenting the clients/servers and do a gradual rollout of all patches (like 15\% the first day (tuesday), 35\% the next day and the rest on the 3rd day).
This will lower the risk of a bad patch messing everything up but will ensure a fast rollout.
Use Network Access Protection (only available for Vista/7 clients IIRC).
This is a service which will use an agent program to ensure that the client meets certain policies, like patch level.
The clients which do not meet requirements should be quarantined and only allowed to download from the WSUS server.
This way you can ensure that old machines do not suddenly appear on the network in an unpatched state.
Use Windows 7 or Vista clients.
These have much better protection against e.g.
memory corruption bugs and supports integrity level for e.g.
Internet Explorer 7+ and Chrome.
Use Chrome or IE8 as browsers.
Both are designed with proper sandboxing ind mind.
IE8 is more AD-policy friendly and can be locked down pretty tightly.
Chrome is less of a target but is somewhat harder to manage in an enterprise.
Consider an OU for "vanilla users" with a policy which includes Applocker rules.
With Applocker you can whitelist applications signed with certain signatures to execute and prevent all others.
I.e. you can allow digitally signed MS, Adobe, Apple, Google apps to execute and bar all others.
In-house apps can be self-signed (no need to buy an expensive cert).
Filter dangerous content at the firewall, e.g.
block "executable content".
Consider subscribing to a reputation service which can block pr0n and warez sites etc.
Lastly, for the ultimate in client resilience, consider deploying Microsoft SteadyState.
With SteadyState you can set up policies to virtualize harddisks so that any change to the system partition will be reverted on every reboot.
It can still be set to allow automatic patching.

</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566934</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>L4t3r4lu5</author>
	<datestamp>1269269040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Easy: <a href="http://www.thewebsiteisdown.com/excel\_hell.html" title="thewebsiteisdown.com">Excel Hell</a> [thewebsiteisdown.com]</htmltext>
<tokenext>Easy : Excel Hell [ thewebsiteisdown.com ]</tokentext>
<sentencetext>Easy: Excel Hell [thewebsiteisdown.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570554</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>RMS Eats Toejam</author>
	<datestamp>1269278880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>In the days of Win98, my kid asked me to install a game for him.  Soon after installing it, he told me that he needed admin privileges just to run the stupid game.</p></div><p>Being that Windows 98 was a single user OS, such is not possible.  Either your memory has failed you or the story is a fabrication.  I'm going to side with the latter since most trolls/zealots don't maintain accurate or current knowledge of other operating systems.</p></div>
	</htmltext>
<tokenext>In the days of Win98 , my kid asked me to install a game for him .
Soon after installing it , he told me that he needed admin privileges just to run the stupid game.Being that Windows 98 was a single user OS , such is not possible .
Either your memory has failed you or the story is a fabrication .
I 'm going to side with the latter since most trolls/zealots do n't maintain accurate or current knowledge of other operating systems .</tokentext>
<sentencetext>In the days of Win98, my kid asked me to install a game for him.
Soon after installing it, he told me that he needed admin privileges just to run the stupid game.Being that Windows 98 was a single user OS, such is not possible.
Either your memory has failed you or the story is a fabrication.
I'm going to side with the latter since most trolls/zealots don't maintain accurate or current knowledge of other operating systems.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566942</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566750</id>
	<title>Re:I hope Taco doesn't work in IT</title>
	<author>TheMidget</author>
	<datestamp>1269268620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>The vast, vast, vast majority of companies are going to need port 80 (and 443) opened.</p></div><p>Never heard of a Squid proxy? Port 3128 is all your workers need.</p></div>
	</htmltext>
<tokenext>The vast , vast , vast majority of companies are going to need port 80 ( and 443 ) opened.Never heard of a Squid proxy ?
Port 3128 is all your workers need .</tokentext>
<sentencetext>The vast, vast, vast majority of companies are going to need port 80 (and 443) opened.Never heard of a Squid proxy?
Port 3128 is all your workers need.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569438</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>shoehornjob</author>
	<datestamp>1269275640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I do tech support for a company that will remain nameless and while we don't really do much in security we do provide a free security suite for our customers. More often than not we get a call from these people after they have been infected. The point of this is, it doesn't matter how good your av or firewall is you still have to contend with users who can't be bothered to educate themselves about basic safety precautions. Most of the people that I speak to are victims of a drive by attack (your computer is infected with 893 trojans/viruses) and never know what hit them. Until we can effectivly address the point and click mentality of these people we're always going to have the same problem.</htmltext>
<tokenext>I do tech support for a company that will remain nameless and while we do n't really do much in security we do provide a free security suite for our customers .
More often than not we get a call from these people after they have been infected .
The point of this is , it does n't matter how good your av or firewall is you still have to contend with users who ca n't be bothered to educate themselves about basic safety precautions .
Most of the people that I speak to are victims of a drive by attack ( your computer is infected with 893 trojans/viruses ) and never know what hit them .
Until we can effectivly address the point and click mentality of these people we 're always going to have the same problem .</tokentext>
<sentencetext>I do tech support for a company that will remain nameless and while we don't really do much in security we do provide a free security suite for our customers.
More often than not we get a call from these people after they have been infected.
The point of this is, it doesn't matter how good your av or firewall is you still have to contend with users who can't be bothered to educate themselves about basic safety precautions.
Most of the people that I speak to are victims of a drive by attack (your computer is infected with 893 trojans/viruses) and never know what hit them.
Until we can effectivly address the point and click mentality of these people we're always going to have the same problem.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566694</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>Anonymous</author>
	<datestamp>1269268500000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Users.</p></htmltext>
<tokenext>Users .</tokentext>
<sentencetext>Users.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566090</id>
	<title>Install Proto Balance Mail - anti-botnet solution</title>
	<author>AbbeyRoad</author>
	<datestamp>1269266760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This stops mailware:</p><p>
&nbsp; &nbsp; &nbsp; <a href="http://protobalance.com/" title="protobalance.com" rel="nofollow">http://protobalance.com/</a> [protobalance.com]</p><p>-paul</p></htmltext>
<tokenext>This stops mailware :       http : //protobalance.com/ [ protobalance.com ] -paul</tokentext>
<sentencetext>This stops mailware:
      http://protobalance.com/ [protobalance.com]-paul</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568380</id>
	<title>Re:block some email attachments and facebook</title>
	<author>Jenming</author>
	<datestamp>1269272760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>i guess it depends on what your company does. But whenever you block a range of things you decrease the performance of your employees. At the same time you probably decrease your down time and so you may be increasing overall performance, but there is a sweet spot you need to hit. Secure enough, not too restrictive. And most importantly fix problems fast when they do come up.</p></htmltext>
<tokenext>i guess it depends on what your company does .
But whenever you block a range of things you decrease the performance of your employees .
At the same time you probably decrease your down time and so you may be increasing overall performance , but there is a sweet spot you need to hit .
Secure enough , not too restrictive .
And most importantly fix problems fast when they do come up .</tokentext>
<sentencetext>i guess it depends on what your company does.
But whenever you block a range of things you decrease the performance of your employees.
At the same time you probably decrease your down time and so you may be increasing overall performance, but there is a sweet spot you need to hit.
Secure enough, not too restrictive.
And most importantly fix problems fast when they do come up.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566048</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566148</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>Anonymous</author>
	<datestamp>1269267000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>I'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall.  I have not found any problems on my computers but it is quite possible I've missed active bots with such simple protections.</p><p>So my question is: Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus?</p></div><p>I'm likewise a coder, and not a Windows user, so this is the blind leading the blind. But my guess is that the source of these infections is the user installing something nasty.</p><p>Aside from "Don't run Windows, haha" the suggestion I would make would be, restrict user privileges so that they can't install anything. But I hear many Windows apps have problems running with anything short of God-mode permissions, so...don't run Windows, haha.</p></div>
	</htmltext>
<tokenext>I 'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall .
I have not found any problems on my computers but it is quite possible I 've missed active bots with such simple protections.So my question is : Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus ? I 'm likewise a coder , and not a Windows user , so this is the blind leading the blind .
But my guess is that the source of these infections is the user installing something nasty.Aside from " Do n't run Windows , haha " the suggestion I would make would be , restrict user privileges so that they ca n't install anything .
But I hear many Windows apps have problems running with anything short of God-mode permissions , so...do n't run Windows , haha .</tokentext>
<sentencetext>I'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall.
I have not found any problems on my computers but it is quite possible I've missed active bots with such simple protections.So my question is: Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus?I'm likewise a coder, and not a Windows user, so this is the blind leading the blind.
But my guess is that the source of these infections is the user installing something nasty.Aside from "Don't run Windows, haha" the suggestion I would make would be, restrict user privileges so that they can't install anything.
But I hear many Windows apps have problems running with anything short of God-mode permissions, so...don't run Windows, haha.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568324</id>
	<title>Don't use Windows on the Internet</title>
	<author>bcmm</author>
	<datestamp>1269272640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Don't let your Windows boxen have Internet access. If your users just use web and email, give them an HTTP proxy server, an internal email server, and no real Internet gateway.</htmltext>
<tokenext>Do n't let your Windows boxen have Internet access .
If your users just use web and email , give them an HTTP proxy server , an internal email server , and no real Internet gateway .</tokentext>
<sentencetext>Don't let your Windows boxen have Internet access.
If your users just use web and email, give them an HTTP proxy server, an internal email server, and no real Internet gateway.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31573706</id>
	<title>OpenDNS</title>
	<author>Anonymous</author>
	<datestamp>1269289200000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I use OpenDNS to block this stuff, as an added layer. I saw all the other recommendations, but noticed DNS style lists were not listed.</p><p><a href="http://www.opendns.com/" title="opendns.com" rel="nofollow">http://www.opendns.com/</a> [opendns.com]</p></htmltext>
<tokenext>I use OpenDNS to block this stuff , as an added layer .
I saw all the other recommendations , but noticed DNS style lists were not listed.http : //www.opendns.com/ [ opendns.com ]</tokentext>
<sentencetext>I use OpenDNS to block this stuff, as an added layer.
I saw all the other recommendations, but noticed DNS style lists were not listed.http://www.opendns.com/ [opendns.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566988</id>
	<title>Re:Yeah...</title>
	<author>Anonymous</author>
	<datestamp>1269269220000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>I don't buy the "competent users" argument.<br> <br>

It is definitely the case that <i>incompetence</i> users can cause system compromises. "Ooh, free smilies!"(though, IT should ideally have blocked most of their most common avenues of idiocy.<br> <br>

However, in a world where you can get compromised just by going to a perfectly legitimate website that happens to be running a flash ad with an embedded zero-day of some flavor, the idea that "competence" is going to save you is an unpleasant mixture of naivet&#233; and adherence to the <a href="http://www.scu.edu/ethics/publications/iie/v3n2/justworld.html" title="scu.edu">just-world hypothesis</a> [scu.edu].<br> <br>

Competence doesn't hurt, and is always a desirable quality; but it is a near-worthless foundation for a security system. First and foremost, there are many attacks from which competence will not save you. Second, and also pretty important, is that any organization of reasonable size is going to contain people hired for their competence in something other than computer security. The pool of people competent in skill X <i>and</i> computer security is always smaller than the pool of people competent in skill X. Even if the former pool is large enough to fulfil your needs, recruiting from it will cost more than recruiting from the entire skill X pool. Competent users are a nice perk, when they happen; but depending on them is folly.</htmltext>
<tokenext>I do n't buy the " competent users " argument .
It is definitely the case that incompetence users can cause system compromises .
" Ooh , free smilies !
" ( though , IT should ideally have blocked most of their most common avenues of idiocy .
However , in a world where you can get compromised just by going to a perfectly legitimate website that happens to be running a flash ad with an embedded zero-day of some flavor , the idea that " competence " is going to save you is an unpleasant mixture of naivet   and adherence to the just-world hypothesis [ scu.edu ] .
Competence does n't hurt , and is always a desirable quality ; but it is a near-worthless foundation for a security system .
First and foremost , there are many attacks from which competence will not save you .
Second , and also pretty important , is that any organization of reasonable size is going to contain people hired for their competence in something other than computer security .
The pool of people competent in skill X and computer security is always smaller than the pool of people competent in skill X. Even if the former pool is large enough to fulfil your needs , recruiting from it will cost more than recruiting from the entire skill X pool .
Competent users are a nice perk , when they happen ; but depending on them is folly .</tokentext>
<sentencetext>I don't buy the "competent users" argument.
It is definitely the case that incompetence users can cause system compromises.
"Ooh, free smilies!
"(though, IT should ideally have blocked most of their most common avenues of idiocy.
However, in a world where you can get compromised just by going to a perfectly legitimate website that happens to be running a flash ad with an embedded zero-day of some flavor, the idea that "competence" is going to save you is an unpleasant mixture of naiveté and adherence to the just-world hypothesis [scu.edu].
Competence doesn't hurt, and is always a desirable quality; but it is a near-worthless foundation for a security system.
First and foremost, there are many attacks from which competence will not save you.
Second, and also pretty important, is that any organization of reasonable size is going to contain people hired for their competence in something other than computer security.
The pool of people competent in skill X and computer security is always smaller than the pool of people competent in skill X. Even if the former pool is large enough to fulfil your needs, recruiting from it will cost more than recruiting from the entire skill X pool.
Competent users are a nice perk, when they happen; but depending on them is folly.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565962</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565932</id>
	<title>Re:Yeah...</title>
	<author>Magorak</author>
	<datestamp>1269266160000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>Unfortunately you are probably right.</p></htmltext>
<tokenext>Unfortunately you are probably right .</tokentext>
<sentencetext>Unfortunately you are probably right.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866</id>
	<title>Yeah...</title>
	<author>Anonymous</author>
	<datestamp>1269265980000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>...I'm going to go ahead and guess the general answer most people around here are going to give.</p><p>Linux or OSX.</p><p>AmIright?</p></htmltext>
<tokenext>...I 'm going to go ahead and guess the general answer most people around here are going to give.Linux or OSX.AmIright ?</tokentext>
<sentencetext>...I'm going to go ahead and guess the general answer most people around here are going to give.Linux or OSX.AmIright?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566884</id>
	<title>Re:Identify the people responsible, sack and sue t</title>
	<author>Anonymous</author>
	<datestamp>1269268920000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Seriously?  Litigation is the best solution you can think of?</p></htmltext>
<tokenext>Seriously ?
Litigation is the best solution you can think of ?</tokentext>
<sentencetext>Seriously?
Litigation is the best solution you can think of?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566282</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566472</id>
	<title>One article where I am glad there are no links....</title>
	<author>Anonymous</author>
	<datestamp>1269267900000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Btw thanks harrymcc/timothy re the posting of the "Russian ASCII Art Animated Cat From 1968" article.... my local library really appreciated the pissoff.exe malware on their machine....  that article should be renamed to "In soviet Russia BESM-4 GOST 10859-64 ASCIISKI Art Animated Kitty Porn From 1968 with blessing of Russian malware from 2010 - now all IE bases belong to Boris Grishenko" !</p></htmltext>
<tokenext>Btw thanks harrymcc/timothy re the posting of the " Russian ASCII Art Animated Cat From 1968 " article.... my local library really appreciated the pissoff.exe malware on their machine.... that article should be renamed to " In soviet Russia BESM-4 GOST 10859-64 ASCIISKI Art Animated Kitty Porn From 1968 with blessing of Russian malware from 2010 - now all IE bases belong to Boris Grishenko " !</tokentext>
<sentencetext>Btw thanks harrymcc/timothy re the posting of the "Russian ASCII Art Animated Cat From 1968" article.... my local library really appreciated the pissoff.exe malware on their machine....  that article should be renamed to "In soviet Russia BESM-4 GOST 10859-64 ASCIISKI Art Animated Kitty Porn From 1968 with blessing of Russian malware from 2010 - now all IE bases belong to Boris Grishenko" !</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31700238</id>
	<title>Re:whitelist</title>
	<author>Grimwiz</author>
	<datestamp>1270135920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Whitelisting applications would work if this could control what is run on your system. Variously implemented by either looking up a hash (e.g. md5) or signing the code. Unfortunately we can make the following observations which indicate this does not provide total protection:</p><p>
&nbsp; By Design:<br>
&nbsp; &nbsp; &nbsp; Some applications allow interpreted code (macros, visual basic inside documents, perl/java etc.).<br>
&nbsp; &nbsp; &nbsp; Some applications are inherantly data (excel spreadsheet etc.).<br>
&nbsp; &nbsp; &nbsp; Some applications change their behaviour dependant on libraries and plugins which may not be checked against a whitelist (e.g. activex, greasemonkey).<br>
&nbsp; &nbsp; &nbsp; Some applications self-modify (maybe to try and prevent software theft).</p><p>
&nbsp; Flaws:<br>
&nbsp; &nbsp; &nbsp; Some applications have flaws that allow code injection (buffer overflows etc.).<br>
&nbsp; &nbsp; &nbsp; Some features can be used for inappropriate purposes (updater that can be fooled into downloading the wrong files).<br>
&nbsp; &nbsp; &nbsp; Sometimes signing keys are reverse engineered or leaked, allowing malware to be whitelisted.<br>
&nbsp; &nbsp; &nbsp; List or key management requires ongoing maintenance and if it goes wrong can mount a denial of service attack on your customers.</p><p>
&nbsp; Lack of omniscience:<br>
&nbsp; &nbsp; &nbsp; Some people can use a secure application in a secure OS and still do something insecure (phishing etc.).<br>
&nbsp; &nbsp; &nbsp; As new attacks are found, old protections become ineffective.<br>
&nbsp; &nbsp; &nbsp; There is a chance that malware could be whitelisted.<br>
&nbsp; &nbsp; &nbsp; You have to update your whitelist for every update by every vendor.<br>
&nbsp; &nbsp; &nbsp; It is really really hard to be sure that the application does what you are told it does - either deliberately to produce trojan horses or accidentally (see above).<br>
&nbsp; &nbsp; &nbsp; Each user may require a different whitelist as they have different requirements - some may wish to run p2p data sharing wheras others may regard this as a huge security risk.</p><p>
&nbsp; Lack of omnipotence:<br>
&nbsp; &nbsp; &nbsp; Some flaws are not in the applications - they may be in a hypervisor, loaded onto network cards, on routers, hosted remotely.</p><p>IMHO whitelisting requires reducing the functionality of applications (e.g. no java) and adds hoops/costs to professional developers and upsets users but unfortunately malware writers will focus on the easiest route using what they can get. c.f. <a href="http://www.securecomputing.net.au/News/161167,analysis-iphone-malware-evolution-on-overdrive.aspx" title="securecomputing.net.au">http://www.securecomputing.net.au/News/161167,analysis-iphone-malware-evolution-on-overdrive.aspx</a> [securecomputing.net.au]</p></htmltext>
<tokenext>Whitelisting applications would work if this could control what is run on your system .
Variously implemented by either looking up a hash ( e.g .
md5 ) or signing the code .
Unfortunately we can make the following observations which indicate this does not provide total protection :   By Design :       Some applications allow interpreted code ( macros , visual basic inside documents , perl/java etc. ) .
      Some applications are inherantly data ( excel spreadsheet etc. ) .
      Some applications change their behaviour dependant on libraries and plugins which may not be checked against a whitelist ( e.g .
activex , greasemonkey ) .
      Some applications self-modify ( maybe to try and prevent software theft ) .
  Flaws :       Some applications have flaws that allow code injection ( buffer overflows etc. ) .
      Some features can be used for inappropriate purposes ( updater that can be fooled into downloading the wrong files ) .
      Sometimes signing keys are reverse engineered or leaked , allowing malware to be whitelisted .
      List or key management requires ongoing maintenance and if it goes wrong can mount a denial of service attack on your customers .
  Lack of omniscience :       Some people can use a secure application in a secure OS and still do something insecure ( phishing etc. ) .
      As new attacks are found , old protections become ineffective .
      There is a chance that malware could be whitelisted .
      You have to update your whitelist for every update by every vendor .
      It is really really hard to be sure that the application does what you are told it does - either deliberately to produce trojan horses or accidentally ( see above ) .
      Each user may require a different whitelist as they have different requirements - some may wish to run p2p data sharing wheras others may regard this as a huge security risk .
  Lack of omnipotence :       Some flaws are not in the applications - they may be in a hypervisor , loaded onto network cards , on routers , hosted remotely.IMHO whitelisting requires reducing the functionality of applications ( e.g .
no java ) and adds hoops/costs to professional developers and upsets users but unfortunately malware writers will focus on the easiest route using what they can get .
c.f. http : //www.securecomputing.net.au/News/161167,analysis-iphone-malware-evolution-on-overdrive.aspx [ securecomputing.net.au ]</tokentext>
<sentencetext>Whitelisting applications would work if this could control what is run on your system.
Variously implemented by either looking up a hash (e.g.
md5) or signing the code.
Unfortunately we can make the following observations which indicate this does not provide total protection:
  By Design:
      Some applications allow interpreted code (macros, visual basic inside documents, perl/java etc.).
      Some applications are inherantly data (excel spreadsheet etc.).
      Some applications change their behaviour dependant on libraries and plugins which may not be checked against a whitelist (e.g.
activex, greasemonkey).
      Some applications self-modify (maybe to try and prevent software theft).
  Flaws:
      Some applications have flaws that allow code injection (buffer overflows etc.).
      Some features can be used for inappropriate purposes (updater that can be fooled into downloading the wrong files).
      Sometimes signing keys are reverse engineered or leaked, allowing malware to be whitelisted.
      List or key management requires ongoing maintenance and if it goes wrong can mount a denial of service attack on your customers.
  Lack of omniscience:
      Some people can use a secure application in a secure OS and still do something insecure (phishing etc.).
      As new attacks are found, old protections become ineffective.
      There is a chance that malware could be whitelisted.
      You have to update your whitelist for every update by every vendor.
      It is really really hard to be sure that the application does what you are told it does - either deliberately to produce trojan horses or accidentally (see above).
      Each user may require a different whitelist as they have different requirements - some may wish to run p2p data sharing wheras others may regard this as a huge security risk.
  Lack of omnipotence:
      Some flaws are not in the applications - they may be in a hypervisor, loaded onto network cards, on routers, hosted remotely.IMHO whitelisting requires reducing the functionality of applications (e.g.
no java) and adds hoops/costs to professional developers and upsets users but unfortunately malware writers will focus on the easiest route using what they can get.
c.f. http://www.securecomputing.net.au/News/161167,analysis-iphone-malware-evolution-on-overdrive.aspx [securecomputing.net.au]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566010</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567642</id>
	<title>Re:Suggestions</title>
	<author>Kozz</author>
	<datestamp>1269270900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>A few suggestions from my experience as a technician:</p><ul>
<li>Keep vulnerable programs off of your base image.  We saw infections go down dramatically after removing Java and replacing Adobe Acrobat Reader with something else.</li></ul></div><p>I'm right there with you on the Acrobat Reader bit -- I had a laptop that I witnessed get 0wn3d in a matter of seconds when acrobat plugin crashed while browsing, and it spiraled out of control until I just unplugged the ether and turned it off.  But can you explain the vulnerability of Java?  That's rather broad categorization, it seems.  What kinds of common Java problems have you seen?</p></div>
	</htmltext>
<tokenext>A few suggestions from my experience as a technician : Keep vulnerable programs off of your base image .
We saw infections go down dramatically after removing Java and replacing Adobe Acrobat Reader with something else.I 'm right there with you on the Acrobat Reader bit -- I had a laptop that I witnessed get 0wn3d in a matter of seconds when acrobat plugin crashed while browsing , and it spiraled out of control until I just unplugged the ether and turned it off .
But can you explain the vulnerability of Java ?
That 's rather broad categorization , it seems .
What kinds of common Java problems have you seen ?</tokentext>
<sentencetext>A few suggestions from my experience as a technician:
Keep vulnerable programs off of your base image.
We saw infections go down dramatically after removing Java and replacing Adobe Acrobat Reader with something else.I'm right there with you on the Acrobat Reader bit -- I had a laptop that I witnessed get 0wn3d in a matter of seconds when acrobat plugin crashed while browsing, and it spiraled out of control until I just unplugged the ether and turned it off.
But can you explain the vulnerability of Java?
That's rather broad categorization, it seems.
What kinds of common Java problems have you seen?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566210</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566816</id>
	<title>Sandboxing and VM's in our future ?</title>
	<author>zuki</author>
	<datestamp>1269268800000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>This is more of a question than anything, as I find this to be a fascinating topic, but have little experience in managing corporate networks.<br> <br>

At what point does it make sense to have your users having to run all that they do on a virtual machine, which if anything gets compromised can just be rolled back without too much fuss?<br> <br>

Also, does it make sense to move a lot of what people do to some sort of hosted app infrastructure (private cloud for example) where the lockdown can occur in an easier and more granular manner as all of the apps are managed by IT only, or is this just a pipe dream that's at least another 10 years away?<br> <br>

Still, in the end it all has to do with your users not practicing safe browsing, double-clicking on attachments that they did not expect, and the likes.<br> <br>

I do like <i>fuzzyfuzzyfungus</i>, <i>magamiako1</i> and <i>Z34107</i>'s suggestions very much, seems fairly practical yet transparent to the users. (wish I had mod points for you guys, but not today!)<br> <br>

But regardless, I guess in some sense any of these solutions seem like they are going to be quite costly and labor-intensive, from a business owner's perspective should those long-term costs not be taken into account when comparing them to deploying a network of machines running Linux or OS-X (and Windows apps inside a VM on those)? Does this all have to do with many corporate apps only working in a Windows network, and with legacy code not being able to be migrated away from a Microsoft-centric platform? <br> <br>
Sorry for sounding naive, but this is not my area of expertise...</htmltext>
<tokenext>This is more of a question than anything , as I find this to be a fascinating topic , but have little experience in managing corporate networks .
At what point does it make sense to have your users having to run all that they do on a virtual machine , which if anything gets compromised can just be rolled back without too much fuss ?
Also , does it make sense to move a lot of what people do to some sort of hosted app infrastructure ( private cloud for example ) where the lockdown can occur in an easier and more granular manner as all of the apps are managed by IT only , or is this just a pipe dream that 's at least another 10 years away ?
Still , in the end it all has to do with your users not practicing safe browsing , double-clicking on attachments that they did not expect , and the likes .
I do like fuzzyfuzzyfungus , magamiako1 and Z34107 's suggestions very much , seems fairly practical yet transparent to the users .
( wish I had mod points for you guys , but not today !
) But regardless , I guess in some sense any of these solutions seem like they are going to be quite costly and labor-intensive , from a business owner 's perspective should those long-term costs not be taken into account when comparing them to deploying a network of machines running Linux or OS-X ( and Windows apps inside a VM on those ) ?
Does this all have to do with many corporate apps only working in a Windows network , and with legacy code not being able to be migrated away from a Microsoft-centric platform ?
Sorry for sounding naive , but this is not my area of expertise.. .</tokentext>
<sentencetext>This is more of a question than anything, as I find this to be a fascinating topic, but have little experience in managing corporate networks.
At what point does it make sense to have your users having to run all that they do on a virtual machine, which if anything gets compromised can just be rolled back without too much fuss?
Also, does it make sense to move a lot of what people do to some sort of hosted app infrastructure (private cloud for example) where the lockdown can occur in an easier and more granular manner as all of the apps are managed by IT only, or is this just a pipe dream that's at least another 10 years away?
Still, in the end it all has to do with your users not practicing safe browsing, double-clicking on attachments that they did not expect, and the likes.
I do like fuzzyfuzzyfungus, magamiako1 and Z34107's suggestions very much, seems fairly practical yet transparent to the users.
(wish I had mod points for you guys, but not today!
) 

But regardless, I guess in some sense any of these solutions seem like they are going to be quite costly and labor-intensive, from a business owner's perspective should those long-term costs not be taken into account when comparing them to deploying a network of machines running Linux or OS-X (and Windows apps inside a VM on those)?
Does this all have to do with many corporate apps only working in a Windows network, and with legacy code not being able to be migrated away from a Microsoft-centric platform?
Sorry for sounding naive, but this is not my area of expertise...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567292</id>
	<title>Be aware of what is going on</title>
	<author>erroneus</author>
	<datestamp>1269270000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>For example, people are still surprised when they learn about Adobe Acrobat and reader are commonly exploited (if you can call it that) as a means of inserting code into a machine.  And there are other insertion vectors as well and, interestingly enough, most have to do with Javascript.  So what to do?</p><p>First step is awareness.  Get yourself aware.  Get on bugtraq and other mailing lists/forums to make yourself aware of these things as they emerge.  The second step is to control and limit the doors used to walk into your network.  If you have to set up a proxy server in order to prevent users from hitting servers in Russia and other countries your business interests have no need to travel, then that is what you should do.  Further, blocking Javascript is an important step in protecting the network.  Cisco routers can use rules to prevent scripts from being downloaded, interestingly enough, as I have observed where it had actually prevented me from hosting certain web apps taking me a LONG time figuring out why and how.  Finally, using browsers that enable the selective control of which Javascript code to run is extremely useful.  (To my knowledge, MSIE still has no such "NoScript" functionality.)</p><p>Many people correctly jump to the stock answer "It's a Windows problem."  This is correct in fact, but is inappropriate where a larger picture is concerned.  If people stopped using Windows today, the attackers would simply begin exploiting Linux and MacOS more frequently.  These rules of safety apply to all platforms even if the non-Windows machines are not presently the primary target.</p><p>In short, if you cannot fix the problem, avoid using the software that is vulnerable.  And if you cannot avoid that, then block communications with botnet controllers as most of them reside in other nations and are generally known.</p><p>As an added note, if it's possible, try to use a non-corruptible Windows solution.  What I mean by this is using a system by which machines can be reloaded or recovered with more ease.  Sometimes it is far less important to know how or why and more important to have a path of quick recovery ready and available.  Many people use Ghost images to recover quickly.  Others use virtual machine technologies.  Deep Freeze is one solution that I have heard great things about.  In the case of Windows, you have to disable much usability and functionality to lock it down.  Some of this usability and functionality is required for day-to-day business.  Such solutions would be unacceptable.  So preparing a fast recovery method is your next best thing to prevention.</p></htmltext>
<tokenext>For example , people are still surprised when they learn about Adobe Acrobat and reader are commonly exploited ( if you can call it that ) as a means of inserting code into a machine .
And there are other insertion vectors as well and , interestingly enough , most have to do with Javascript .
So what to do ? First step is awareness .
Get yourself aware .
Get on bugtraq and other mailing lists/forums to make yourself aware of these things as they emerge .
The second step is to control and limit the doors used to walk into your network .
If you have to set up a proxy server in order to prevent users from hitting servers in Russia and other countries your business interests have no need to travel , then that is what you should do .
Further , blocking Javascript is an important step in protecting the network .
Cisco routers can use rules to prevent scripts from being downloaded , interestingly enough , as I have observed where it had actually prevented me from hosting certain web apps taking me a LONG time figuring out why and how .
Finally , using browsers that enable the selective control of which Javascript code to run is extremely useful .
( To my knowledge , MSIE still has no such " NoScript " functionality .
) Many people correctly jump to the stock answer " It 's a Windows problem .
" This is correct in fact , but is inappropriate where a larger picture is concerned .
If people stopped using Windows today , the attackers would simply begin exploiting Linux and MacOS more frequently .
These rules of safety apply to all platforms even if the non-Windows machines are not presently the primary target.In short , if you can not fix the problem , avoid using the software that is vulnerable .
And if you can not avoid that , then block communications with botnet controllers as most of them reside in other nations and are generally known.As an added note , if it 's possible , try to use a non-corruptible Windows solution .
What I mean by this is using a system by which machines can be reloaded or recovered with more ease .
Sometimes it is far less important to know how or why and more important to have a path of quick recovery ready and available .
Many people use Ghost images to recover quickly .
Others use virtual machine technologies .
Deep Freeze is one solution that I have heard great things about .
In the case of Windows , you have to disable much usability and functionality to lock it down .
Some of this usability and functionality is required for day-to-day business .
Such solutions would be unacceptable .
So preparing a fast recovery method is your next best thing to prevention .</tokentext>
<sentencetext>For example, people are still surprised when they learn about Adobe Acrobat and reader are commonly exploited (if you can call it that) as a means of inserting code into a machine.
And there are other insertion vectors as well and, interestingly enough, most have to do with Javascript.
So what to do?First step is awareness.
Get yourself aware.
Get on bugtraq and other mailing lists/forums to make yourself aware of these things as they emerge.
The second step is to control and limit the doors used to walk into your network.
If you have to set up a proxy server in order to prevent users from hitting servers in Russia and other countries your business interests have no need to travel, then that is what you should do.
Further, blocking Javascript is an important step in protecting the network.
Cisco routers can use rules to prevent scripts from being downloaded, interestingly enough, as I have observed where it had actually prevented me from hosting certain web apps taking me a LONG time figuring out why and how.
Finally, using browsers that enable the selective control of which Javascript code to run is extremely useful.
(To my knowledge, MSIE still has no such "NoScript" functionality.
)Many people correctly jump to the stock answer "It's a Windows problem.
"  This is correct in fact, but is inappropriate where a larger picture is concerned.
If people stopped using Windows today, the attackers would simply begin exploiting Linux and MacOS more frequently.
These rules of safety apply to all platforms even if the non-Windows machines are not presently the primary target.In short, if you cannot fix the problem, avoid using the software that is vulnerable.
And if you cannot avoid that, then block communications with botnet controllers as most of them reside in other nations and are generally known.As an added note, if it's possible, try to use a non-corruptible Windows solution.
What I mean by this is using a system by which machines can be reloaded or recovered with more ease.
Sometimes it is far less important to know how or why and more important to have a path of quick recovery ready and available.
Many people use Ghost images to recover quickly.
Others use virtual machine technologies.
Deep Freeze is one solution that I have heard great things about.
In the case of Windows, you have to disable much usability and functionality to lock it down.
Some of this usability and functionality is required for day-to-day business.
Such solutions would be unacceptable.
So preparing a fast recovery method is your next best thing to prevention.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567398</id>
	<title>Re:Suggestions</title>
	<author>Anonymous</author>
	<datestamp>1269270240000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Why pick on just Java? Any language that has access to file and network I/O, etc. could be problematic.</p><p>I know that webstart, etc. could be problematic, but I couldn't imagine that infections went down *dramatically* because of that, since the number of those types of issues have to be many fewer than malware written in languages other than Java that are more common in Windows (C, C++, VC++, VB, C#/VB.Net, etc.).</p><p>Why not just lock down everything?</p></htmltext>
<tokenext>Why pick on just Java ?
Any language that has access to file and network I/O , etc .
could be problematic.I know that webstart , etc .
could be problematic , but I could n't imagine that infections went down * dramatically * because of that , since the number of those types of issues have to be many fewer than malware written in languages other than Java that are more common in Windows ( C , C + + , VC + + , VB , C # /VB.Net , etc .
) .Why not just lock down everything ?</tokentext>
<sentencetext>Why pick on just Java?
Any language that has access to file and network I/O, etc.
could be problematic.I know that webstart, etc.
could be problematic, but I couldn't imagine that infections went down *dramatically* because of that, since the number of those types of issues have to be many fewer than malware written in languages other than Java that are more common in Windows (C, C++, VC++, VB, C#/VB.Net, etc.
).Why not just lock down everything?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566210</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567120</id>
	<title>Short answer: You can't.</title>
	<author>Sigma 7</author>
	<datestamp>1269269640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Long answer: You cannot. (Okay, bad pun.)</p><p>Any system that has humans (especially ones that don't follow proper secuity protocols) will always have a chance of a virus appearing.  It may be a CEO/VP that insists on being able to run something, or some other app that gains admin prviliges by an exploit.</p><p>At best, you might be able to use a whitelist app system or something like DeepFreeze to cut down on damage. However, any rogue program (e.g. bounty hunter viruses) that breaks out of sandboxing can still zombify your network.</p><p>Also, a Facebook friend recently sent a link which was one of those virus-type sites.  Inexperience users will encounter agressive attempts to download "setup.exe" - and like most other browsers, Firefox still didn't provide an option to immediatly block virus-like activity.  It should: there's a key labeled "Break" in the top-right corner of my keyboard.</p></htmltext>
<tokenext>Long answer : You can not .
( Okay , bad pun .
) Any system that has humans ( especially ones that do n't follow proper secuity protocols ) will always have a chance of a virus appearing .
It may be a CEO/VP that insists on being able to run something , or some other app that gains admin prviliges by an exploit.At best , you might be able to use a whitelist app system or something like DeepFreeze to cut down on damage .
However , any rogue program ( e.g .
bounty hunter viruses ) that breaks out of sandboxing can still zombify your network.Also , a Facebook friend recently sent a link which was one of those virus-type sites .
Inexperience users will encounter agressive attempts to download " setup.exe " - and like most other browsers , Firefox still did n't provide an option to immediatly block virus-like activity .
It should : there 's a key labeled " Break " in the top-right corner of my keyboard .</tokentext>
<sentencetext>Long answer: You cannot.
(Okay, bad pun.
)Any system that has humans (especially ones that don't follow proper secuity protocols) will always have a chance of a virus appearing.
It may be a CEO/VP that insists on being able to run something, or some other app that gains admin prviliges by an exploit.At best, you might be able to use a whitelist app system or something like DeepFreeze to cut down on damage.
However, any rogue program (e.g.
bounty hunter viruses) that breaks out of sandboxing can still zombify your network.Also, a Facebook friend recently sent a link which was one of those virus-type sites.
Inexperience users will encounter agressive attempts to download "setup.exe" - and like most other browsers, Firefox still didn't provide an option to immediatly block virus-like activity.
It should: there's a key labeled "Break" in the top-right corner of my keyboard.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565908</id>
	<title>Re:Yeah...</title>
	<author>sirrunsalot</author>
	<datestamp>1269266100000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext>Yup.</htmltext>
<tokenext>Yup .</tokentext>
<sentencetext>Yup.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567312</id>
	<title>Re:Yeah...</title>
	<author>AlecC</author>
	<datestamp>1269270060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>That just restricts the number of people who can use computers unnecessarily. Computers exist to serve people, not people to serve computers. We need to design computers so that people whose job is doing something else can still use computers. Forcing all users to become geeks just limits the availability of computers.</p><p>In the early 1900s some pundit in Britain said that road congestion could never become a problem because there were a maximum of a million people in the country who could be trained to become chauffeurs. That might have been reasonable, for a model that said that cars are so complicated that it needs a trained specialist (or enthusiastic amateur) to run them. But cars became so easy that any Joe Public could drive them - and society changed accordingly, few drivers now are competent mechanics - and we shouldn't make the same demands of computer users.</p></htmltext>
<tokenext>That just restricts the number of people who can use computers unnecessarily .
Computers exist to serve people , not people to serve computers .
We need to design computers so that people whose job is doing something else can still use computers .
Forcing all users to become geeks just limits the availability of computers.In the early 1900s some pundit in Britain said that road congestion could never become a problem because there were a maximum of a million people in the country who could be trained to become chauffeurs .
That might have been reasonable , for a model that said that cars are so complicated that it needs a trained specialist ( or enthusiastic amateur ) to run them .
But cars became so easy that any Joe Public could drive them - and society changed accordingly , few drivers now are competent mechanics - and we should n't make the same demands of computer users .</tokentext>
<sentencetext>That just restricts the number of people who can use computers unnecessarily.
Computers exist to serve people, not people to serve computers.
We need to design computers so that people whose job is doing something else can still use computers.
Forcing all users to become geeks just limits the availability of computers.In the early 1900s some pundit in Britain said that road congestion could never become a problem because there were a maximum of a million people in the country who could be trained to become chauffeurs.
That might have been reasonable, for a model that said that cars are so complicated that it needs a trained specialist (or enthusiastic amateur) to run them.
But cars became so easy that any Joe Public could drive them - and society changed accordingly, few drivers now are competent mechanics - and we shouldn't make the same demands of computer users.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565962</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566516</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>jimicus</author>
	<datestamp>1269268020000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p><div class="quote"><p>So my question is: Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus?</p></div><p>No they're not.  Trojans are becoming much more adept at avoiding antivirus (mainly because most antivirus is essentially a glorified "grep for this sequence of bytes", which doesn't work very well with polymorphic infectors) and much better at remaining hidden once installed.</p><p>A few years ago it was fairly obvious because an infected computer had all the speed and grace of a slug break-dancing in black treacle and most AV vendors' websites magically stopped working (though actually your browser was being screwed around with) - today that doesn't happen so much.</p><p>Short of the major AV vendors drastically upping their game in very short order (difficult - heuristics scanning is the obvious thing to look at but it's tantamount to the halting problem), I can't really see this situation improving much.</p></div>
	</htmltext>
<tokenext>So my question is : Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus ? No they 're not .
Trojans are becoming much more adept at avoiding antivirus ( mainly because most antivirus is essentially a glorified " grep for this sequence of bytes " , which does n't work very well with polymorphic infectors ) and much better at remaining hidden once installed.A few years ago it was fairly obvious because an infected computer had all the speed and grace of a slug break-dancing in black treacle and most AV vendors ' websites magically stopped working ( though actually your browser was being screwed around with ) - today that does n't happen so much.Short of the major AV vendors drastically upping their game in very short order ( difficult - heuristics scanning is the obvious thing to look at but it 's tantamount to the halting problem ) , I ca n't really see this situation improving much .</tokentext>
<sentencetext>So my question is: Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus?No they're not.
Trojans are becoming much more adept at avoiding antivirus (mainly because most antivirus is essentially a glorified "grep for this sequence of bytes", which doesn't work very well with polymorphic infectors) and much better at remaining hidden once installed.A few years ago it was fairly obvious because an infected computer had all the speed and grace of a slug break-dancing in black treacle and most AV vendors' websites magically stopped working (though actually your browser was being screwed around with) - today that doesn't happen so much.Short of the major AV vendors drastically upping their game in very short order (difficult - heuristics scanning is the obvious thing to look at but it's tantamount to the halting problem), I can't really see this situation improving much.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565974</id>
	<title>Re:Yeah...</title>
	<author>Anonymous</author>
	<datestamp>1269266280000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>If you really want to be sure you avoid being part of a botnet, then yes, Windows is not one of the choices you have. It cant be secured, its like going down the rapids in a colander while trying to plug the holes with cabbage.</p><p>If you want to mitigate the problem you can add all sorts of defences but you will be owned eventually if you stay on Windows. The question is, is it worth all the money? One thing is sure, its damn expensive to fix Windows up to half-bad.</p></htmltext>
<tokenext>If you really want to be sure you avoid being part of a botnet , then yes , Windows is not one of the choices you have .
It cant be secured , its like going down the rapids in a colander while trying to plug the holes with cabbage.If you want to mitigate the problem you can add all sorts of defences but you will be owned eventually if you stay on Windows .
The question is , is it worth all the money ?
One thing is sure , its damn expensive to fix Windows up to half-bad .</tokentext>
<sentencetext>If you really want to be sure you avoid being part of a botnet, then yes, Windows is not one of the choices you have.
It cant be secured, its like going down the rapids in a colander while trying to plug the holes with cabbage.If you want to mitigate the problem you can add all sorts of defences but you will be owned eventually if you stay on Windows.
The question is, is it worth all the money?
One thing is sure, its damn expensive to fix Windows up to half-bad.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566742</id>
	<title>Re:I hope Taco doesn't work in IT</title>
	<author>flyingfsck</author>
	<datestamp>1269268620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Fortunately with a combination of cntlm, corkscrew and ssh, I can tunnel anything through port 80.</htmltext>
<tokenext>Fortunately with a combination of cntlm , corkscrew and ssh , I can tunnel anything through port 80 .</tokentext>
<sentencetext>Fortunately with a combination of cntlm, corkscrew and ssh, I can tunnel anything through port 80.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569868</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>MightyMartian</author>
	<datestamp>1269276840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>While we still run AV on every workstation, I have basically been forced on my network to set up very restrictive GPOs.  No autorunning/autoloading of CDs or USB drives.  Limit where programs can be run from so that users can't just grab their favorite torrent client and toss it in their My Documents or home directories.  None of this is entirely perfect, and there is always a usability penalty to some degree, but we haven't had an infection of any kind in over two years.</p><p>What it comes to is this.  Your AV software is only as good as your users are smart and responsible.  Since users almost always tend towards being irresponsible, and even company policies against loading untested third party software are insufficient, you may be forced to lock down the workstations themselves to such a degree as the number of potential vectors for infection are rather small.  Obviously you can't hope to know the vulnerabilities in approved software (like Internet Explorer), there is still a window for infection, but you make the bulls eye a lot smaller.</p></htmltext>
<tokenext>While we still run AV on every workstation , I have basically been forced on my network to set up very restrictive GPOs .
No autorunning/autoloading of CDs or USB drives .
Limit where programs can be run from so that users ca n't just grab their favorite torrent client and toss it in their My Documents or home directories .
None of this is entirely perfect , and there is always a usability penalty to some degree , but we have n't had an infection of any kind in over two years.What it comes to is this .
Your AV software is only as good as your users are smart and responsible .
Since users almost always tend towards being irresponsible , and even company policies against loading untested third party software are insufficient , you may be forced to lock down the workstations themselves to such a degree as the number of potential vectors for infection are rather small .
Obviously you ca n't hope to know the vulnerabilities in approved software ( like Internet Explorer ) , there is still a window for infection , but you make the bulls eye a lot smaller .</tokentext>
<sentencetext>While we still run AV on every workstation, I have basically been forced on my network to set up very restrictive GPOs.
No autorunning/autoloading of CDs or USB drives.
Limit where programs can be run from so that users can't just grab their favorite torrent client and toss it in their My Documents or home directories.
None of this is entirely perfect, and there is always a usability penalty to some degree, but we haven't had an infection of any kind in over two years.What it comes to is this.
Your AV software is only as good as your users are smart and responsible.
Since users almost always tend towards being irresponsible, and even company policies against loading untested third party software are insufficient, you may be forced to lock down the workstations themselves to such a degree as the number of potential vectors for infection are rather small.
Obviously you can't hope to know the vulnerabilities in approved software (like Internet Explorer), there is still a window for infection, but you make the bulls eye a lot smaller.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566516</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575306</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>Ephemeriis</author>
	<datestamp>1269251940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>So my question is: Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus?</p></div><p>Nope, they're not.</p><p>A firewall attempts to block unsolicited incoming connections to your network.  It will keep somebody from bringing up your shared files and printers from the Internet...  But it doesn't keep you from downloading/installing/running anything.  A firewall really doesn't do a whole lot to protect you against viruses and most malware.</p><p>Antivirus software will attempt to protect you against the stuff it knows about.  New stuff, that arrives before a definition update, isn't going to be detected.  And many viruses and malware are designed to hide from and/or disable antivirus software.  It's very common to see machines with perfectly good antivirus software that are thoroughly riddled with malware of various types.</p><p>Neither a firewall nor antivirus software is going to keep you safe - at least not all by themselves.</p></div>
	</htmltext>
<tokenext>So my question is : Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus ? Nope , they 're not.A firewall attempts to block unsolicited incoming connections to your network .
It will keep somebody from bringing up your shared files and printers from the Internet... But it does n't keep you from downloading/installing/running anything .
A firewall really does n't do a whole lot to protect you against viruses and most malware.Antivirus software will attempt to protect you against the stuff it knows about .
New stuff , that arrives before a definition update , is n't going to be detected .
And many viruses and malware are designed to hide from and/or disable antivirus software .
It 's very common to see machines with perfectly good antivirus software that are thoroughly riddled with malware of various types.Neither a firewall nor antivirus software is going to keep you safe - at least not all by themselves .</tokentext>
<sentencetext>So my question is: Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus?Nope, they're not.A firewall attempts to block unsolicited incoming connections to your network.
It will keep somebody from bringing up your shared files and printers from the Internet...  But it doesn't keep you from downloading/installing/running anything.
A firewall really doesn't do a whole lot to protect you against viruses and most malware.Antivirus software will attempt to protect you against the stuff it knows about.
New stuff, that arrives before a definition update, isn't going to be detected.
And many viruses and malware are designed to hide from and/or disable antivirus software.
It's very common to see machines with perfectly good antivirus software that are thoroughly riddled with malware of various types.Neither a firewall nor antivirus software is going to keep you safe - at least not all by themselves.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568952</id>
	<title>BOOT CD FTW!</title>
	<author>Anonymous</author>
	<datestamp>1269274200000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Make a boot CD / write-locked bootable USB drive that a user can throw into the system.  Can't infect sh!@ with read-only properties and no hard drive (can just disable from BIOS).  The advantage of the write-lockable USB would be the ease of adding programs or other files at the flick of a switch and then re-securing.</p></htmltext>
<tokenext>Make a boot CD / write-locked bootable USB drive that a user can throw into the system .
Ca n't infect sh !
@ with read-only properties and no hard drive ( can just disable from BIOS ) .
The advantage of the write-lockable USB would be the ease of adding programs or other files at the flick of a switch and then re-securing .</tokentext>
<sentencetext>Make a boot CD / write-locked bootable USB drive that a user can throw into the system.
Can't infect sh!
@ with read-only properties and no hard drive (can just disable from BIOS).
The advantage of the write-lockable USB would be the ease of adding programs or other files at the flick of a switch and then re-securing.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568228</id>
	<title>Three simple(ish) things</title>
	<author>CoccoBill</author>
	<datestamp>1269272400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>1. Apply the Principle Of Least Privilege (http://en.wikipedia.org/wiki/Principle\_of\_least\_privilege). Make sure all users have basic user accounts, not admin rights. Most malware runs in the context of the logged on user, if the user account doesn't have access to modify system files or install services, neither will the malware.</p><p>2. Make sure you have working patch management. Install all security updates asap.</p><p>3. Have up-to-date antivirus/antimalware software. Yes, number 3. This is less important the other 2, but still paramount.</p><p>Security is not a state nor a technology, it's a process, and you'll never reach 100\% protection. The above, however, should be (properly implemented) enough for most organizations. Awareness training, NAC/NAP, IDS/IPS, proxies and application layer firewalls etc are all helpful, but those 3 are IMO the essential ones.</p></htmltext>
<tokenext>1 .
Apply the Principle Of Least Privilege ( http : //en.wikipedia.org/wiki/Principle \ _of \ _least \ _privilege ) .
Make sure all users have basic user accounts , not admin rights .
Most malware runs in the context of the logged on user , if the user account does n't have access to modify system files or install services , neither will the malware.2 .
Make sure you have working patch management .
Install all security updates asap.3 .
Have up-to-date antivirus/antimalware software .
Yes , number 3 .
This is less important the other 2 , but still paramount.Security is not a state nor a technology , it 's a process , and you 'll never reach 100 \ % protection .
The above , however , should be ( properly implemented ) enough for most organizations .
Awareness training , NAC/NAP , IDS/IPS , proxies and application layer firewalls etc are all helpful , but those 3 are IMO the essential ones .</tokentext>
<sentencetext>1.
Apply the Principle Of Least Privilege (http://en.wikipedia.org/wiki/Principle\_of\_least\_privilege).
Make sure all users have basic user accounts, not admin rights.
Most malware runs in the context of the logged on user, if the user account doesn't have access to modify system files or install services, neither will the malware.2.
Make sure you have working patch management.
Install all security updates asap.3.
Have up-to-date antivirus/antimalware software.
Yes, number 3.
This is less important the other 2, but still paramount.Security is not a state nor a technology, it's a process, and you'll never reach 100\% protection.
The above, however, should be (properly implemented) enough for most organizations.
Awareness training, NAC/NAP, IDS/IPS, proxies and application layer firewalls etc are all helpful, but those 3 are IMO the essential ones.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568112</id>
	<title>Re:Yeah...</title>
	<author>Svartalf</author>
	<datestamp>1269272100000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>Yes and no.</p><p>In the case of the DoD, I'd be looking closer to the NSA way of doing things than not.  Too much risk of a mission critical piece of data leaking or of some critical infrastructure piece in C-cubed being crippled by other things.  Seriously.</p><p>If you have issues with your users in the context of this- perhaps it's time to re-evaluate your software, hardware, etc.  Ease of use will cause problems with security each and every time.  No, it doesn't need to be complicated- but ease of use will invariably inject exploit paths where you didn't want them.  So, you should only make it as easy as it makes sense to do so in the context of security.  For the DoD, I would have thought the problems they were having with USB thumbs would be a red-flag item for the <em> <b>system</b> </em> choices they're making, but apparently not.</p></htmltext>
<tokenext>Yes and no.In the case of the DoD , I 'd be looking closer to the NSA way of doing things than not .
Too much risk of a mission critical piece of data leaking or of some critical infrastructure piece in C-cubed being crippled by other things .
Seriously.If you have issues with your users in the context of this- perhaps it 's time to re-evaluate your software , hardware , etc .
Ease of use will cause problems with security each and every time .
No , it does n't need to be complicated- but ease of use will invariably inject exploit paths where you did n't want them .
So , you should only make it as easy as it makes sense to do so in the context of security .
For the DoD , I would have thought the problems they were having with USB thumbs would be a red-flag item for the system choices they 're making , but apparently not .</tokentext>
<sentencetext>Yes and no.In the case of the DoD, I'd be looking closer to the NSA way of doing things than not.
Too much risk of a mission critical piece of data leaking or of some critical infrastructure piece in C-cubed being crippled by other things.
Seriously.If you have issues with your users in the context of this- perhaps it's time to re-evaluate your software, hardware, etc.
Ease of use will cause problems with security each and every time.
No, it doesn't need to be complicated- but ease of use will invariably inject exploit paths where you didn't want them.
So, you should only make it as easy as it makes sense to do so in the context of security.
For the DoD, I would have thought the problems they were having with USB thumbs would be a red-flag item for the  system  choices they're making, but apparently not.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566996</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567150</id>
	<title>Re:Yeah...</title>
	<author>Anonymous</author>
	<datestamp>1269269700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>also use a transparent proxy for the web, with a live anti spam and antivirus system plus hostfile based domain blocking, then and centralize all the email on some front-end stripping out all suspicious attachment<br><br>on the client, ban every thing that may have a vulnerability that a policy could not fix (outlook with scripting disabled for example is fine) and for the most part:<br>get an administrator that UNDER NO CIRCUMSTANCE ever allow a user to receive that all-important attachment which the spam filter blocked nor to go to the absolutely essential web page that the proxy is blocking - this will require a STRONG support from management, as user can bitch quite a lot if they perceive that their internet is crippled.<br><br>optionally offer a daily formatted machine \_offline\_ to handle that office files requiring a macro, to be used under supervision with some sort of penalty on those who sneak a virus in there. a 5$ penalty will go thousand miles to make user care about the stuff they do and if the situation is that bad can repay the cost of the dedicated observer.</htmltext>
<tokenext>also use a transparent proxy for the web , with a live anti spam and antivirus system plus hostfile based domain blocking , then and centralize all the email on some front-end stripping out all suspicious attachmenton the client , ban every thing that may have a vulnerability that a policy could not fix ( outlook with scripting disabled for example is fine ) and for the most part : get an administrator that UNDER NO CIRCUMSTANCE ever allow a user to receive that all-important attachment which the spam filter blocked nor to go to the absolutely essential web page that the proxy is blocking - this will require a STRONG support from management , as user can bitch quite a lot if they perceive that their internet is crippled.optionally offer a daily formatted machine \ _offline \ _ to handle that office files requiring a macro , to be used under supervision with some sort of penalty on those who sneak a virus in there .
a 5 $ penalty will go thousand miles to make user care about the stuff they do and if the situation is that bad can repay the cost of the dedicated observer .</tokentext>
<sentencetext>also use a transparent proxy for the web, with a live anti spam and antivirus system plus hostfile based domain blocking, then and centralize all the email on some front-end stripping out all suspicious attachmenton the client, ban every thing that may have a vulnerability that a policy could not fix (outlook with scripting disabled for example is fine) and for the most part:get an administrator that UNDER NO CIRCUMSTANCE ever allow a user to receive that all-important attachment which the spam filter blocked nor to go to the absolutely essential web page that the proxy is blocking - this will require a STRONG support from management, as user can bitch quite a lot if they perceive that their internet is crippled.optionally offer a daily formatted machine \_offline\_ to handle that office files requiring a macro, to be used under supervision with some sort of penalty on those who sneak a virus in there.
a 5$ penalty will go thousand miles to make user care about the stuff they do and if the situation is that bad can repay the cost of the dedicated observer.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569168</id>
	<title>Re:In an ideal world...</title>
	<author>SiChemist</author>
	<datestamp>1269274800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>A big problem with updating Acrobat Reader is that some of our administrative assistants have the full version of Acrobat 8 (or older).  Installing newer versions of Reader can screw up the full version in unpredictable ways.  </p><p>So, then you're left with the question of whether or not to upgrade Acrobat to the latest version and who's going to pay for it?</p></htmltext>
<tokenext>A big problem with updating Acrobat Reader is that some of our administrative assistants have the full version of Acrobat 8 ( or older ) .
Installing newer versions of Reader can screw up the full version in unpredictable ways .
So , then you 're left with the question of whether or not to upgrade Acrobat to the latest version and who 's going to pay for it ?</tokentext>
<sentencetext>A big problem with updating Acrobat Reader is that some of our administrative assistants have the full version of Acrobat 8 (or older).
Installing newer versions of Reader can screw up the full version in unpredictable ways.
So, then you're left with the question of whether or not to upgrade Acrobat to the latest version and who's going to pay for it?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566084</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568636</id>
	<title>Re:Nuke your boxen regularly</title>
	<author>orange47</author>
	<datestamp>1269273420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>  NEVER waste time trying to disinfect a machine - reinstall...</p></div><p>that sounds like admitting defeat to me. the only way to fight the viruses is to know the OS and viruses as much as possible.
 we need advanced tools, like some super disassemblers and those softice things to help us in examining suspicious *.exe files.
(antivirus programs need to be more interactive so that they are harder to defeat by virus)</p></div>
	</htmltext>
<tokenext>NEVER waste time trying to disinfect a machine - reinstall...that sounds like admitting defeat to me .
the only way to fight the viruses is to know the OS and viruses as much as possible .
we need advanced tools , like some super disassemblers and those softice things to help us in examining suspicious * .exe files .
( antivirus programs need to be more interactive so that they are harder to defeat by virus )</tokentext>
<sentencetext>  NEVER waste time trying to disinfect a machine - reinstall...that sounds like admitting defeat to me.
the only way to fight the viruses is to know the OS and viruses as much as possible.
we need advanced tools, like some super disassemblers and those softice things to help us in examining suspicious *.exe files.
(antivirus programs need to be more interactive so that they are harder to defeat by virus)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567084</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569416</id>
	<title>Keep laptops at border.</title>
	<author>Anonymous</author>
	<datestamp>1269275520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>You could have the most shiny brand spankin' new content filtering servers and enterprise class antiviruses, the most strict inbound firewall rules and you could patch your hosts like a fury BUT, if you let a machine go out your perimeter, even for a day, you cannot be sure of what you're welcoming inside your borders.</p></htmltext>
<tokenext>You could have the most shiny brand spankin ' new content filtering servers and enterprise class antiviruses , the most strict inbound firewall rules and you could patch your hosts like a fury BUT , if you let a machine go out your perimeter , even for a day , you can not be sure of what you 're welcoming inside your borders .</tokentext>
<sentencetext>You could have the most shiny brand spankin' new content filtering servers and enterprise class antiviruses, the most strict inbound firewall rules and you could patch your hosts like a fury BUT, if you let a machine go out your perimeter, even for a day, you cannot be sure of what you're welcoming inside your borders.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570792</id>
	<title>Re:XP</title>
	<author>Anonymous</author>
	<datestamp>1269279720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I was allowing a roomie with "alternate preferences" to surf the web on a Vista SP2 computer with updates enabled, user mode, and it'd get so trashed within two weeks not even Google would work.</p></htmltext>
<tokenext>I was allowing a roomie with " alternate preferences " to surf the web on a Vista SP2 computer with updates enabled , user mode , and it 'd get so trashed within two weeks not even Google would work .</tokentext>
<sentencetext>I was allowing a roomie with "alternate preferences" to surf the web on a Vista SP2 computer with updates enabled, user mode, and it'd get so trashed within two weeks not even Google would work.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566062</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571036</id>
	<title>Re:Yeah...</title>
	<author>Creepy</author>
	<datestamp>1269280680000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>From what I heard, the military reversed its policy on <a href="http://en.wikipedia.org/wiki/Secure\_USB\_drive" title="wikipedia.org">SECURED USB</a> [wikipedia.org] drives, but most USB drives are unsecured, which is kinda like having sex without a condom or sharing a needle - the more you do it, the higher chance you'll come down with a disease.  While a secured drive isn't going to guarantee you won't get an infection, it does improve the odds.</p><p>Incidentally, all of the botnet outbreaks at my work that I know of were from people bringing in unsecured rootkit infected USB Fobs, which led to a company-wide ban that still includes secured FOBs.  They've also completely isolated VPN connections so the only way to access the environment is with tools like Remote Desktop Connection or web (e.g. no local file access or printing, which we used to be able to do).  They've also disabled most file sharing programs and remote access programs inside the firewall (ftp, sftp, ssh, telnet, torrents, etc).</p></htmltext>
<tokenext>From what I heard , the military reversed its policy on SECURED USB [ wikipedia.org ] drives , but most USB drives are unsecured , which is kinda like having sex without a condom or sharing a needle - the more you do it , the higher chance you 'll come down with a disease .
While a secured drive is n't going to guarantee you wo n't get an infection , it does improve the odds.Incidentally , all of the botnet outbreaks at my work that I know of were from people bringing in unsecured rootkit infected USB Fobs , which led to a company-wide ban that still includes secured FOBs .
They 've also completely isolated VPN connections so the only way to access the environment is with tools like Remote Desktop Connection or web ( e.g .
no local file access or printing , which we used to be able to do ) .
They 've also disabled most file sharing programs and remote access programs inside the firewall ( ftp , sftp , ssh , telnet , torrents , etc ) .</tokentext>
<sentencetext>From what I heard, the military reversed its policy on SECURED USB [wikipedia.org] drives, but most USB drives are unsecured, which is kinda like having sex without a condom or sharing a needle - the more you do it, the higher chance you'll come down with a disease.
While a secured drive isn't going to guarantee you won't get an infection, it does improve the odds.Incidentally, all of the botnet outbreaks at my work that I know of were from people bringing in unsecured rootkit infected USB Fobs, which led to a company-wide ban that still includes secured FOBs.
They've also completely isolated VPN connections so the only way to access the environment is with tools like Remote Desktop Connection or web (e.g.
no local file access or printing, which we used to be able to do).
They've also disabled most file sharing programs and remote access programs inside the firewall (ftp, sftp, ssh, telnet, torrents, etc).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566996</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566866</id>
	<title>Security Policy and People.</title>
	<author>Anonymous</author>
	<datestamp>1269268920000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>What antivirus system and what firewall rules? What security policys? And more the important, how the people were trainend. If you ask someone to type the root/admin password, probaly they will.</p><p>Anti-virus, try a good one, not necessarely a free one.<br>Firewall must be configured by application and user, not by port.<br>Group Policys must be used, users must not be authorized to run any software out of the whitelist.<br>People must be trained. Culture takes time to change. You will not solve this with software and appliances only.<br>(Block China and Russia IPs if possble)</p></htmltext>
<tokenext>What antivirus system and what firewall rules ?
What security policys ?
And more the important , how the people were trainend .
If you ask someone to type the root/admin password , probaly they will.Anti-virus , try a good one , not necessarely a free one.Firewall must be configured by application and user , not by port.Group Policys must be used , users must not be authorized to run any software out of the whitelist.People must be trained .
Culture takes time to change .
You will not solve this with software and appliances only .
( Block China and Russia IPs if possble )</tokentext>
<sentencetext>What antivirus system and what firewall rules?
What security policys?
And more the important, how the people were trainend.
If you ask someone to type the root/admin password, probaly they will.Anti-virus, try a good one, not necessarely a free one.Firewall must be configured by application and user, not by port.Group Policys must be used, users must not be authorized to run any software out of the whitelist.People must be trained.
Culture takes time to change.
You will not solve this with software and appliances only.
(Block China and Russia IPs if possble)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567522</id>
	<title>Layered Security Approach...</title>
	<author>jonnyboy3us</author>
	<datestamp>1269270600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>While Antivirus and a well setup firewall can help, I've found as a sysadmin that there are additional layers that need to be applied.  We also use Content Filters to block out any unwanted malicious sites, porn and other sites we need to block.  While I use Websense at work as an in-line filter, I setup Opendns at home and on home user's computers to cut most malicious websites off at the knees.

We also employ an off-site email scanning service to scan our emails before they hit our internal email server.  Once email hits the server, then it gets scanned again.  All computers have are locked down and we utilize LANDesk for Malware and Patch Updates / Security Vulnerability scanning.  Of course, Altiris works well too as well as MS System Center.

Having a layered approach tends to mitigate most problems.  Some do get through, but the computer immediately gets re-imaged.  All User Files are stored on a central server.  The computers themselves are as 'dumb' as I can make them and thus, easy to fix.

Of course, you can't avoid everything.  However, many solutions exist and are very low cost to implement if needed.  A decent home stack would be:

Anti-Virus (Sophos, Kaspersky, yada, yada)
Malware Detection (Adaware, Spybot, etc.)
Content-Filter (aka opendns or k9 webprotection)
Backup (aka mozy or carbonite)
Online Email (aka gmail, yahoo, etc.)
Baseline Image (...)
Ad-block, Flashblock and Firefox...  Sorry Slashdot...

There are many choices available.  Many of them work very well.  While this won't mitigate all attacks, it will minimize them quite a bit.  As long as folks don't intentionally break them...<nobr> <wbr></nobr>:)

Hope this helps.</htmltext>
<tokenext>While Antivirus and a well setup firewall can help , I 've found as a sysadmin that there are additional layers that need to be applied .
We also use Content Filters to block out any unwanted malicious sites , porn and other sites we need to block .
While I use Websense at work as an in-line filter , I setup Opendns at home and on home user 's computers to cut most malicious websites off at the knees .
We also employ an off-site email scanning service to scan our emails before they hit our internal email server .
Once email hits the server , then it gets scanned again .
All computers have are locked down and we utilize LANDesk for Malware and Patch Updates / Security Vulnerability scanning .
Of course , Altiris works well too as well as MS System Center .
Having a layered approach tends to mitigate most problems .
Some do get through , but the computer immediately gets re-imaged .
All User Files are stored on a central server .
The computers themselves are as 'dumb ' as I can make them and thus , easy to fix .
Of course , you ca n't avoid everything .
However , many solutions exist and are very low cost to implement if needed .
A decent home stack would be : Anti-Virus ( Sophos , Kaspersky , yada , yada ) Malware Detection ( Adaware , Spybot , etc .
) Content-Filter ( aka opendns or k9 webprotection ) Backup ( aka mozy or carbonite ) Online Email ( aka gmail , yahoo , etc .
) Baseline Image ( ... ) Ad-block , Flashblock and Firefox... Sorry Slashdot.. . There are many choices available .
Many of them work very well .
While this wo n't mitigate all attacks , it will minimize them quite a bit .
As long as folks do n't intentionally break them... : ) Hope this helps .</tokentext>
<sentencetext>While Antivirus and a well setup firewall can help, I've found as a sysadmin that there are additional layers that need to be applied.
We also use Content Filters to block out any unwanted malicious sites, porn and other sites we need to block.
While I use Websense at work as an in-line filter, I setup Opendns at home and on home user's computers to cut most malicious websites off at the knees.
We also employ an off-site email scanning service to scan our emails before they hit our internal email server.
Once email hits the server, then it gets scanned again.
All computers have are locked down and we utilize LANDesk for Malware and Patch Updates / Security Vulnerability scanning.
Of course, Altiris works well too as well as MS System Center.
Having a layered approach tends to mitigate most problems.
Some do get through, but the computer immediately gets re-imaged.
All User Files are stored on a central server.
The computers themselves are as 'dumb' as I can make them and thus, easy to fix.
Of course, you can't avoid everything.
However, many solutions exist and are very low cost to implement if needed.
A decent home stack would be:

Anti-Virus (Sophos, Kaspersky, yada, yada)
Malware Detection (Adaware, Spybot, etc.
)
Content-Filter (aka opendns or k9 webprotection)
Backup (aka mozy or carbonite)
Online Email (aka gmail, yahoo, etc.
)
Baseline Image (...)
Ad-block, Flashblock and Firefox...  Sorry Slashdot...

There are many choices available.
Many of them work very well.
While this won't mitigate all attacks, it will minimize them quite a bit.
As long as folks don't intentionally break them... :)

Hope this helps.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566024</id>
	<title>educate</title>
	<author>orange47</author>
	<datestamp>1269266520000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext>teach all the workers about security. disable autorun on all machines. dont let them run as admins. use noscript and adblock and foxit (or similar). update windows and AV regularly...</htmltext>
<tokenext>teach all the workers about security .
disable autorun on all machines .
dont let them run as admins .
use noscript and adblock and foxit ( or similar ) .
update windows and AV regularly.. .</tokentext>
<sentencetext>teach all the workers about security.
disable autorun on all machines.
dont let them run as admins.
use noscript and adblock and foxit (or similar).
update windows and AV regularly...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566010</id>
	<title>whitelist</title>
	<author>Anonymous</author>
	<datestamp>1269266400000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>Run a program that only allows whitelisted applications, and block all removable media. It's the only way you can be absolutely certain there is nothing running on your network that shouldn't be there.

<a href="http://en.wikipedia.org/wiki/Whitelist#Application\_whitelists" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Whitelist#Application\_whitelists</a> [wikipedia.org]</htmltext>
<tokenext>Run a program that only allows whitelisted applications , and block all removable media .
It 's the only way you can be absolutely certain there is nothing running on your network that should n't be there .
http : //en.wikipedia.org/wiki/Whitelist # Application \ _whitelists [ wikipedia.org ]</tokentext>
<sentencetext>Run a program that only allows whitelisted applications, and block all removable media.
It's the only way you can be absolutely certain there is nothing running on your network that shouldn't be there.
http://en.wikipedia.org/wiki/Whitelist#Application\_whitelists [wikipedia.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570956</id>
	<title>Good network security rely on many tools...</title>
	<author>Anonymous</author>
	<datestamp>1269280380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Having an antivirus and a firewall is basic network security.  Many worms know how to bypas those protections, turn them off and make their dirty work...  To have good security you need :<br>1-Antivirus<br>2-Firewall<br>3-Network traffic log facility (really really important!!!)<br>4-IDS/IPS<br>5-Good computer technician with good security knowledge(it's often the weakest link)<br>6-Network and workstations restrictions (allow only what needed for work, no less, no more)</p><p>If any of that fails, well you are in great danger.  Computer worm are nasty, they often steal information about your customers, your user credentials, your network infrastructure... They also tend to infect other computer on network, USB drive (those thing should be ban on your workstations, unless absolutely needed).</p></htmltext>
<tokenext>Having an antivirus and a firewall is basic network security .
Many worms know how to bypas those protections , turn them off and make their dirty work... To have good security you need : 1-Antivirus2-Firewall3-Network traffic log facility ( really really important ! ! !
) 4-IDS/IPS5-Good computer technician with good security knowledge ( it 's often the weakest link ) 6-Network and workstations restrictions ( allow only what needed for work , no less , no more ) If any of that fails , well you are in great danger .
Computer worm are nasty , they often steal information about your customers , your user credentials , your network infrastructure... They also tend to infect other computer on network , USB drive ( those thing should be ban on your workstations , unless absolutely needed ) .</tokentext>
<sentencetext>Having an antivirus and a firewall is basic network security.
Many worms know how to bypas those protections, turn them off and make their dirty work...  To have good security you need :1-Antivirus2-Firewall3-Network traffic log facility (really really important!!!
)4-IDS/IPS5-Good computer technician with good security knowledge(it's often the weakest link)6-Network and workstations restrictions (allow only what needed for work, no less, no more)If any of that fails, well you are in great danger.
Computer worm are nasty, they often steal information about your customers, your user credentials, your network infrastructure... They also tend to infect other computer on network, USB drive (those thing should be ban on your workstations, unless absolutely needed).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566772</id>
	<title>all you have to do is ...</title>
	<author>Anonymous</author>
	<datestamp>1269268680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>install gentoo</p></htmltext>
<tokenext>install gentoo</tokentext>
<sentencetext>install gentoo</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570334</id>
	<title>Time to do some detective/analysis work..</title>
	<author>digital photo</author>
	<datestamp>1269278280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>or in your case, some additional work. Sounds like you guys already have put in alot of effort.</p><p>So, look at the two boxes that are compromised and determine what technical and social aspects failed in your overall policies and runbooks.</p><p>Was it a new exploit that you couldn't have blocked? Was someone infected at home, and brought the infection to work? Was it a case of mobile device infecting desktop systems? Etc.</p><p>The only 100\% system that cannot be infected is one that is completely powered off and cutoff from human and non-human contact. So, there will always be some risk with networked devices being actively used.</p><p>Realizing that switching OS(s) might not be feasible, other folks' suggestions for state locking desktop computers is a good idea.</p><p>Another possibility is to virtualize your desktops with something like VMware's VDI(Virtual desktop infrastructure) or Citrix's virtual desktop offerings. You can restrict the activity of the port on the physical machine the user is using. This also has the added benefit of virtual machine snapshots automatically occuring at regular intervals and/or mass upgrade/backup of company data that normally resides on the physical desktop machine.</p><p>However, even those solutions can fail. So, it's a calculated risk.</p><p>In the end, the fact that you only had 2 machines compromised and it did not spread like wlidfire, is a good sign that you have good controls in place. Just reassess your controls and make the necessary adjustments to close the loophole or lapse in judgement that occured.</p><p>It's alot like an ongoing war. No matter how well equip'd your army and no matter how numerous your defenses, you will suffer casualties, eventually.</p></htmltext>
<tokenext>or in your case , some additional work .
Sounds like you guys already have put in alot of effort.So , look at the two boxes that are compromised and determine what technical and social aspects failed in your overall policies and runbooks.Was it a new exploit that you could n't have blocked ?
Was someone infected at home , and brought the infection to work ?
Was it a case of mobile device infecting desktop systems ?
Etc.The only 100 \ % system that can not be infected is one that is completely powered off and cutoff from human and non-human contact .
So , there will always be some risk with networked devices being actively used.Realizing that switching OS ( s ) might not be feasible , other folks ' suggestions for state locking desktop computers is a good idea.Another possibility is to virtualize your desktops with something like VMware 's VDI ( Virtual desktop infrastructure ) or Citrix 's virtual desktop offerings .
You can restrict the activity of the port on the physical machine the user is using .
This also has the added benefit of virtual machine snapshots automatically occuring at regular intervals and/or mass upgrade/backup of company data that normally resides on the physical desktop machine.However , even those solutions can fail .
So , it 's a calculated risk.In the end , the fact that you only had 2 machines compromised and it did not spread like wlidfire , is a good sign that you have good controls in place .
Just reassess your controls and make the necessary adjustments to close the loophole or lapse in judgement that occured.It 's alot like an ongoing war .
No matter how well equip 'd your army and no matter how numerous your defenses , you will suffer casualties , eventually .</tokentext>
<sentencetext>or in your case, some additional work.
Sounds like you guys already have put in alot of effort.So, look at the two boxes that are compromised and determine what technical and social aspects failed in your overall policies and runbooks.Was it a new exploit that you couldn't have blocked?
Was someone infected at home, and brought the infection to work?
Was it a case of mobile device infecting desktop systems?
Etc.The only 100\% system that cannot be infected is one that is completely powered off and cutoff from human and non-human contact.
So, there will always be some risk with networked devices being actively used.Realizing that switching OS(s) might not be feasible, other folks' suggestions for state locking desktop computers is a good idea.Another possibility is to virtualize your desktops with something like VMware's VDI(Virtual desktop infrastructure) or Citrix's virtual desktop offerings.
You can restrict the activity of the port on the physical machine the user is using.
This also has the added benefit of virtual machine snapshots automatically occuring at regular intervals and/or mass upgrade/backup of company data that normally resides on the physical desktop machine.However, even those solutions can fail.
So, it's a calculated risk.In the end, the fact that you only had 2 machines compromised and it did not spread like wlidfire, is a good sign that you have good controls in place.
Just reassess your controls and make the necessary adjustments to close the loophole or lapse in judgement that occured.It's alot like an ongoing war.
No matter how well equip'd your army and no matter how numerous your defenses, you will suffer casualties, eventually.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566048</id>
	<title>block some email attachments and facebook</title>
	<author>Anonymous</author>
	<datestamp>1269266580000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>where i work we've been blocking a long list of email attachments like exe's and others. few years ago we also started blocking facebook.</p><p>
&nbsp; i set it up years ago and don't remember myself. we're all windows and have never been zombified. you can buy all the firewalls you want, but in the end it's still idiots clicking on everything in every email and every link they get sent over facebook and twitter</p></htmltext>
<tokenext>where i work we 've been blocking a long list of email attachments like exe 's and others .
few years ago we also started blocking facebook .
  i set it up years ago and do n't remember myself .
we 're all windows and have never been zombified .
you can buy all the firewalls you want , but in the end it 's still idiots clicking on everything in every email and every link they get sent over facebook and twitter</tokentext>
<sentencetext>where i work we've been blocking a long list of email attachments like exe's and others.
few years ago we also started blocking facebook.
  i set it up years ago and don't remember myself.
we're all windows and have never been zombified.
you can buy all the firewalls you want, but in the end it's still idiots clicking on everything in every email and every link they get sent over facebook and twitter</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571124</id>
	<title>Administrator Privileges</title>
	<author>juancnuno</author>
	<datestamp>1269280920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Stop. Running. With. Administrator. Privileges. By. Default.</htmltext>
<tokenext>Stop .
Running. With .
Administrator. Privileges .
By. Default .</tokentext>
<sentencetext>Stop.
Running. With.
Administrator. Privileges.
By. Default.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569252</id>
	<title>Re:Yeah...</title>
	<author>cbiltcliffe</author>
	<datestamp>1269275040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>But cars became so easy that any Joe Public could drive them</p></div><p>And I have a bridge to sell you.</p><p>Any Joe Public can drive a car, yes.  But they certainly can't do it safely, which is why traffic accidents is probably the single biggest killer of otherwise healthy people.  It even beats out a lot of diseases for mortality rates.</p><p>It takes a trained expert to drive safely (meaning - accident free), and it takes a trained expert to use a computer safely, too.</p></div>
	</htmltext>
<tokenext>But cars became so easy that any Joe Public could drive themAnd I have a bridge to sell you.Any Joe Public can drive a car , yes .
But they certainly ca n't do it safely , which is why traffic accidents is probably the single biggest killer of otherwise healthy people .
It even beats out a lot of diseases for mortality rates.It takes a trained expert to drive safely ( meaning - accident free ) , and it takes a trained expert to use a computer safely , too .</tokentext>
<sentencetext>But cars became so easy that any Joe Public could drive themAnd I have a bridge to sell you.Any Joe Public can drive a car, yes.
But they certainly can't do it safely, which is why traffic accidents is probably the single biggest killer of otherwise healthy people.
It even beats out a lot of diseases for mortality rates.It takes a trained expert to drive safely (meaning - accident free), and it takes a trained expert to use a computer safely, too.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567312</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566224</id>
	<title>Different browser, restrictive configuration</title>
	<author>Anonymous</author>
	<datestamp>1269267240000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Block ads as much as you can: Ad networks are an attack vector. Disable scripting if you can or whitelist the scripts you can't do without. No Flash, Quicktime, or Acrobat plugins. Use an alternative PDF viewer for downloaded PDFs. Disable scripting in the PDF viewer as well. Filter active email content on the server, use a local email client other than Outlook, disable all scripting and network access except to your local email server. Keep your systems and applications (!) updated, disable unnecessary services, especially those which open network sockets. Don't do stupid things.</p></htmltext>
<tokenext>Block ads as much as you can : Ad networks are an attack vector .
Disable scripting if you can or whitelist the scripts you ca n't do without .
No Flash , Quicktime , or Acrobat plugins .
Use an alternative PDF viewer for downloaded PDFs .
Disable scripting in the PDF viewer as well .
Filter active email content on the server , use a local email client other than Outlook , disable all scripting and network access except to your local email server .
Keep your systems and applications ( !
) updated , disable unnecessary services , especially those which open network sockets .
Do n't do stupid things .</tokentext>
<sentencetext>Block ads as much as you can: Ad networks are an attack vector.
Disable scripting if you can or whitelist the scripts you can't do without.
No Flash, Quicktime, or Acrobat plugins.
Use an alternative PDF viewer for downloaded PDFs.
Disable scripting in the PDF viewer as well.
Filter active email content on the server, use a local email client other than Outlook, disable all scripting and network access except to your local email server.
Keep your systems and applications (!
) updated, disable unnecessary services, especially those which open network sockets.
Don't do stupid things.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31572612</id>
	<title>Re:Is it really necessary to ask?</title>
	<author>Lord Ender</author>
	<datestamp>1269285120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Your post is written like someone who has never even tried to implement security. Let me guess: you're a sales guy?</p><p>Take away admin rights and you stop SOME but not ALL malware. And you stop people from actually getting WORK DONE. Are you going to let them use your computer when they need to run an app which only works as admin?</p><p>The rest of your list is similarly vapid and worthless.</p></htmltext>
<tokenext>Your post is written like someone who has never even tried to implement security .
Let me guess : you 're a sales guy ? Take away admin rights and you stop SOME but not ALL malware .
And you stop people from actually getting WORK DONE .
Are you going to let them use your computer when they need to run an app which only works as admin ? The rest of your list is similarly vapid and worthless .</tokentext>
<sentencetext>Your post is written like someone who has never even tried to implement security.
Let me guess: you're a sales guy?Take away admin rights and you stop SOME but not ALL malware.
And you stop people from actually getting WORK DONE.
Are you going to let them use your computer when they need to run an app which only works as admin?The rest of your list is similarly vapid and worthless.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566146</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566210</id>
	<title>Suggestions</title>
	<author>Anonymous</author>
	<datestamp>1269267180000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>A few suggestions from my experience as a technician:</p><ul>
<li>Keep vulnerable programs off of your base image.  We saw infections go down dramatically after removing Java and replacing Adobe Acrobat Reader with something else.</li><li>Uninstall Internet Explorer if you can.  Unless you're running Window 7, the easiest way to "uninstall" it is change the permissions on iexplore.exe to Deny for the Everyone account.</li><li>Lock down computers as much as you can with Group Policy, especially if you have a Windows Server infrastructure.</li><li>If you can, deploy Windows Steady State if you're using XP or purchase Faronics DeepFreeze.  They're both ways of preventing permanent changes to your base image (installation of programs, modification of files) by users.  If a Frozen machine gets infected, reboot it.</li><li>Don't license McAfee.  It's worthless.</li></ul></htmltext>
<tokenext>A few suggestions from my experience as a technician : Keep vulnerable programs off of your base image .
We saw infections go down dramatically after removing Java and replacing Adobe Acrobat Reader with something else.Uninstall Internet Explorer if you can .
Unless you 're running Window 7 , the easiest way to " uninstall " it is change the permissions on iexplore.exe to Deny for the Everyone account.Lock down computers as much as you can with Group Policy , especially if you have a Windows Server infrastructure.If you can , deploy Windows Steady State if you 're using XP or purchase Faronics DeepFreeze .
They 're both ways of preventing permanent changes to your base image ( installation of programs , modification of files ) by users .
If a Frozen machine gets infected , reboot it.Do n't license McAfee .
It 's worthless .</tokentext>
<sentencetext>A few suggestions from my experience as a technician:
Keep vulnerable programs off of your base image.
We saw infections go down dramatically after removing Java and replacing Adobe Acrobat Reader with something else.Uninstall Internet Explorer if you can.
Unless you're running Window 7, the easiest way to "uninstall" it is change the permissions on iexplore.exe to Deny for the Everyone account.Lock down computers as much as you can with Group Policy, especially if you have a Windows Server infrastructure.If you can, deploy Windows Steady State if you're using XP or purchase Faronics DeepFreeze.
They're both ways of preventing permanent changes to your base image (installation of programs, modification of files) by users.
If a Frozen machine gets infected, reboot it.Don't license McAfee.
It's worthless.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568492</id>
	<title>Re:Identify the people responsible, sack and sue t</title>
	<author>Anonymous</author>
	<datestamp>1269273060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Good luck firing your CEO for being a computer-illiterate idiot.</p><p>If that worked, half of all executives would be out of a job.</p></htmltext>
<tokenext>Good luck firing your CEO for being a computer-illiterate idiot.If that worked , half of all executives would be out of a job .</tokentext>
<sentencetext>Good luck firing your CEO for being a computer-illiterate idiot.If that worked, half of all executives would be out of a job.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566282</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312</id>
	<title>I hope Taco doesn't work in IT</title>
	<author>Anonymous</author>
	<datestamp>1269267420000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>I'd suggest port blocking 80 for any computer that is detected running a web browser, but that might prevent some percentage of legitimate work.</i></p><p>Do you mean web *server*?</p><p>The vast, vast, vast majority of companies are going to need port 80 (and 443) opened. I don't know the last time you stepped into a corporate environment, Taco, but that's how you do your timecard, put your vacation time on the calendar, sometimes how you answer email even.</p></htmltext>
<tokenext>I 'd suggest port blocking 80 for any computer that is detected running a web browser , but that might prevent some percentage of legitimate work.Do you mean web * server * ? The vast , vast , vast majority of companies are going to need port 80 ( and 443 ) opened .
I do n't know the last time you stepped into a corporate environment , Taco , but that 's how you do your timecard , put your vacation time on the calendar , sometimes how you answer email even .</tokentext>
<sentencetext>I'd suggest port blocking 80 for any computer that is detected running a web browser, but that might prevent some percentage of legitimate work.Do you mean web *server*?The vast, vast, vast majority of companies are going to need port 80 (and 443) opened.
I don't know the last time you stepped into a corporate environment, Taco, but that's how you do your timecard, put your vacation time on the calendar, sometimes how you answer email even.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567066</id>
	<title>Offhand...</title>
	<author>sjanich</author>
	<datestamp>1269269460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>1) Only Allow web browsing through an http/https/ftp proxy server(s). The proxy server(s) should include anti-botnet blacklist and be logically have a network firewall between it and the internet..</p><p>2) No open direct connections from the internal network to the internet in general by workstations.</p><p>3) Don't allow non-corporate workstations on the Corporate LAN. The corp shoudl have a guest LAN that includes internet access for guest and personal devices of employees.</p><p>4) Corporate workstations must have up-to-date AV to connect to the Corp LAN (force them to the guest network otherwise and issue an alert).</p><p>5) Don't allow users the rights to install software (but have a robust User Tech Support organization that can quickly test and push out ok'd software to workstations).</p><p>6) Have and actually monitor logs from egress filters on the network firewalls.</p></htmltext>
<tokenext>1 ) Only Allow web browsing through an http/https/ftp proxy server ( s ) .
The proxy server ( s ) should include anti-botnet blacklist and be logically have a network firewall between it and the internet..2 ) No open direct connections from the internal network to the internet in general by workstations.3 ) Do n't allow non-corporate workstations on the Corporate LAN .
The corp shoudl have a guest LAN that includes internet access for guest and personal devices of employees.4 ) Corporate workstations must have up-to-date AV to connect to the Corp LAN ( force them to the guest network otherwise and issue an alert ) .5 ) Do n't allow users the rights to install software ( but have a robust User Tech Support organization that can quickly test and push out ok 'd software to workstations ) .6 ) Have and actually monitor logs from egress filters on the network firewalls .</tokentext>
<sentencetext>1) Only Allow web browsing through an http/https/ftp proxy server(s).
The proxy server(s) should include anti-botnet blacklist and be logically have a network firewall between it and the internet..2) No open direct connections from the internal network to the internet in general by workstations.3) Don't allow non-corporate workstations on the Corporate LAN.
The corp shoudl have a guest LAN that includes internet access for guest and personal devices of employees.4) Corporate workstations must have up-to-date AV to connect to the Corp LAN (force them to the guest network otherwise and issue an alert).5) Don't allow users the rights to install software (but have a robust User Tech Support organization that can quickly test and push out ok'd software to workstations).6) Have and actually monitor logs from egress filters on the network firewalls.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31572738</id>
	<title>Re:Simple</title>
	<author>Lord Ender</author>
	<datestamp>1269285540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Best of all, most of that stuff stops working when they take their laptops home and let their kids play with them!</p></htmltext>
<tokenext>Best of all , most of that stuff stops working when they take their laptops home and let their kids play with them !</tokentext>
<sentencetext>Best of all, most of that stuff stops working when they take their laptops home and let their kids play with them!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566488</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568742</id>
	<title>Re:Admin permissions</title>
	<author>Jenming</author>
	<datestamp>1269273720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p> Maybe set up a local admin, that the users know the password for, but let them do their daily work as restricted users.</p><p>Thats a very good suggestion. It lets users do what they need for their job, provides accountability and blocks stupid stuff.</p></htmltext>
<tokenext>Maybe set up a local admin , that the users know the password for , but let them do their daily work as restricted users.Thats a very good suggestion .
It lets users do what they need for their job , provides accountability and blocks stupid stuff .</tokentext>
<sentencetext> Maybe set up a local admin, that the users know the password for, but let them do their daily work as restricted users.Thats a very good suggestion.
It lets users do what they need for their job, provides accountability and blocks stupid stuff.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566340</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567960</id>
	<title>Re:Yeah...</title>
	<author>Svartalf</author>
	<datestamp>1269271680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You know...they don't need this sort of crap on their Linux and Solaris boxes...</p></htmltext>
<tokenext>You know...they do n't need this sort of crap on their Linux and Solaris boxes.. .</tokentext>
<sentencetext>You know...they don't need this sort of crap on their Linux and Solaris boxes...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570918</id>
	<title>Re:I hope Taco doesn't work in IT</title>
	<author>Anonymous</author>
	<datestamp>1269280260000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I think your sarcasm detector is broken.</p></htmltext>
<tokenext>I think your sarcasm detector is broken .</tokentext>
<sentencetext>I think your sarcasm detector is broken.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566996</id>
	<title>Re:Yeah...</title>
	<author>ZeroPly</author>
	<datestamp>1269269220000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>The military has reversed its policy on USB drives - because quite frankly it was throwing out the baby with the bathwater. The restriction was actually preventing work from getting done, a lot of times at my unit we would leave at 3:30pm instead of finishing a project because we had no way to move files from a laptop that was not on the network to one of our machines, and IT help was not available. You're talking about millions of hours of worker productivity lost because IT could not figure out a way to make one of the most useful technologies safe. The USB restriction is precisely the way NOT to conduct security - unless you're lazy and don't care much about your users actually work.</p><p>IT people make the common mistake of "the NSA does it that way" + "the NSA is very secure" = "this is a secure way of doing it". You're not the NSA. Look at your users first and tailor the solution around them.</p><p>There is no quick answer to this. You can't ask "how to do I prevent bot infections?" any more than you can ask "how can I keep my body healthy?" It's just too general a question. The solution is going to involve assessment of your particular situation, and the combination of the appropriate products and policies.</p></htmltext>
<tokenext>The military has reversed its policy on USB drives - because quite frankly it was throwing out the baby with the bathwater .
The restriction was actually preventing work from getting done , a lot of times at my unit we would leave at 3 : 30pm instead of finishing a project because we had no way to move files from a laptop that was not on the network to one of our machines , and IT help was not available .
You 're talking about millions of hours of worker productivity lost because IT could not figure out a way to make one of the most useful technologies safe .
The USB restriction is precisely the way NOT to conduct security - unless you 're lazy and do n't care much about your users actually work.IT people make the common mistake of " the NSA does it that way " + " the NSA is very secure " = " this is a secure way of doing it " .
You 're not the NSA .
Look at your users first and tailor the solution around them.There is no quick answer to this .
You ca n't ask " how to do I prevent bot infections ?
" any more than you can ask " how can I keep my body healthy ?
" It 's just too general a question .
The solution is going to involve assessment of your particular situation , and the combination of the appropriate products and policies .</tokentext>
<sentencetext>The military has reversed its policy on USB drives - because quite frankly it was throwing out the baby with the bathwater.
The restriction was actually preventing work from getting done, a lot of times at my unit we would leave at 3:30pm instead of finishing a project because we had no way to move files from a laptop that was not on the network to one of our machines, and IT help was not available.
You're talking about millions of hours of worker productivity lost because IT could not figure out a way to make one of the most useful technologies safe.
The USB restriction is precisely the way NOT to conduct security - unless you're lazy and don't care much about your users actually work.IT people make the common mistake of "the NSA does it that way" + "the NSA is very secure" = "this is a secure way of doing it".
You're not the NSA.
Look at your users first and tailor the solution around them.There is no quick answer to this.
You can't ask "how to do I prevent bot infections?
" any more than you can ask "how can I keep my body healthy?
" It's just too general a question.
The solution is going to involve assessment of your particular situation, and the combination of the appropriate products and policies.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567246</id>
	<title>Re:Identify the people responsible, sack and sue t</title>
	<author>Kaboom13</author>
	<datestamp>1269269880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'm sure the best and brightest in your field will be knocking down your door when you develop a reputation for suing your own employees with frivolous lawsuits.  No court is going to hold a non-technical employee liable for getting an infection, especially if they didn't intentionally break established IT policy you made them agree to and trained them on.  If they did break policy, you can probably fire them without worrying to much about wrongful termination suits, although it might vary from state to state.  Getting damages is just a pipe dream though, employees are not responsible for damage from accidents, generally even if they were negligent.</p></htmltext>
<tokenext>I 'm sure the best and brightest in your field will be knocking down your door when you develop a reputation for suing your own employees with frivolous lawsuits .
No court is going to hold a non-technical employee liable for getting an infection , especially if they did n't intentionally break established IT policy you made them agree to and trained them on .
If they did break policy , you can probably fire them without worrying to much about wrongful termination suits , although it might vary from state to state .
Getting damages is just a pipe dream though , employees are not responsible for damage from accidents , generally even if they were negligent .</tokentext>
<sentencetext>I'm sure the best and brightest in your field will be knocking down your door when you develop a reputation for suing your own employees with frivolous lawsuits.
No court is going to hold a non-technical employee liable for getting an infection, especially if they didn't intentionally break established IT policy you made them agree to and trained them on.
If they did break policy, you can probably fire them without worrying to much about wrongful termination suits, although it might vary from state to state.
Getting damages is just a pipe dream though, employees are not responsible for damage from accidents, generally even if they were negligent.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566282</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566062</id>
	<title>XP</title>
	<author>Anonymous</author>
	<datestamp>1269266640000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>Let me guess, all the computers are using xp. I work at a computer repair depot and i see alot of this on XP computers and rarely on vista/Windows 7 with uac turned on *sure its a pain but once everything is installed the user should never even see uac pop up. But i would guess if anything the computers are out of date for their OS patchs</p></htmltext>
<tokenext>Let me guess , all the computers are using xp .
I work at a computer repair depot and i see alot of this on XP computers and rarely on vista/Windows 7 with uac turned on * sure its a pain but once everything is installed the user should never even see uac pop up .
But i would guess if anything the computers are out of date for their OS patchs</tokentext>
<sentencetext>Let me guess, all the computers are using xp.
I work at a computer repair depot and i see alot of this on XP computers and rarely on vista/Windows 7 with uac turned on *sure its a pain but once everything is installed the user should never even see uac pop up.
But i would guess if anything the computers are out of date for their OS patchs</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31572892</id>
	<title>Re:Yeah...</title>
	<author>thedletterman</author>
	<datestamp>1269286200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>A much better suggestion is to not allow flash to be installed. There are critical security vulnerabilities in like the last 100 versions of flash. Having the "latest patched version" doesn't make you much safer when new 0-day flash exploits are constantly being discovered.</htmltext>
<tokenext>A much better suggestion is to not allow flash to be installed .
There are critical security vulnerabilities in like the last 100 versions of flash .
Having the " latest patched version " does n't make you much safer when new 0-day flash exploits are constantly being discovered .</tokentext>
<sentencetext>A much better suggestion is to not allow flash to be installed.
There are critical security vulnerabilities in like the last 100 versions of flash.
Having the "latest patched version" doesn't make you much safer when new 0-day flash exploits are constantly being discovered.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31580000</id>
	<title>Re:Yeah...</title>
	<author>Anonymous</author>
	<datestamp>1269285480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>an interesting idea I saw - to format flash drives into NTFS and create autorun.inf with deny everyone permissions. If people's own flashes will be formatted so, it'll prevent some virus transmissions.</p></htmltext>
<tokenext>an interesting idea I saw - to format flash drives into NTFS and create autorun.inf with deny everyone permissions .
If people 's own flashes will be formatted so , it 'll prevent some virus transmissions .</tokentext>
<sentencetext>an interesting idea I saw - to format flash drives into NTFS and create autorun.inf with deny everyone permissions.
If people's own flashes will be formatted so, it'll prevent some virus transmissions.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566996</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567494</id>
	<title>Run OSX</title>
	<author>Graham J - XVI</author>
	<datestamp>1269270480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Nuff said.</p></htmltext>
<tokenext>Nuff said .</tokentext>
<sentencetext>Nuff said.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570290</id>
	<title>analogy</title>
	<author>Max\_W</author>
	<datestamp>1269278100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>How protect oneself with a helmet and bullet-resistant west?</p><p>No matter what brand one uses still a criminal can aim at an unprotected area between helmet and vest. Or use an RPG.</p><p>The same, it is not possible to protect only with passive technological means. Speaking figuratively, a shield alone is not enough. There should be a sword too.</p><p>In this case it should be an active law-enforcement by government agencies. Bot-net operators should be placed in prisons, where they could obtain a profession, read fiction books, like, say, "Crime and Punishment", but not programming books, and not to have an access to computers at least for several years.</p><p>
&nbsp;</p></htmltext>
<tokenext>How protect oneself with a helmet and bullet-resistant west ? No matter what brand one uses still a criminal can aim at an unprotected area between helmet and vest .
Or use an RPG.The same , it is not possible to protect only with passive technological means .
Speaking figuratively , a shield alone is not enough .
There should be a sword too.In this case it should be an active law-enforcement by government agencies .
Bot-net operators should be placed in prisons , where they could obtain a profession , read fiction books , like , say , " Crime and Punishment " , but not programming books , and not to have an access to computers at least for several years .
 </tokentext>
<sentencetext>How protect oneself with a helmet and bullet-resistant west?No matter what brand one uses still a criminal can aim at an unprotected area between helmet and vest.
Or use an RPG.The same, it is not possible to protect only with passive technological means.
Speaking figuratively, a shield alone is not enough.
There should be a sword too.In this case it should be an active law-enforcement by government agencies.
Bot-net operators should be placed in prisons, where they could obtain a profession, read fiction books, like, say, "Crime and Punishment", but not programming books, and not to have an access to computers at least for several years.
 </sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566340</id>
	<title>Admin permissions</title>
	<author>laron</author>
	<datestamp>1269267480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If we are talking about XP machines, consider to take away admin permissions from ordinary users. Maybe set up a local admin, that the users know the password for, but let them do their daily work as restricted users.</p></htmltext>
<tokenext>If we are talking about XP machines , consider to take away admin permissions from ordinary users .
Maybe set up a local admin , that the users know the password for , but let them do their daily work as restricted users .</tokentext>
<sentencetext>If we are talking about XP machines, consider to take away admin permissions from ordinary users.
Maybe set up a local admin, that the users know the password for, but let them do their daily work as restricted users.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566306</id>
	<title>Anti-virus and firewall</title>
	<author>Enderandrew</author>
	<datestamp>1269267360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>That's precisely the problem, is that enterprise environments often assume using anti-virus and firewall solutions mean they no longer have to be concerned with information security.</p><p>It is all too easy to bypass anti-virus detection, and anti-virus products often only protect against known threats. There will always be unknown threats it doesn't protect against.</p><p>What you really need is proper sandboxing, but that is a hassle that most people just don't want to deal with.</p></htmltext>
<tokenext>That 's precisely the problem , is that enterprise environments often assume using anti-virus and firewall solutions mean they no longer have to be concerned with information security.It is all too easy to bypass anti-virus detection , and anti-virus products often only protect against known threats .
There will always be unknown threats it does n't protect against.What you really need is proper sandboxing , but that is a hassle that most people just do n't want to deal with .</tokentext>
<sentencetext>That's precisely the problem, is that enterprise environments often assume using anti-virus and firewall solutions mean they no longer have to be concerned with information security.It is all too easy to bypass anti-virus detection, and anti-virus products often only protect against known threats.
There will always be unknown threats it doesn't protect against.What you really need is proper sandboxing, but that is a hassle that most people just don't want to deal with.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567888</id>
	<title>And speaking of base images...</title>
	<author>kgo</author>
	<datestamp>1269271500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Don't image new freaking machines while the bot-net is going crazy on your network.  At least not without putting them behind a NAT.  You won't get the first round of patches fast enough, and you'll kick off another round of infections.  Might seem like common sense, but some jackasses at an old company just kept on imaging new computers during a huge outbreak.  And couldn't figure out why they were getting infected.</p></htmltext>
<tokenext>Do n't image new freaking machines while the bot-net is going crazy on your network .
At least not without putting them behind a NAT .
You wo n't get the first round of patches fast enough , and you 'll kick off another round of infections .
Might seem like common sense , but some jackasses at an old company just kept on imaging new computers during a huge outbreak .
And could n't figure out why they were getting infected .</tokentext>
<sentencetext>Don't image new freaking machines while the bot-net is going crazy on your network.
At least not without putting them behind a NAT.
You won't get the first round of patches fast enough, and you'll kick off another round of infections.
Might seem like common sense, but some jackasses at an old company just kept on imaging new computers during a huge outbreak.
And couldn't figure out why they were getting infected.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566210</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567048</id>
	<title>Re:block some email attachments and facebook</title>
	<author>coofercat</author>
	<datestamp>1269269400000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>Just a decent email filtering solution would probably do what you want, and not look like you were making unilateral decisions. One place I used to work used MessageLabs, which used to report to me just how frequently people were about to receive something dangerous (which for a 20 people company was surprisingly frequently - and more surprising would be the sales people asking to have something taken out of quarantine because 'it might be useful' when it looked pretty obvious it was spam/scam/malware).</p><p>If you don't like the various vendors doing it for you, then you can do it yourself, but honestly, the quickest win would probably to out-source the work for now and move it in-house later on if you decide you want to.</p><p>I'm not a big fan of these corporate website blockers - however, logging where people go at the firewall can be useful - especially if you find a correlation between infections and the 'colourfulness' of the sites people visit. Of course, you need strong management to actually do something about it. I suspect that taking networks off the Internet is getting you some attention, so it's possible you may be able to direct that attention where it's deserved.</p></htmltext>
<tokenext>Just a decent email filtering solution would probably do what you want , and not look like you were making unilateral decisions .
One place I used to work used MessageLabs , which used to report to me just how frequently people were about to receive something dangerous ( which for a 20 people company was surprisingly frequently - and more surprising would be the sales people asking to have something taken out of quarantine because 'it might be useful ' when it looked pretty obvious it was spam/scam/malware ) .If you do n't like the various vendors doing it for you , then you can do it yourself , but honestly , the quickest win would probably to out-source the work for now and move it in-house later on if you decide you want to.I 'm not a big fan of these corporate website blockers - however , logging where people go at the firewall can be useful - especially if you find a correlation between infections and the 'colourfulness ' of the sites people visit .
Of course , you need strong management to actually do something about it .
I suspect that taking networks off the Internet is getting you some attention , so it 's possible you may be able to direct that attention where it 's deserved .</tokentext>
<sentencetext>Just a decent email filtering solution would probably do what you want, and not look like you were making unilateral decisions.
One place I used to work used MessageLabs, which used to report to me just how frequently people were about to receive something dangerous (which for a 20 people company was surprisingly frequently - and more surprising would be the sales people asking to have something taken out of quarantine because 'it might be useful' when it looked pretty obvious it was spam/scam/malware).If you don't like the various vendors doing it for you, then you can do it yourself, but honestly, the quickest win would probably to out-source the work for now and move it in-house later on if you decide you want to.I'm not a big fan of these corporate website blockers - however, logging where people go at the firewall can be useful - especially if you find a correlation between infections and the 'colourfulness' of the sites people visit.
Of course, you need strong management to actually do something about it.
I suspect that taking networks off the Internet is getting you some attention, so it's possible you may be able to direct that attention where it's deserved.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566048</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571112</id>
	<title>Anti-virus is a waste</title>
	<author>Anonymous</author>
	<datestamp>1269280920000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>As you've found out the anti-virus is useless.  Even if you have the current day's latest definitions they won't stop some new variant.</p><p>It can take up to 1 week before the anti-virus vendor even gets a definition that can clean the systems.</p><p>Anti-virus is just a waste of money and computer performance.</p><p>Try ensuring all OS updates, Adobe, and Browser updates are applied very quickly.  That'll stop almost all of it right there.</p><p>Changing to Linux/OS X/etc won't really help in the long term.  There are already cross-platform viruses.</p></htmltext>
<tokenext>As you 've found out the anti-virus is useless .
Even if you have the current day 's latest definitions they wo n't stop some new variant.It can take up to 1 week before the anti-virus vendor even gets a definition that can clean the systems.Anti-virus is just a waste of money and computer performance.Try ensuring all OS updates , Adobe , and Browser updates are applied very quickly .
That 'll stop almost all of it right there.Changing to Linux/OS X/etc wo n't really help in the long term .
There are already cross-platform viruses .</tokentext>
<sentencetext>As you've found out the anti-virus is useless.
Even if you have the current day's latest definitions they won't stop some new variant.It can take up to 1 week before the anti-virus vendor even gets a definition that can clean the systems.Anti-virus is just a waste of money and computer performance.Try ensuring all OS updates, Adobe, and Browser updates are applied very quickly.
That'll stop almost all of it right there.Changing to Linux/OS X/etc won't really help in the long term.
There are already cross-platform viruses.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565924</id>
	<title>Re:Yeah...</title>
	<author>Anonymous</author>
	<datestamp>1269266160000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>VMS</p></htmltext>
<tokenext>VMS</tokentext>
<sentencetext>VMS</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567342</id>
	<title>Your botnet</title>
	<author>Kolargol00</author>
	<datestamp>1269270120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Did anyone else read the title as "How To Avoid the Infection of <em>your</em> Botnet"?<nobr> <wbr></nobr>;)</htmltext>
<tokenext>Did anyone else read the title as " How To Avoid the Infection of your Botnet " ?
; )</tokentext>
<sentencetext>Did anyone else read the title as "How To Avoid the Infection of your Botnet"?
;)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568062</id>
	<title>No perfect answer</title>
	<author>mindstrm</author>
	<datestamp>1269271980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>There is no perfect answer.... but...</p><p>1) Users cannot have administrative privileges.<br>2) You need up to date antivirus and host IDS (I hate SEP, but it works).<br>3) Critical user data needs to be backed up somewhere safe.<br>4) User segments should have outgoing traffic restricted, and all traffic should go through proxies unless exceptions must be made.  Those proxies must do something to help as well - blacklists, antivirus, depends on your budget.<br>5) Edge firewall should not allow direct connections from user workstations to the outside unless very specific and required for the task at hand.<br>6) You need to be able to cleanly and quickly re-deploy infected workstations in a clean environment, with minimal delay - because at some point, you will get hit hard, and this will help ease the pain. This is where imaging and backups come in.<br>7) Understand that regardless of what you do - things will happen - so see #6 again<nobr> <wbr></nobr>:)</p></htmltext>
<tokenext>There is no perfect answer.... but...1 ) Users can not have administrative privileges.2 ) You need up to date antivirus and host IDS ( I hate SEP , but it works ) .3 ) Critical user data needs to be backed up somewhere safe.4 ) User segments should have outgoing traffic restricted , and all traffic should go through proxies unless exceptions must be made .
Those proxies must do something to help as well - blacklists , antivirus , depends on your budget.5 ) Edge firewall should not allow direct connections from user workstations to the outside unless very specific and required for the task at hand.6 ) You need to be able to cleanly and quickly re-deploy infected workstations in a clean environment , with minimal delay - because at some point , you will get hit hard , and this will help ease the pain .
This is where imaging and backups come in.7 ) Understand that regardless of what you do - things will happen - so see # 6 again : )</tokentext>
<sentencetext>There is no perfect answer.... but...1) Users cannot have administrative privileges.2) You need up to date antivirus and host IDS (I hate SEP, but it works).3) Critical user data needs to be backed up somewhere safe.4) User segments should have outgoing traffic restricted, and all traffic should go through proxies unless exceptions must be made.
Those proxies must do something to help as well - blacklists, antivirus, depends on your budget.5) Edge firewall should not allow direct connections from user workstations to the outside unless very specific and required for the task at hand.6) You need to be able to cleanly and quickly re-deploy infected workstations in a clean environment, with minimal delay - because at some point, you will get hit hard, and this will help ease the pain.
This is where imaging and backups come in.7) Understand that regardless of what you do - things will happen - so see #6 again :)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566282</id>
	<title>Identify the people responsible, sack and sue them</title>
	<author>Rogerborg</author>
	<datestamp>1269267360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>It might be the CEO.  It might be you.  But the fault is always with a person, and they should be help responsible for their actions, including recovering costs.</htmltext>
<tokenext>It might be the CEO .
It might be you .
But the fault is always with a person , and they should be help responsible for their actions , including recovering costs .</tokentext>
<sentencetext>It might be the CEO.
It might be you.
But the fault is always with a person, and they should be help responsible for their actions, including recovering costs.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31572270</id>
	<title>USB</title>
	<author>jridley</author>
	<datestamp>1269284040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Do not allow users to plug mass storage devices into their PCs.  This means thumb drives, cameras, MP3 players, whatever.</p><p>Also don't allow in any executables over the internet, at least until they've been scanned.</p></htmltext>
<tokenext>Do not allow users to plug mass storage devices into their PCs .
This means thumb drives , cameras , MP3 players , whatever.Also do n't allow in any executables over the internet , at least until they 've been scanned .</tokentext>
<sentencetext>Do not allow users to plug mass storage devices into their PCs.
This means thumb drives, cameras, MP3 players, whatever.Also don't allow in any executables over the internet, at least until they've been scanned.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566488</id>
	<title>Simple</title>
	<author>rindeee</author>
	<datestamp>1269267900000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext>I am over Cyber Security for a 36k seat enterprise.  We've had no infections...period (and yes, we do have monitoring in place to catch behavioral anomalies that indicate zero-day, etc.).  Here are the "must do's":

1. Block social networking sites.  Need convincing?  Here. <a href="http://google.com/safebrowsing/diagnostic?site=facebook.com/" title="google.com">http://google.com/safebrowsing/diagnostic?site=facebook.com/</a> [google.com] or <a href="http://google.com/safebrowsing/diagnostic?site=myspace.com/" title="google.com">http://google.com/safebrowsing/diagnostic?site=myspace.com/</a> [google.com] or <a href="http://google.com/safebrowsing/diagnostic?site=twitter.com/" title="google.com">http://google.com/safebrowsing/diagnostic?site=twitter.com/</a> [google.com]
2. Block porn sites.  All of them.  Use keywords, IP/FQDN blacklists, adaptive/reputation blocking (Trusted Source type technology)
3. Use a managed AV/AM/HIPS solution such as McAfee ePO/AVE/HIPS/etc. if you can afford it.  A good HIPS that does both network and application blocking is essential.
4. Exhaustively scan e-mail for content, attachments and (most of all) embedded URLs.
5. Finally, have a good dashboard.  We rolled our own using Cacti, Nagios, Drupal and some simple Java, CSS and PHP.  You need to be able to visualize things in as close to real time as is possible.  Once you've established 'normal', you can spot 'abnormal' visually long before many automated analysis engines will alert you.  This allows you to catch the things that may otherwise slip through the cracks.

This doesn't have to be expensive (well, except for #3, it's expensive).  You can scale a Linux based solution with entirely open source tools large enough to cover thousands of concurent users.</htmltext>
<tokenext>I am over Cyber Security for a 36k seat enterprise .
We 've had no infections...period ( and yes , we do have monitoring in place to catch behavioral anomalies that indicate zero-day , etc. ) .
Here are the " must do 's " : 1 .
Block social networking sites .
Need convincing ?
Here. http : //google.com/safebrowsing/diagnostic ? site = facebook.com/ [ google.com ] or http : //google.com/safebrowsing/diagnostic ? site = myspace.com/ [ google.com ] or http : //google.com/safebrowsing/diagnostic ? site = twitter.com/ [ google.com ] 2 .
Block porn sites .
All of them .
Use keywords , IP/FQDN blacklists , adaptive/reputation blocking ( Trusted Source type technology ) 3 .
Use a managed AV/AM/HIPS solution such as McAfee ePO/AVE/HIPS/etc .
if you can afford it .
A good HIPS that does both network and application blocking is essential .
4. Exhaustively scan e-mail for content , attachments and ( most of all ) embedded URLs .
5. Finally , have a good dashboard .
We rolled our own using Cacti , Nagios , Drupal and some simple Java , CSS and PHP .
You need to be able to visualize things in as close to real time as is possible .
Once you 've established 'normal ' , you can spot 'abnormal ' visually long before many automated analysis engines will alert you .
This allows you to catch the things that may otherwise slip through the cracks .
This does n't have to be expensive ( well , except for # 3 , it 's expensive ) .
You can scale a Linux based solution with entirely open source tools large enough to cover thousands of concurent users .</tokentext>
<sentencetext>I am over Cyber Security for a 36k seat enterprise.
We've had no infections...period (and yes, we do have monitoring in place to catch behavioral anomalies that indicate zero-day, etc.).
Here are the "must do's":

1.
Block social networking sites.
Need convincing?
Here. http://google.com/safebrowsing/diagnostic?site=facebook.com/ [google.com] or http://google.com/safebrowsing/diagnostic?site=myspace.com/ [google.com] or http://google.com/safebrowsing/diagnostic?site=twitter.com/ [google.com]
2.
Block porn sites.
All of them.
Use keywords, IP/FQDN blacklists, adaptive/reputation blocking (Trusted Source type technology)
3.
Use a managed AV/AM/HIPS solution such as McAfee ePO/AVE/HIPS/etc.
if you can afford it.
A good HIPS that does both network and application blocking is essential.
4. Exhaustively scan e-mail for content, attachments and (most of all) embedded URLs.
5. Finally, have a good dashboard.
We rolled our own using Cacti, Nagios, Drupal and some simple Java, CSS and PHP.
You need to be able to visualize things in as close to real time as is possible.
Once you've established 'normal', you can spot 'abnormal' visually long before many automated analysis engines will alert you.
This allows you to catch the things that may otherwise slip through the cracks.
This doesn't have to be expensive (well, except for #3, it's expensive).
You can scale a Linux based solution with entirely open source tools large enough to cover thousands of concurent users.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566134</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>MasterOfMagic</author>
	<datestamp>1269266940000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>Think of anti-virus as a vaccination.  When you receive a vaccination, it protects you against the specific threat that the vaccination is designed to protect you from.  The same holds true for anti-virus software.  There is no magical "this program will destroy your computer or steal your personal information" opcode in software, so anti-virus software is designed to detect things it knows to be suspicious.  If something is unknown (either because it is new and there aren't virus definition files for it or if your virus definition files are out of date because your 30-day trial has expired or you're not connected to the Internet or the software fails to automatically update or your anti-virus software has been compromised or switched off), your anti-virus software has a very slim chance of picking something malicious.</p><p>That is why an anti-virus package wouldn't stop threats newer than its definition files.</p></htmltext>
<tokenext>Think of anti-virus as a vaccination .
When you receive a vaccination , it protects you against the specific threat that the vaccination is designed to protect you from .
The same holds true for anti-virus software .
There is no magical " this program will destroy your computer or steal your personal information " opcode in software , so anti-virus software is designed to detect things it knows to be suspicious .
If something is unknown ( either because it is new and there are n't virus definition files for it or if your virus definition files are out of date because your 30-day trial has expired or you 're not connected to the Internet or the software fails to automatically update or your anti-virus software has been compromised or switched off ) , your anti-virus software has a very slim chance of picking something malicious.That is why an anti-virus package would n't stop threats newer than its definition files .</tokentext>
<sentencetext>Think of anti-virus as a vaccination.
When you receive a vaccination, it protects you against the specific threat that the vaccination is designed to protect you from.
The same holds true for anti-virus software.
There is no magical "this program will destroy your computer or steal your personal information" opcode in software, so anti-virus software is designed to detect things it knows to be suspicious.
If something is unknown (either because it is new and there aren't virus definition files for it or if your virus definition files are out of date because your 30-day trial has expired or you're not connected to the Internet or the software fails to automatically update or your anti-virus software has been compromised or switched off), your anti-virus software has a very slim chance of picking something malicious.That is why an anti-virus package wouldn't stop threats newer than its definition files.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566020</id>
	<title>It's not all about prevention.</title>
	<author>VinylPusher</author>
	<datestamp>1269266460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Perhaps somewhat obvious, but you will never achieve 100\% protection against malware unless you unhook the internet connections, block the USB ports, optical drive, floppy drive, multi-media card reader etc.</p><p>The worth of any IT support company comes not from the level of prevention they can provide against outages, it's how quickly and effectively they respond to bring systems back in line after a problem occurs.</p><p>Assuming you cannot prevent a botnet infestation, you minimally need a documented procedure on how you're going to deal with the cleanup.</p><p>In a more direct answer to your question though... put systems in place that are supported by big companies, e.g. Checkpoint firewalls at boundaries, Symantec/F-Secure/ESET AV throughout (with solidly applied policies and installed by a certified provider).</p></htmltext>
<tokenext>Perhaps somewhat obvious , but you will never achieve 100 \ % protection against malware unless you unhook the internet connections , block the USB ports , optical drive , floppy drive , multi-media card reader etc.The worth of any IT support company comes not from the level of prevention they can provide against outages , it 's how quickly and effectively they respond to bring systems back in line after a problem occurs.Assuming you can not prevent a botnet infestation , you minimally need a documented procedure on how you 're going to deal with the cleanup.In a more direct answer to your question though... put systems in place that are supported by big companies , e.g .
Checkpoint firewalls at boundaries , Symantec/F-Secure/ESET AV throughout ( with solidly applied policies and installed by a certified provider ) .</tokentext>
<sentencetext>Perhaps somewhat obvious, but you will never achieve 100\% protection against malware unless you unhook the internet connections, block the USB ports, optical drive, floppy drive, multi-media card reader etc.The worth of any IT support company comes not from the level of prevention they can provide against outages, it's how quickly and effectively they respond to bring systems back in line after a problem occurs.Assuming you cannot prevent a botnet infestation, you minimally need a documented procedure on how you're going to deal with the cleanup.In a more direct answer to your question though... put systems in place that are supported by big companies, e.g.
Checkpoint firewalls at boundaries, Symantec/F-Secure/ESET AV throughout (with solidly applied policies and installed by a certified provider).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567542</id>
	<title>Start sending your resume out</title>
	<author>Anonymous</author>
	<datestamp>1269270600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Start sending your resume out, 'cause your ASS should be fired!</p><p>Tips for not getting bot-ified.<br>- Stay patched on OS, Apps, Browsers, Plugins, religiously.<br>- Don't allow complete in/out network access without aggressive filters and proxies<br>- Don't allow IE to be used on external web sites<br>- Don't allow Outlook to be used at all<br>- Users don't get admin equiv accounts<br>- At the first sign of trouble on a PC, wipe it. That is the only answer. Users hate this so they will take steps to avoid spyware and other nasty stuff.<br>- Don't allow complete access to the internet. Only allow white listed websites<br>- Don't allow DNS to desktops<br>- Don't allow the default route anywhere but your proxy server<br>- Perform as much malware scanning on the proxy, email, and file servers as possible.<br>- Push scanner updates to clients. Verify the updates are installed and if not, place those systems on a limited part of your network where they can only get system, AV and malware removal updates.<br>- Migrate as many systems to non-Windows as possible.<br>- Don't allow users to install software on their machines<br>- Follow the hundreds of "how to protect PCs from malware, viruses, and other bad parts of the internet" guides that google will show you<br>- Make it clear that work PCs are for WORK.<br>- Remove most video codecs<br>- Set Internet options to HIGH for anything outside the local network. Don't allow users to change them.<br>- Set Internet options to Medium for anything inside the local network. Never deploy OCX-based web apps.<br>- Make FireFox the default browser, install NoScript and AdBlock. Only whitelist internal websites. Don't let users change these settings.<br>- For any exceptions, have a formal process where both the Head of Security AND the CEO must sign a piece of paper accepting the risks. It should be difficult, but there are times when a system cannot be securely configured due to vendor requirements (which suck).<br>- Protect admin rights. Nobody gets them.</p><p>That should be enough.  You'll be hated. The CEO will hate you too. Be certain to tell him the estimated costs of what you are currently dealing with now.</p></htmltext>
<tokenext>Start sending your resume out , 'cause your ASS should be fired ! Tips for not getting bot-ified.- Stay patched on OS , Apps , Browsers , Plugins , religiously.- Do n't allow complete in/out network access without aggressive filters and proxies- Do n't allow IE to be used on external web sites- Do n't allow Outlook to be used at all- Users do n't get admin equiv accounts- At the first sign of trouble on a PC , wipe it .
That is the only answer .
Users hate this so they will take steps to avoid spyware and other nasty stuff.- Do n't allow complete access to the internet .
Only allow white listed websites- Do n't allow DNS to desktops- Do n't allow the default route anywhere but your proxy server- Perform as much malware scanning on the proxy , email , and file servers as possible.- Push scanner updates to clients .
Verify the updates are installed and if not , place those systems on a limited part of your network where they can only get system , AV and malware removal updates.- Migrate as many systems to non-Windows as possible.- Do n't allow users to install software on their machines- Follow the hundreds of " how to protect PCs from malware , viruses , and other bad parts of the internet " guides that google will show you- Make it clear that work PCs are for WORK.- Remove most video codecs- Set Internet options to HIGH for anything outside the local network .
Do n't allow users to change them.- Set Internet options to Medium for anything inside the local network .
Never deploy OCX-based web apps.- Make FireFox the default browser , install NoScript and AdBlock .
Only whitelist internal websites .
Do n't let users change these settings.- For any exceptions , have a formal process where both the Head of Security AND the CEO must sign a piece of paper accepting the risks .
It should be difficult , but there are times when a system can not be securely configured due to vendor requirements ( which suck ) .- Protect admin rights .
Nobody gets them.That should be enough .
You 'll be hated .
The CEO will hate you too .
Be certain to tell him the estimated costs of what you are currently dealing with now .</tokentext>
<sentencetext>Start sending your resume out, 'cause your ASS should be fired!Tips for not getting bot-ified.- Stay patched on OS, Apps, Browsers, Plugins, religiously.- Don't allow complete in/out network access without aggressive filters and proxies- Don't allow IE to be used on external web sites- Don't allow Outlook to be used at all- Users don't get admin equiv accounts- At the first sign of trouble on a PC, wipe it.
That is the only answer.
Users hate this so they will take steps to avoid spyware and other nasty stuff.- Don't allow complete access to the internet.
Only allow white listed websites- Don't allow DNS to desktops- Don't allow the default route anywhere but your proxy server- Perform as much malware scanning on the proxy, email, and file servers as possible.- Push scanner updates to clients.
Verify the updates are installed and if not, place those systems on a limited part of your network where they can only get system, AV and malware removal updates.- Migrate as many systems to non-Windows as possible.- Don't allow users to install software on their machines- Follow the hundreds of "how to protect PCs from malware, viruses, and other bad parts of the internet" guides that google will show you- Make it clear that work PCs are for WORK.- Remove most video codecs- Set Internet options to HIGH for anything outside the local network.
Don't allow users to change them.- Set Internet options to Medium for anything inside the local network.
Never deploy OCX-based web apps.- Make FireFox the default browser, install NoScript and AdBlock.
Only whitelist internal websites.
Don't let users change these settings.- For any exceptions, have a formal process where both the Head of Security AND the CEO must sign a piece of paper accepting the risks.
It should be difficult, but there are times when a system cannot be securely configured due to vendor requirements (which suck).- Protect admin rights.
Nobody gets them.That should be enough.
You'll be hated.
The CEO will hate you too.
Be certain to tell him the estimated costs of what you are currently dealing with now.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570952</id>
	<title>Re:Yeah...</title>
	<author>Anonymous</author>
	<datestamp>1269280380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Ah, VMS, the only OS to be banned from Defcon for being too secure.  They had to invent a 'must run on x86' rule to keep it out.</p></div><p>I guess that also takes care of AIX and HP-UX.</p><p>I'm curious: can you bring in Solaris (which does run on x86), but have it actually on SPARC?<nobr> <wbr></nobr>:)</p></div>
	</htmltext>
<tokenext>Ah , VMS , the only OS to be banned from Defcon for being too secure .
They had to invent a 'must run on x86 ' rule to keep it out.I guess that also takes care of AIX and HP-UX.I 'm curious : can you bring in Solaris ( which does run on x86 ) , but have it actually on SPARC ?
: )</tokentext>
<sentencetext>Ah, VMS, the only OS to be banned from Defcon for being too secure.
They had to invent a 'must run on x86' rule to keep it out.I guess that also takes care of AIX and HP-UX.I'm curious: can you bring in Solaris (which does run on x86), but have it actually on SPARC?
:)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568318</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571732</id>
	<title>Re:Yeah...</title>
	<author>Graham J - XVI</author>
	<datestamp>1269282540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I think if I had the choice of keeping my body healthy by medicine or by swapping it for a type that there were no diseases of any kind for, I'd probably choose the latter.</p></htmltext>
<tokenext>I think if I had the choice of keeping my body healthy by medicine or by swapping it for a type that there were no diseases of any kind for , I 'd probably choose the latter .</tokentext>
<sentencetext>I think if I had the choice of keeping my body healthy by medicine or by swapping it for a type that there were no diseases of any kind for, I'd probably choose the latter.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566996</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566568</id>
	<title>Filtering</title>
	<author>lord\_rotorooter</author>
	<datestamp>1269268140000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>If you have a Cisco ASA 5510 or higher you can purchase the botnet filter for roughly $320 a year.  Then enable the filter on your internal interface to block any outbound traffic going to the known botnet IP ranges.  I would also recommend blocking unnecessary outbound ports and limiting necessary ports to specific machines (ex. Port 25 mail server only outbound).  I would also look at setting up a proxy server such as SQUID proxy.  I would do mime filtering on untrusted web traffic and perhaps using dansguardian for prebuilt whitelist/blacklisting.  At my workplace I am fortunate enough to be allowed to do a default deny on the entire internet, only white-listing work related sites (of course I work at a bank).  Antivirus should be considered a secondary defense in this day and age.

You really need to look at getting an IPS device for your network and then perhaps an aggregated log server if you haven't already.  These last two recommendations will cost some money.  So short term I would focus on outbound firewall filtering and a proxy server.</htmltext>
<tokenext>If you have a Cisco ASA 5510 or higher you can purchase the botnet filter for roughly $ 320 a year .
Then enable the filter on your internal interface to block any outbound traffic going to the known botnet IP ranges .
I would also recommend blocking unnecessary outbound ports and limiting necessary ports to specific machines ( ex .
Port 25 mail server only outbound ) .
I would also look at setting up a proxy server such as SQUID proxy .
I would do mime filtering on untrusted web traffic and perhaps using dansguardian for prebuilt whitelist/blacklisting .
At my workplace I am fortunate enough to be allowed to do a default deny on the entire internet , only white-listing work related sites ( of course I work at a bank ) .
Antivirus should be considered a secondary defense in this day and age .
You really need to look at getting an IPS device for your network and then perhaps an aggregated log server if you have n't already .
These last two recommendations will cost some money .
So short term I would focus on outbound firewall filtering and a proxy server .</tokentext>
<sentencetext>If you have a Cisco ASA 5510 or higher you can purchase the botnet filter for roughly $320 a year.
Then enable the filter on your internal interface to block any outbound traffic going to the known botnet IP ranges.
I would also recommend blocking unnecessary outbound ports and limiting necessary ports to specific machines (ex.
Port 25 mail server only outbound).
I would also look at setting up a proxy server such as SQUID proxy.
I would do mime filtering on untrusted web traffic and perhaps using dansguardian for prebuilt whitelist/blacklisting.
At my workplace I am fortunate enough to be allowed to do a default deny on the entire internet, only white-listing work related sites (of course I work at a bank).
Antivirus should be considered a secondary defense in this day and age.
You really need to look at getting an IPS device for your network and then perhaps an aggregated log server if you haven't already.
These last two recommendations will cost some money.
So short term I would focus on outbound firewall filtering and a proxy server.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567566</id>
	<title>Re:Yeah...</title>
	<author>Wingsy</author>
	<datestamp>1269270660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>And just why would that be unfortunate? Within a month or two the USERS of the network would probably think that was the most fortunate thing that's ever happened to their computing experience.</htmltext>
<tokenext>And just why would that be unfortunate ?
Within a month or two the USERS of the network would probably think that was the most fortunate thing that 's ever happened to their computing experience .</tokentext>
<sentencetext>And just why would that be unfortunate?
Within a month or two the USERS of the network would probably think that was the most fortunate thing that's ever happened to their computing experience.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565932</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567294</id>
	<title>Suggestions</title>
	<author>MrTripps</author>
	<datestamp>1269270000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>1. Block out Facebook.
2. For small shops, get rid of Exchange and go to Gmail. For larger get some sort of black box virus filter like what Barracuda makes on top of existing email AV. Use Spamhaus blocking lists.
3. Encourage users to use FireFox and AdBlock instead of IE when possible. Not always possible since many corporate apps only run on IE.
4. Centralize management of AV and Microsoft Updates.
5. Make user education continuous. Give real world examples of how failure to follow proper procedures can harm them and IT infrastructure.</htmltext>
<tokenext>1 .
Block out Facebook .
2. For small shops , get rid of Exchange and go to Gmail .
For larger get some sort of black box virus filter like what Barracuda makes on top of existing email AV .
Use Spamhaus blocking lists .
3. Encourage users to use FireFox and AdBlock instead of IE when possible .
Not always possible since many corporate apps only run on IE .
4. Centralize management of AV and Microsoft Updates .
5. Make user education continuous .
Give real world examples of how failure to follow proper procedures can harm them and IT infrastructure .</tokentext>
<sentencetext>1.
Block out Facebook.
2. For small shops, get rid of Exchange and go to Gmail.
For larger get some sort of black box virus filter like what Barracuda makes on top of existing email AV.
Use Spamhaus blocking lists.
3. Encourage users to use FireFox and AdBlock instead of IE when possible.
Not always possible since many corporate apps only run on IE.
4. Centralize management of AV and Microsoft Updates.
5. Make user education continuous.
Give real world examples of how failure to follow proper procedures can harm them and IT infrastructure.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566630</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>Anonymous</author>
	<datestamp>1269268320000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>how is a coder NOT  IT ??</p><p>you write the code that processes the INFORMATION using TECHNOLOGY.</p><p>when did the phrase  IT ( Information technology ) become synonymous with "desktop support" ??</p></htmltext>
<tokenext>how is a coder NOT IT ?
? you write the code that processes the INFORMATION using TECHNOLOGY.when did the phrase IT ( Information technology ) become synonymous with " desktop support " ?
?</tokentext>
<sentencetext>how is a coder NOT  IT ?
?you write the code that processes the INFORMATION using TECHNOLOGY.when did the phrase  IT ( Information technology ) become synonymous with "desktop support" ?
?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566148</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571972</id>
	<title>How my company has avoided becoming a botnet</title>
	<author>Ngarrang</author>
	<datestamp>1269283200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>At my company, we have avoiding becoming a botnet.</p><p>100+ systems running XP Pro SP3 and installing updates as they are released.<br>SOPHOS.<br>Required use of Firefox for web browsing, with exceptions only for specifics sites coded for IE (stupid banks!).<br>XP's firewall is on for each system.</p><p>The occasional system gets spiked, but that is it -- there is no stopping the efforts of the truly insipid.  System-wide infections have never happened.</p><p>It is about that simple.</p></htmltext>
<tokenext>At my company , we have avoiding becoming a botnet.100 + systems running XP Pro SP3 and installing updates as they are released.SOPHOS.Required use of Firefox for web browsing , with exceptions only for specifics sites coded for IE ( stupid banks !
) .XP 's firewall is on for each system.The occasional system gets spiked , but that is it -- there is no stopping the efforts of the truly insipid .
System-wide infections have never happened.It is about that simple .</tokentext>
<sentencetext>At my company, we have avoiding becoming a botnet.100+ systems running XP Pro SP3 and installing updates as they are released.SOPHOS.Required use of Firefox for web browsing, with exceptions only for specifics sites coded for IE (stupid banks!
).XP's firewall is on for each system.The occasional system gets spiked, but that is it -- there is no stopping the efforts of the truly insipid.
System-wide infections have never happened.It is about that simple.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567576</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>Anonymous</author>
	<datestamp>1269270720000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Here is the real problem: you are a coder and you know nothing about security!</p></htmltext>
<tokenext>Here is the real problem : you are a coder and you know nothing about security !</tokentext>
<sentencetext>Here is the real problem: you are a coder and you know nothing about security!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568262</id>
	<title>Re:In an ideal world...</title>
	<author>Anonymous</author>
	<datestamp>1269272520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>our good buddies at Adobe are among the most popular</p></div><p>[citation needed]</p></div>
	</htmltext>
<tokenext>our good buddies at Adobe are among the most popular [ citation needed ]</tokentext>
<sentencetext>our good buddies at Adobe are among the most popular[citation needed]
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566084</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568830</id>
	<title>Re:Simple</title>
	<author>swilver</author>
	<datestamp>1269273900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You forgot proxies on that list, so rule 1 and 2 might as well not exist.</p></htmltext>
<tokenext>You forgot proxies on that list , so rule 1 and 2 might as well not exist .</tokentext>
<sentencetext>You forgot proxies on that list, so rule 1 and 2 might as well not exist.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566488</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570454</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>omnichad</author>
	<datestamp>1269278580000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>Microsoft "fixed it" with Windows 7 and Vista.  But in doing so, they broke a lot of older software.  A LOT of software was written to require higher privileges than necessary, because almost all users were running as an Administrator by default, and they never put any thought into it.  The new security model forces the restrictions on administrator accounts and user accounts alike, and coders finally started coding properly.  Most new stuff does run on a proper security model - but there is a lot of old code out there that has no chance of being updated.  The only solution in Vista/7 is to run those applications as an administrator.</p></htmltext>
<tokenext>Microsoft " fixed it " with Windows 7 and Vista .
But in doing so , they broke a lot of older software .
A LOT of software was written to require higher privileges than necessary , because almost all users were running as an Administrator by default , and they never put any thought into it .
The new security model forces the restrictions on administrator accounts and user accounts alike , and coders finally started coding properly .
Most new stuff does run on a proper security model - but there is a lot of old code out there that has no chance of being updated .
The only solution in Vista/7 is to run those applications as an administrator .</tokentext>
<sentencetext>Microsoft "fixed it" with Windows 7 and Vista.
But in doing so, they broke a lot of older software.
A LOT of software was written to require higher privileges than necessary, because almost all users were running as an Administrator by default, and they never put any thought into it.
The new security model forces the restrictions on administrator accounts and user accounts alike, and coders finally started coding properly.
Most new stuff does run on a proper security model - but there is a lot of old code out there that has no chance of being updated.
The only solution in Vista/7 is to run those applications as an administrator.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566942</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566268</id>
	<title>Re:educate</title>
	<author>K-tWizel</author>
	<datestamp>1269267300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>your infection vector is your users.  Kind of ironic that those that are needed to keep your company are the ones that could sink it.

Education is the best mitigation for this risk!  Teach the users proper computing security.  Have tracked annual training (15 pg PPT is sufficient).  It also protects you the admin/company if something does happen and legal action is required.

Folks need to know the 'rules of the road'.  Compare the cost of a usage program to lost productivity.  These bad habits are reinforced by use at home too so presentation should include protecting the users at home.

Stronger network/system security will help but the biggest risk to a network is the users.</htmltext>
<tokenext>your infection vector is your users .
Kind of ironic that those that are needed to keep your company are the ones that could sink it .
Education is the best mitigation for this risk !
Teach the users proper computing security .
Have tracked annual training ( 15 pg PPT is sufficient ) .
It also protects you the admin/company if something does happen and legal action is required .
Folks need to know the 'rules of the road' .
Compare the cost of a usage program to lost productivity .
These bad habits are reinforced by use at home too so presentation should include protecting the users at home .
Stronger network/system security will help but the biggest risk to a network is the users .</tokentext>
<sentencetext>your infection vector is your users.
Kind of ironic that those that are needed to keep your company are the ones that could sink it.
Education is the best mitigation for this risk!
Teach the users proper computing security.
Have tracked annual training (15 pg PPT is sufficient).
It also protects you the admin/company if something does happen and legal action is required.
Folks need to know the 'rules of the road'.
Compare the cost of a usage program to lost productivity.
These bad habits are reinforced by use at home too so presentation should include protecting the users at home.
Stronger network/system security will help but the biggest risk to a network is the users.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566024</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566678</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>stiggle</author>
	<datestamp>1269268440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>First of all they need a firewall which doesn't block everything.</p><p>A decent firewall blocks everything, then allows specific stuff through.<br>So you block everything - then allow ports 80 &amp; 443 out through a caching proxy, you allow SMTP &amp; IMAP - but only to your own mailservers, etc.</p><p>Incoming connections are either redirected to the company servers or completely blocked.</p></htmltext>
<tokenext>First of all they need a firewall which does n't block everything.A decent firewall blocks everything , then allows specific stuff through.So you block everything - then allow ports 80 &amp; 443 out through a caching proxy , you allow SMTP &amp; IMAP - but only to your own mailservers , etc.Incoming connections are either redirected to the company servers or completely blocked .</tokentext>
<sentencetext>First of all they need a firewall which doesn't block everything.A decent firewall blocks everything, then allows specific stuff through.So you block everything - then allow ports 80 &amp; 443 out through a caching proxy, you allow SMTP &amp; IMAP - but only to your own mailservers, etc.Incoming connections are either redirected to the company servers or completely blocked.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575476</id>
	<title>Re:Yeah...</title>
	<author>Anonymous</author>
	<datestamp>1269252780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Why not just disable autorun for USB disks?<br>?\_?</p></htmltext>
<tokenext>Why not just disable autorun for USB disks ?
? \ _ ?</tokentext>
<sentencetext>Why not just disable autorun for USB disks?
?\_?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567338</id>
	<title>lots of unreasonable answers</title>
	<author>datapharmer</author>
	<datestamp>1269270120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I have no doubt this thread will be filled with unreasonable answers that won't solve your real-world problems. Here is a real world checklist:

firewall: configure it right!
mail server: scan for known viruses, run blacklists and setup filter that look for unusual traffic patterns, setup company-wide spam identification that notifies the mail server. This will help prevent false positives and identify misses. Block bad filetypes (all password protected compressed formats, all video files, anything remotely executable.
internet: run everything through a proxy that checks for content and have dns check for known bad domains and redirect to 127.0.0.1 if they attempt to go to a forbidden page - this is better than directing to the server because it will prevent you DDOSing your own servers. Set firefox as the default
security: enable DEP on all computers, run basic antispyware and antivirus on all computers (use microsoft security essentials and spybot combo if you can't afford anything else). Turn off macro support on office products unless necessary for a specific user.
lockdown group policy so that desktop and c drive can't be written by users, rename the administrative account and set a password. Make sure that system settings cannot be changed. Use an imaging product to reset the hard drive each boot (such as steadystate) or load the OS from a LAN image
Updates: Set the computers to Wake on lan or wake at a given time for updates. Use fox-it or another alternate pdf viewer whenever possible instead of adobe. Make sure flash is up-to-date, spyware and antivirus is up-to-date and browser and OS are up-to-date
Physical: lock the computer cases and prevent hardware installation by normal users. Prevent external drives if possible (this can be configured under steady state or group policy).
Checkups: check computers once a month with a full scan and monitor network at idle for unusual activity. This can be done for a large organization if you don't work weekends for instance by turning on all the machines and letting them sit idle and looking for unusual port activity or large volumes of data when they should not be updating.</htmltext>
<tokenext>I have no doubt this thread will be filled with unreasonable answers that wo n't solve your real-world problems .
Here is a real world checklist : firewall : configure it right !
mail server : scan for known viruses , run blacklists and setup filter that look for unusual traffic patterns , setup company-wide spam identification that notifies the mail server .
This will help prevent false positives and identify misses .
Block bad filetypes ( all password protected compressed formats , all video files , anything remotely executable .
internet : run everything through a proxy that checks for content and have dns check for known bad domains and redirect to 127.0.0.1 if they attempt to go to a forbidden page - this is better than directing to the server because it will prevent you DDOSing your own servers .
Set firefox as the default security : enable DEP on all computers , run basic antispyware and antivirus on all computers ( use microsoft security essentials and spybot combo if you ca n't afford anything else ) .
Turn off macro support on office products unless necessary for a specific user .
lockdown group policy so that desktop and c drive ca n't be written by users , rename the administrative account and set a password .
Make sure that system settings can not be changed .
Use an imaging product to reset the hard drive each boot ( such as steadystate ) or load the OS from a LAN image Updates : Set the computers to Wake on lan or wake at a given time for updates .
Use fox-it or another alternate pdf viewer whenever possible instead of adobe .
Make sure flash is up-to-date , spyware and antivirus is up-to-date and browser and OS are up-to-date Physical : lock the computer cases and prevent hardware installation by normal users .
Prevent external drives if possible ( this can be configured under steady state or group policy ) .
Checkups : check computers once a month with a full scan and monitor network at idle for unusual activity .
This can be done for a large organization if you do n't work weekends for instance by turning on all the machines and letting them sit idle and looking for unusual port activity or large volumes of data when they should not be updating .</tokentext>
<sentencetext>I have no doubt this thread will be filled with unreasonable answers that won't solve your real-world problems.
Here is a real world checklist:

firewall: configure it right!
mail server: scan for known viruses, run blacklists and setup filter that look for unusual traffic patterns, setup company-wide spam identification that notifies the mail server.
This will help prevent false positives and identify misses.
Block bad filetypes (all password protected compressed formats, all video files, anything remotely executable.
internet: run everything through a proxy that checks for content and have dns check for known bad domains and redirect to 127.0.0.1 if they attempt to go to a forbidden page - this is better than directing to the server because it will prevent you DDOSing your own servers.
Set firefox as the default
security: enable DEP on all computers, run basic antispyware and antivirus on all computers (use microsoft security essentials and spybot combo if you can't afford anything else).
Turn off macro support on office products unless necessary for a specific user.
lockdown group policy so that desktop and c drive can't be written by users, rename the administrative account and set a password.
Make sure that system settings cannot be changed.
Use an imaging product to reset the hard drive each boot (such as steadystate) or load the OS from a LAN image
Updates: Set the computers to Wake on lan or wake at a given time for updates.
Use fox-it or another alternate pdf viewer whenever possible instead of adobe.
Make sure flash is up-to-date, spyware and antivirus is up-to-date and browser and OS are up-to-date
Physical: lock the computer cases and prevent hardware installation by normal users.
Prevent external drives if possible (this can be configured under steady state or group policy).
Checkups: check computers once a month with a full scan and monitor network at idle for unusual activity.
This can be done for a large organization if you don't work weekends for instance by turning on all the machines and letting them sit idle and looking for unusual port activity or large volumes of data when they should not be updating.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568940</id>
	<title>Simple</title>
	<author>JustNiz</author>
	<datestamp>1269274140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Dump Windows. Switch to Linux.</p></htmltext>
<tokenext>Dump Windows .
Switch to Linux .</tokentext>
<sentencetext>Dump Windows.
Switch to Linux.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571198</id>
	<title>Re:Yeah...</title>
	<author>Anonymous</author>
	<datestamp>1269281160000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Not sure what part of the military you are in, but the Army has most definitely not switched it's position on USB Drives. It's unfortunate because we've almost gone backwards, using CDs for PowerPoint slides that are too big to email. Whenever I have to do that I think about 56K Modems and Tradewars 2002. Anybody else here a fan of TW2002?</p></htmltext>
<tokenext>Not sure what part of the military you are in , but the Army has most definitely not switched it 's position on USB Drives .
It 's unfortunate because we 've almost gone backwards , using CDs for PowerPoint slides that are too big to email .
Whenever I have to do that I think about 56K Modems and Tradewars 2002 .
Anybody else here a fan of TW2002 ?</tokentext>
<sentencetext>Not sure what part of the military you are in, but the Army has most definitely not switched it's position on USB Drives.
It's unfortunate because we've almost gone backwards, using CDs for PowerPoint slides that are too big to email.
Whenever I have to do that I think about 56K Modems and Tradewars 2002.
Anybody else here a fan of TW2002?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566996</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566188</id>
	<title>Time to bust out a proxy server..</title>
	<author>mindmaster064</author>
	<datestamp>1269267120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Depending on your network topology you might be able to solve this by just adding one proxy/caching server to the mix. Proxy allows port 80 html traffic but doesn't allow other programs to bootleg themselves as something running on 80 to connect as there generally is application protocol checking. Firewalls do not remove the need for an application/proxy server in this mess and do not replace it as without that function you still have machines directly connecting to remote hosts and are still vulnerable. Firewall all traffic off both ways at the firewall and only allow traffic originating from the proxy to transverse the screen. Bot programs already on hosts thus have lost access to anything, and you are pushing your proxy list down via group policies to the client machines.

And no, you don't need Linux to do this despite what I see other people commenting. Linux is more secure in most cases due to obscurity, but it is not the same thing as Windows and expecting your user base to use it is like cutting off one of their arms and asking them to do the same work. Properly implementing your windows security is all that is required and it probably would be easier to add one machine to fix all of your problems than to wipe all the machines in your office and load Linux wouldn't it?</htmltext>
<tokenext>Depending on your network topology you might be able to solve this by just adding one proxy/caching server to the mix .
Proxy allows port 80 html traffic but does n't allow other programs to bootleg themselves as something running on 80 to connect as there generally is application protocol checking .
Firewalls do not remove the need for an application/proxy server in this mess and do not replace it as without that function you still have machines directly connecting to remote hosts and are still vulnerable .
Firewall all traffic off both ways at the firewall and only allow traffic originating from the proxy to transverse the screen .
Bot programs already on hosts thus have lost access to anything , and you are pushing your proxy list down via group policies to the client machines .
And no , you do n't need Linux to do this despite what I see other people commenting .
Linux is more secure in most cases due to obscurity , but it is not the same thing as Windows and expecting your user base to use it is like cutting off one of their arms and asking them to do the same work .
Properly implementing your windows security is all that is required and it probably would be easier to add one machine to fix all of your problems than to wipe all the machines in your office and load Linux would n't it ?</tokentext>
<sentencetext>Depending on your network topology you might be able to solve this by just adding one proxy/caching server to the mix.
Proxy allows port 80 html traffic but doesn't allow other programs to bootleg themselves as something running on 80 to connect as there generally is application protocol checking.
Firewalls do not remove the need for an application/proxy server in this mess and do not replace it as without that function you still have machines directly connecting to remote hosts and are still vulnerable.
Firewall all traffic off both ways at the firewall and only allow traffic originating from the proxy to transverse the screen.
Bot programs already on hosts thus have lost access to anything, and you are pushing your proxy list down via group policies to the client machines.
And no, you don't need Linux to do this despite what I see other people commenting.
Linux is more secure in most cases due to obscurity, but it is not the same thing as Windows and expecting your user base to use it is like cutting off one of their arms and asking them to do the same work.
Properly implementing your windows security is all that is required and it probably would be easier to add one machine to fix all of your problems than to wipe all the machines in your office and load Linux wouldn't it?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31581418</id>
	<title>Re:In an ideal world...</title>
	<author>fuzzywig</author>
	<datestamp>1269347220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Thanks for the idea about the flash uninistaller, I found a link to it here:
<a href="http://kb2.adobe.com/cps/141/tn\_14157.html" title="adobe.com" rel="nofollow">http://kb2.adobe.com/cps/141/tn\_14157.html</a> [adobe.com]</htmltext>
<tokenext>Thanks for the idea about the flash uninistaller , I found a link to it here : http : //kb2.adobe.com/cps/141/tn \ _14157.html [ adobe.com ]</tokentext>
<sentencetext>Thanks for the idea about the flash uninistaller, I found a link to it here:
http://kb2.adobe.com/cps/141/tn\_14157.html [adobe.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566084</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571876</id>
	<title>Software Restriction Policies</title>
	<author>nuckfuts</author>
	<datestamp>1269282900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Have a look at <a href="http://technet.microsoft.com/en-us/library/cc507878.aspx" title="microsoft.com">Software Restriction Policies</a> [microsoft.com]. They can prevent unauthorized executables from being launched through a web browser, or from a USB drive, etc. Software Restriction Policies are not infallible, but they're far more effective than other preventive measures like antivirus software.</p></htmltext>
<tokenext>Have a look at Software Restriction Policies [ microsoft.com ] .
They can prevent unauthorized executables from being launched through a web browser , or from a USB drive , etc .
Software Restriction Policies are not infallible , but they 're far more effective than other preventive measures like antivirus software .</tokentext>
<sentencetext>Have a look at Software Restriction Policies [microsoft.com].
They can prevent unauthorized executables from being launched through a web browser, or from a USB drive, etc.
Software Restriction Policies are not infallible, but they're far more effective than other preventive measures like antivirus software.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566572</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>Anonymous</author>
	<datestamp>1269268140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>I'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall.  I have not found any problems on my computers but it is quite possible I've missed active bots with such simple protections.</p><p>So my question is: Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus?</p></div><p>Please forgive the bluntness of my answer.</p><p>Stupid users.</p><p>If someone is an admin on a computer, which most windows users are, there is little you can do to protect against bone headed actions the users.</p></div>
	</htmltext>
<tokenext>I 'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall .
I have not found any problems on my computers but it is quite possible I 've missed active bots with such simple protections.So my question is : Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus ? Please forgive the bluntness of my answer.Stupid users.If someone is an admin on a computer , which most windows users are , there is little you can do to protect against bone headed actions the users .</tokentext>
<sentencetext>I'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall.
I have not found any problems on my computers but it is quite possible I've missed active bots with such simple protections.So my question is: Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus?Please forgive the bluntness of my answer.Stupid users.If someone is an admin on a computer, which most windows users are, there is little you can do to protect against bone headed actions the users.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568058</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>Anonymous</author>
	<datestamp>1269271980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>AV only stops "known" threats, so until they are identified, you are vulnerable. If your network is targeted with a unique bot, AV will never help you.</p><p>You need to add a whitelisting tool, it's more effective than AV</p></htmltext>
<tokenext>AV only stops " known " threats , so until they are identified , you are vulnerable .
If your network is targeted with a unique bot , AV will never help you.You need to add a whitelisting tool , it 's more effective than AV</tokentext>
<sentencetext>AV only stops "known" threats, so until they are identified, you are vulnerable.
If your network is targeted with a unique bot, AV will never help you.You need to add a whitelisting tool, it's more effective than AV</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570234</id>
	<title>Re:I hope Taco doesn't work in IT</title>
	<author>FrankieBaby1986</author>
	<datestamp>1269277980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>You hear that sound up above? Must be windy in here today!</htmltext>
<tokenext>You hear that sound up above ?
Must be windy in here today !</tokentext>
<sentencetext>You hear that sound up above?
Must be windy in here today!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31572094</id>
	<title>Pop Survey: Handing out local administrator</title>
	<author>pentalive</author>
	<datestamp>1269283500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>It has been some time since I have been able to work in a technical job (since 2001)..
<p>
Where you work, have you been able to disallow the user of a machine having
the local administrator password, or an administrator level account?
</p><p>
How were you able to overcome the political battle that this would cause? Did
your management support the idea?</p></htmltext>
<tokenext>It has been some time since I have been able to work in a technical job ( since 2001 ) . . Where you work , have you been able to disallow the user of a machine having the local administrator password , or an administrator level account ?
How were you able to overcome the political battle that this would cause ?
Did your management support the idea ?</tokentext>
<sentencetext>It has been some time since I have been able to work in a technical job (since 2001)..

Where you work, have you been able to disallow the user of a machine having
the local administrator password, or an administrator level account?
How were you able to overcome the political battle that this would cause?
Did
your management support the idea?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567638</id>
	<title>no need for a technical solution</title>
	<author>Jose</author>
	<datestamp>1269270840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>there is no need for a technical solution..assuming this is for a business, fire anyone who decides to infect a company-owned PC  with malware. (make sure your AUP/HR Policies *clearly* state this).</p><p>ideally this would let you uninstall any anti-virus on end-user PC's, which will increase performance...you still need to do some checking at the perimeter of course.</p></htmltext>
<tokenext>there is no need for a technical solution..assuming this is for a business , fire anyone who decides to infect a company-owned PC with malware .
( make sure your AUP/HR Policies * clearly * state this ) .ideally this would let you uninstall any anti-virus on end-user PC 's , which will increase performance...you still need to do some checking at the perimeter of course .</tokentext>
<sentencetext>there is no need for a technical solution..assuming this is for a business, fire anyone who decides to infect a company-owned PC  with malware.
(make sure your AUP/HR Policies *clearly* state this).ideally this would let you uninstall any anti-virus on end-user PC's, which will increase performance...you still need to do some checking at the perimeter of course.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31579362</id>
	<title>Re:Is it really necessary to ask?</title>
	<author>jamie(really)</author>
	<datestamp>1269277800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>#1. Don't allow users to be Admins of their own machines. I know in this day and age it's harder to push this one on people, but the ultimate reality is that if the user can't infect the system then they aren't going to get very far.</p></div><p>There are plenty of root escalation attacks, on plenty of operating systems, including linux.</p><p><div class="quote"><p>#2. Managed, host-based firewalls on each of the machines that have rules for incoming and outgoing. This can be any number of centrally managed tools. if you're on XP, your best solution is likely something from say Symantec, Mcafee, or whichever company you want to use. I know with SEP you can manage the firewall portions and prevent worms from auto spreading.</p></div><p>That's one way, if you want to spend a ton of money on software that can be easily bypassed. Question for you: why are you windows machines all talking to each other? Question 2: *how* are they talking to each other?</p><p><div class="quote"><p>#3. Transparent, Layer 7 filtering at the network edge. Whether you want to use a proxy or a firewall for this is up to you. Juniper makes some pretty nice layer 7 devices for this purpose.</p></div><p>Ok, yes, a firewall might be a good idea.</p><p><div class="quote"><p>#4. NAC/NAP. Again, useful technologies--prevent systems from communicating on the network that don't register as having proper updates or AV settings.</p></div><p>Policeman: Hello, are you a thief?<br>Thief: No.<br>Policeman: On your way then.</p><p>Here is the bottom line: Client machines cannot be trusted. If you think installing anything on the client machine will improve security then you've already failed. You think Semantec can do a better job the Microsoft?</p><p>What to do about that?</p><p>1. Clients only talk to servers. Share C$ all you like, but other windows machines can't see it. How? Managed routers.<br>2. Servers run anti-virus, especially on the email side.<br>3. Intrusion Detection, e.g. Snort.</p></div>
	</htmltext>
<tokenext># 1 .
Do n't allow users to be Admins of their own machines .
I know in this day and age it 's harder to push this one on people , but the ultimate reality is that if the user ca n't infect the system then they are n't going to get very far.There are plenty of root escalation attacks , on plenty of operating systems , including linux. # 2 .
Managed , host-based firewalls on each of the machines that have rules for incoming and outgoing .
This can be any number of centrally managed tools .
if you 're on XP , your best solution is likely something from say Symantec , Mcafee , or whichever company you want to use .
I know with SEP you can manage the firewall portions and prevent worms from auto spreading.That 's one way , if you want to spend a ton of money on software that can be easily bypassed .
Question for you : why are you windows machines all talking to each other ?
Question 2 : * how * are they talking to each other ? # 3 .
Transparent , Layer 7 filtering at the network edge .
Whether you want to use a proxy or a firewall for this is up to you .
Juniper makes some pretty nice layer 7 devices for this purpose.Ok , yes , a firewall might be a good idea. # 4 .
NAC/NAP. Again , useful technologies--prevent systems from communicating on the network that do n't register as having proper updates or AV settings.Policeman : Hello , are you a thief ? Thief : No.Policeman : On your way then.Here is the bottom line : Client machines can not be trusted .
If you think installing anything on the client machine will improve security then you 've already failed .
You think Semantec can do a better job the Microsoft ? What to do about that ? 1 .
Clients only talk to servers .
Share C $ all you like , but other windows machines ca n't see it .
How ? Managed routers.2 .
Servers run anti-virus , especially on the email side.3 .
Intrusion Detection , e.g .
Snort .</tokentext>
<sentencetext>#1.
Don't allow users to be Admins of their own machines.
I know in this day and age it's harder to push this one on people, but the ultimate reality is that if the user can't infect the system then they aren't going to get very far.There are plenty of root escalation attacks, on plenty of operating systems, including linux.#2.
Managed, host-based firewalls on each of the machines that have rules for incoming and outgoing.
This can be any number of centrally managed tools.
if you're on XP, your best solution is likely something from say Symantec, Mcafee, or whichever company you want to use.
I know with SEP you can manage the firewall portions and prevent worms from auto spreading.That's one way, if you want to spend a ton of money on software that can be easily bypassed.
Question for you: why are you windows machines all talking to each other?
Question 2: *how* are they talking to each other?#3.
Transparent, Layer 7 filtering at the network edge.
Whether you want to use a proxy or a firewall for this is up to you.
Juniper makes some pretty nice layer 7 devices for this purpose.Ok, yes, a firewall might be a good idea.#4.
NAC/NAP. Again, useful technologies--prevent systems from communicating on the network that don't register as having proper updates or AV settings.Policeman: Hello, are you a thief?Thief: No.Policeman: On your way then.Here is the bottom line: Client machines cannot be trusted.
If you think installing anything on the client machine will improve security then you've already failed.
You think Semantec can do a better job the Microsoft?What to do about that?1.
Clients only talk to servers.
Share C$ all you like, but other windows machines can't see it.
How? Managed routers.2.
Servers run anti-virus, especially on the email side.3.
Intrusion Detection, e.g.
Snort.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566146</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566956</id>
	<title>English not your first language?</title>
	<author>YourExperiment</author>
	<datestamp>1269269100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>How To Avoid the Infection of Botnet?</p></div><p>By using the common of sense?</p></div>
	</htmltext>
<tokenext>How To Avoid the Infection of Botnet ? By using the common of sense ?</tokentext>
<sentencetext>How To Avoid the Infection of Botnet?By using the common of sense?
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567184</id>
	<title>Lots of tools but where's the intelligence?</title>
	<author>Anonymous</author>
	<datestamp>1269269760000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>Windows isn't going away, Linux and OSX aren't the cure-alls either.</p><p>I've seen lots of things tried, locking down the desktop even to the point that Active-X controls couldn't be installed by an end-user. Still, with any XP or Windows 2000 system we had,  if you hooked it to the net without some AV or patching applied within 30 minutes you'd have some virus or malware on it.  That was on the company Intranet.</p><p>I think what needs to happen is that network management tools need to start modeling traffic behavior and start watching for abnormal patterns and requests, likewise the Internet is wide open but there's only certain destinations that you really need to go when at work.  IPS goes so far but really you need to start identifying traffic patterns and abnormalities in those patterns.  Not just for this kind of exploit but for changes in system behavior as well.</p><p>Yes, Port 80 blocks aren't effective, but where is the traffic going?  If it's going to Romania or some other place, why is it going there?  If your users go to Google, Slashdot and other well known sites, why all of a sudden are they going to ISPs that are known to host botnet controllers?</p><p>I think admins and the industry have put too much emphasis on just fixing the O/S and as Windows holes get filled, there will still be millions of XP systems out there to exploit.  A lot of this will start to move to the OSX/Linux community as well, it's just a matter of time because those markets will become victims of their own success.  Hackers like a challenge and trust me they'll figure a way out to infect OSX and then the malware companies will start rolling out more products to "protect" those systems as well.</p></htmltext>
<tokenext>Windows is n't going away , Linux and OSX are n't the cure-alls either.I 've seen lots of things tried , locking down the desktop even to the point that Active-X controls could n't be installed by an end-user .
Still , with any XP or Windows 2000 system we had , if you hooked it to the net without some AV or patching applied within 30 minutes you 'd have some virus or malware on it .
That was on the company Intranet.I think what needs to happen is that network management tools need to start modeling traffic behavior and start watching for abnormal patterns and requests , likewise the Internet is wide open but there 's only certain destinations that you really need to go when at work .
IPS goes so far but really you need to start identifying traffic patterns and abnormalities in those patterns .
Not just for this kind of exploit but for changes in system behavior as well.Yes , Port 80 blocks are n't effective , but where is the traffic going ?
If it 's going to Romania or some other place , why is it going there ?
If your users go to Google , Slashdot and other well known sites , why all of a sudden are they going to ISPs that are known to host botnet controllers ? I think admins and the industry have put too much emphasis on just fixing the O/S and as Windows holes get filled , there will still be millions of XP systems out there to exploit .
A lot of this will start to move to the OSX/Linux community as well , it 's just a matter of time because those markets will become victims of their own success .
Hackers like a challenge and trust me they 'll figure a way out to infect OSX and then the malware companies will start rolling out more products to " protect " those systems as well .</tokentext>
<sentencetext>Windows isn't going away, Linux and OSX aren't the cure-alls either.I've seen lots of things tried, locking down the desktop even to the point that Active-X controls couldn't be installed by an end-user.
Still, with any XP or Windows 2000 system we had,  if you hooked it to the net without some AV or patching applied within 30 minutes you'd have some virus or malware on it.
That was on the company Intranet.I think what needs to happen is that network management tools need to start modeling traffic behavior and start watching for abnormal patterns and requests, likewise the Internet is wide open but there's only certain destinations that you really need to go when at work.
IPS goes so far but really you need to start identifying traffic patterns and abnormalities in those patterns.
Not just for this kind of exploit but for changes in system behavior as well.Yes, Port 80 blocks aren't effective, but where is the traffic going?
If it's going to Romania or some other place, why is it going there?
If your users go to Google, Slashdot and other well known sites, why all of a sudden are they going to ISPs that are known to host botnet controllers?I think admins and the industry have put too much emphasis on just fixing the O/S and as Windows holes get filled, there will still be millions of XP systems out there to exploit.
A lot of this will start to move to the OSX/Linux community as well, it's just a matter of time because those markets will become victims of their own success.
Hackers like a challenge and trust me they'll figure a way out to infect OSX and then the malware companies will start rolling out more products to "protect" those systems as well.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566374</id>
	<title>Re:Yeah...</title>
	<author>lordandmaker</author>
	<datestamp>1269267600000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><blockquote><div><p>If you really want to be sure you avoid being part of a botnet, then yes, Windows is not one of the choices you have. It cant be secured, its like going down the rapids in a colander while trying to plug the holes with cabbage.</p></div>
</blockquote><p>

Thing is, though, *everyone* running Windows treats it as holey, exploitable and generally unsafe. So they apply every security mechanism they can, they bother to audit things, and generally treat it as a dangerous thing that needs attention.
<br> <br>
Too many Linux/OSX users sit there thinking "I use Unix. I have no need for security software". Especially the ones who were sold the idea on the grounds that 'there are no viruses for this'.</p></div>
	</htmltext>
<tokenext>If you really want to be sure you avoid being part of a botnet , then yes , Windows is not one of the choices you have .
It cant be secured , its like going down the rapids in a colander while trying to plug the holes with cabbage .
Thing is , though , * everyone * running Windows treats it as holey , exploitable and generally unsafe .
So they apply every security mechanism they can , they bother to audit things , and generally treat it as a dangerous thing that needs attention .
Too many Linux/OSX users sit there thinking " I use Unix .
I have no need for security software " .
Especially the ones who were sold the idea on the grounds that 'there are no viruses for this' .</tokentext>
<sentencetext>If you really want to be sure you avoid being part of a botnet, then yes, Windows is not one of the choices you have.
It cant be secured, its like going down the rapids in a colander while trying to plug the holes with cabbage.
Thing is, though, *everyone* running Windows treats it as holey, exploitable and generally unsafe.
So they apply every security mechanism they can, they bother to audit things, and generally treat it as a dangerous thing that needs attention.
Too many Linux/OSX users sit there thinking "I use Unix.
I have no need for security software".
Especially the ones who were sold the idea on the grounds that 'there are no viruses for this'.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565974</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569436</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>hcmtnbiker</author>
	<datestamp>1269275640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><i>I'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall.</i>
<br> <br>
Do you work for Adobe?  Because this is the mindset they have that keeps getting their products pwned.  If you program you <b>need</b> to have a good idea about security, otherwise you're endangering others.</htmltext>
<tokenext>I 'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall .
Do you work for Adobe ?
Because this is the mindset they have that keeps getting their products pwned .
If you program you need to have a good idea about security , otherwise you 're endangering others .</tokentext>
<sentencetext>I'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall.
Do you work for Adobe?
Because this is the mindset they have that keeps getting their products pwned.
If you program you need to have a good idea about security, otherwise you're endangering others.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567818</id>
	<title>Defense in Depth.</title>
	<author>Rhaize</author>
	<datestamp>1269271320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Defense in layers would have gone quite a ways to assist in this problem. I don't recommend chrome/firefox/etc because it's not IE, I recommend it because you can run script blockers etc that will cut down on the risk of infection. Most corporate machines I've seen disable firewalls and uac because it might interfere with workstation management, which is great until your sales team takes it out and puts it on some random network x at a hotel. Defending each machine individually with firewall, antivirus, and scriptblocking. Push patches out same day. Disable unused services on your workstation images.</p><p>Monitor your exchange server, run antivirus and block obvious attachment that could contain viruses. be careful about restricting pdf, doc, or other files which while potentially harmful will necessitate your users going around your protections to get the job done.</p><p>Employ access lists in your internal routers to segregate/restrict traffic between workstations and  and tight firewall security on your perimeters. Once that is done, set up a honeypot or 3 that mimick your production components as an early warning system.</p><p>Lastly monitor your network traffic for trends. use DPI and stateful firewalls to keep ahead of the ball.</p></htmltext>
<tokenext>Defense in layers would have gone quite a ways to assist in this problem .
I do n't recommend chrome/firefox/etc because it 's not IE , I recommend it because you can run script blockers etc that will cut down on the risk of infection .
Most corporate machines I 've seen disable firewalls and uac because it might interfere with workstation management , which is great until your sales team takes it out and puts it on some random network x at a hotel .
Defending each machine individually with firewall , antivirus , and scriptblocking .
Push patches out same day .
Disable unused services on your workstation images.Monitor your exchange server , run antivirus and block obvious attachment that could contain viruses .
be careful about restricting pdf , doc , or other files which while potentially harmful will necessitate your users going around your protections to get the job done.Employ access lists in your internal routers to segregate/restrict traffic between workstations and and tight firewall security on your perimeters .
Once that is done , set up a honeypot or 3 that mimick your production components as an early warning system.Lastly monitor your network traffic for trends .
use DPI and stateful firewalls to keep ahead of the ball .</tokentext>
<sentencetext>Defense in layers would have gone quite a ways to assist in this problem.
I don't recommend chrome/firefox/etc because it's not IE, I recommend it because you can run script blockers etc that will cut down on the risk of infection.
Most corporate machines I've seen disable firewalls and uac because it might interfere with workstation management, which is great until your sales team takes it out and puts it on some random network x at a hotel.
Defending each machine individually with firewall, antivirus, and scriptblocking.
Push patches out same day.
Disable unused services on your workstation images.Monitor your exchange server, run antivirus and block obvious attachment that could contain viruses.
be careful about restricting pdf, doc, or other files which while potentially harmful will necessitate your users going around your protections to get the job done.Employ access lists in your internal routers to segregate/restrict traffic between workstations and  and tight firewall security on your perimeters.
Once that is done, set up a honeypot or 3 that mimick your production components as an early warning system.Lastly monitor your network traffic for trends.
use DPI and stateful firewalls to keep ahead of the ball.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567194</id>
	<title>Re:I hope Taco doesn't work in IT</title>
	<author>uncledrax</author>
	<datestamp>1269269760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>comment modded -1 for "Missing the joke"</p><p>And you can block port 80 for anyone running a browser.. if you prevent outbound GET/POSTs, the server will never send a response<nobr> <wbr></nobr>;]</p></htmltext>
<tokenext>comment modded -1 for " Missing the joke " And you can block port 80 for anyone running a browser.. if you prevent outbound GET/POSTs , the server will never send a response ; ]</tokentext>
<sentencetext>comment modded -1 for "Missing the joke"And you can block port 80 for anyone running a browser.. if you prevent outbound GET/POSTs, the server will never send a response ;]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566648</id>
	<title>block</title>
	<author>Anonymous</author>
	<datestamp>1269268380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>myspace and facebook and disable autorun on all drives like usb and cdrom.</p></htmltext>
<tokenext>myspace and facebook and disable autorun on all drives like usb and cdrom .</tokentext>
<sentencetext>myspace and facebook and disable autorun on all drives like usb and cdrom.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566146</id>
	<title>Is it really necessary to ask?</title>
	<author>magamiako1</author>
	<datestamp>1269267000000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>It really depends on the size of the companies and the resources they're willing to spend on proper security. You should do a cost analysis of the downtime, not to mention the IT time required to fix the ecosystem. You can do it in waves, and some changes will be more well received than others.<br><br>#1. Don't allow users to be Admins of their own machines. I know in this day and age it's harder to push this one on people, but the ultimate reality is that if the user can't infect the system then they aren't going to get very far.<br><br>#2. Managed, host-based firewalls on each of the machines that have rules for incoming and outgoing. This can be any number of centrally managed tools. if you're on XP, your best solution is likely something from say Symantec, Mcafee, or whichever company you want to use. I know with SEP you can manage the firewall portions and prevent worms from auto spreading.<br><br>#3. Transparent, Layer 7 filtering at the network edge. Whether you want to use a proxy or a firewall for this is up to you. Juniper makes some pretty nice layer 7 devices for this purpose.<br><br>#4. NAC/NAP. Again, useful technologies--prevent systems from communicating on the network that don't register as having proper updates or AV settings.<br><br>These are just some basics, there's probably something entirely different based on the specific method these worms are using to spread. Perhaps a centrally managed website policy that locks systems down a bit more is all that's needed? Maybe keeping things more up-to-date, such as rolling out Windows 7 desktops with IE8?</htmltext>
<tokenext>It really depends on the size of the companies and the resources they 're willing to spend on proper security .
You should do a cost analysis of the downtime , not to mention the IT time required to fix the ecosystem .
You can do it in waves , and some changes will be more well received than others. # 1 .
Do n't allow users to be Admins of their own machines .
I know in this day and age it 's harder to push this one on people , but the ultimate reality is that if the user ca n't infect the system then they are n't going to get very far. # 2 .
Managed , host-based firewalls on each of the machines that have rules for incoming and outgoing .
This can be any number of centrally managed tools .
if you 're on XP , your best solution is likely something from say Symantec , Mcafee , or whichever company you want to use .
I know with SEP you can manage the firewall portions and prevent worms from auto spreading. # 3 .
Transparent , Layer 7 filtering at the network edge .
Whether you want to use a proxy or a firewall for this is up to you .
Juniper makes some pretty nice layer 7 devices for this purpose. # 4 .
NAC/NAP. Again , useful technologies--prevent systems from communicating on the network that do n't register as having proper updates or AV settings.These are just some basics , there 's probably something entirely different based on the specific method these worms are using to spread .
Perhaps a centrally managed website policy that locks systems down a bit more is all that 's needed ?
Maybe keeping things more up-to-date , such as rolling out Windows 7 desktops with IE8 ?</tokentext>
<sentencetext>It really depends on the size of the companies and the resources they're willing to spend on proper security.
You should do a cost analysis of the downtime, not to mention the IT time required to fix the ecosystem.
You can do it in waves, and some changes will be more well received than others.#1.
Don't allow users to be Admins of their own machines.
I know in this day and age it's harder to push this one on people, but the ultimate reality is that if the user can't infect the system then they aren't going to get very far.#2.
Managed, host-based firewalls on each of the machines that have rules for incoming and outgoing.
This can be any number of centrally managed tools.
if you're on XP, your best solution is likely something from say Symantec, Mcafee, or whichever company you want to use.
I know with SEP you can manage the firewall portions and prevent worms from auto spreading.#3.
Transparent, Layer 7 filtering at the network edge.
Whether you want to use a proxy or a firewall for this is up to you.
Juniper makes some pretty nice layer 7 devices for this purpose.#4.
NAC/NAP. Again, useful technologies--prevent systems from communicating on the network that don't register as having proper updates or AV settings.These are just some basics, there's probably something entirely different based on the specific method these worms are using to spread.
Perhaps a centrally managed website policy that locks systems down a bit more is all that's needed?
Maybe keeping things more up-to-date, such as rolling out Windows 7 desktops with IE8?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568666</id>
	<title>Re:Yeah...</title>
	<author>SiChemist</author>
	<datestamp>1269273540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Hear, hear.  There have been a rash of malware infections at my place of employment and nobody can even discover what the attack vector was.  Nothing can protect you from 0-day exploits that are hidden in ads.  Well, except Linux<nobr> <wbr></nobr>:-)</p></htmltext>
<tokenext>Hear , hear .
There have been a rash of malware infections at my place of employment and nobody can even discover what the attack vector was .
Nothing can protect you from 0-day exploits that are hidden in ads .
Well , except Linux : - )</tokentext>
<sentencetext>Hear, hear.
There have been a rash of malware infections at my place of employment and nobody can even discover what the attack vector was.
Nothing can protect you from 0-day exploits that are hidden in ads.
Well, except Linux :-)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566988</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31573786</id>
	<title>You can't patch fast enough.</title>
	<author>SgtChaireBourne</author>
	<datestamp>1269289560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Then you should stop being a coder.  Anyway, if you are running Windows you can't be a contributor.  Windows and coding</p><p><div class="quote"><p>So my question is: Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus?</p></div><p>
Go read what a firewall does.  The real name is packet filter
</p><ul>
<li>You set up a firewall.  You allow MSIE out.  MSIE goes out and brings back Windows malware.  </li><li>You set up a firewall.  You allow MS Outlook.  Outlook gets a mail with malware and installs it.  </li></ul><p>
As far as AVS goes, it's reactive and can never catch up.  The very principles on which the AVS is designed means it will always be 2 or more steps behind.  Go read about the propagation of Windows malware, especially the rate of spread.  Then go look at how 'fast' the AVS companies roll out a new update.  Then go look how many weeks or months it takes M$ to patch -- usually they don't patch, but instead tie the patch to an upgrade, bundling in new bugs or licensing or other changes.
</p></div>
	</htmltext>
<tokenext>Then you should stop being a coder .
Anyway , if you are running Windows you ca n't be a contributor .
Windows and codingSo my question is : Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus ?
Go read what a firewall does .
The real name is packet filter You set up a firewall .
You allow MSIE out .
MSIE goes out and brings back Windows malware .
You set up a firewall .
You allow MS Outlook .
Outlook gets a mail with malware and installs it .
As far as AVS goes , it 's reactive and can never catch up .
The very principles on which the AVS is designed means it will always be 2 or more steps behind .
Go read about the propagation of Windows malware , especially the rate of spread .
Then go look at how 'fast ' the AVS companies roll out a new update .
Then go look how many weeks or months it takes M $ to patch -- usually they do n't patch , but instead tie the patch to an upgrade , bundling in new bugs or licensing or other changes .</tokentext>
<sentencetext>Then you should stop being a coder.
Anyway, if you are running Windows you can't be a contributor.
Windows and codingSo my question is: Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus?
Go read what a firewall does.
The real name is packet filter

You set up a firewall.
You allow MSIE out.
MSIE goes out and brings back Windows malware.
You set up a firewall.
You allow MS Outlook.
Outlook gets a mail with malware and installs it.
As far as AVS goes, it's reactive and can never catch up.
The very principles on which the AVS is designed means it will always be 2 or more steps behind.
Go read about the propagation of Windows malware, especially the rate of spread.
Then go look at how 'fast' the AVS companies roll out a new update.
Then go look how many weeks or months it takes M$ to patch -- usually they don't patch, but instead tie the patch to an upgrade, bundling in new bugs or licensing or other changes.

	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571664</id>
	<title>Re:Is it really necessary to ask?</title>
	<author>Anonymous</author>
	<datestamp>1269282360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>To add to this, threats tend to evolve over time. Watch for <a href="http://www.us-cert.gov/cas/techalerts/" title="us-cert.gov" rel="nofollow">Technical Cyber Security Alerts</a> [us-cert.gov] on a regular basis. Better is to subscribe to the mailing list. Be prepared to update firewall/IDS software or configuration changes to address new threats. Be prepared to roll-out vendor patches in response to these threats. Verify any such roll-out as coming from a trusted source and behaving correctly in a test environment.</p><p>You must always weight the cost of security with what is being protected. If the information is not that valuable, it may be faster to have good configuration management and rebuild on detection of issues.</p></htmltext>
<tokenext>To add to this , threats tend to evolve over time .
Watch for Technical Cyber Security Alerts [ us-cert.gov ] on a regular basis .
Better is to subscribe to the mailing list .
Be prepared to update firewall/IDS software or configuration changes to address new threats .
Be prepared to roll-out vendor patches in response to these threats .
Verify any such roll-out as coming from a trusted source and behaving correctly in a test environment.You must always weight the cost of security with what is being protected .
If the information is not that valuable , it may be faster to have good configuration management and rebuild on detection of issues .</tokentext>
<sentencetext>To add to this, threats tend to evolve over time.
Watch for Technical Cyber Security Alerts [us-cert.gov] on a regular basis.
Better is to subscribe to the mailing list.
Be prepared to update firewall/IDS software or configuration changes to address new threats.
Be prepared to roll-out vendor patches in response to these threats.
Verify any such roll-out as coming from a trusted source and behaving correctly in a test environment.You must always weight the cost of security with what is being protected.
If the information is not that valuable, it may be faster to have good configuration management and rebuild on detection of issues.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566146</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568346</id>
	<title>Stop using fucking Windows</title>
	<author>gig</author>
	<datestamp>1269272700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So tired of the whining from Windows users. Botnets are almost 10 years old now. It's 8 years since Bill Gates promised to eradicate them. Why the fuck are you still running Windows? There is absolutely nothing it does which is unique. A mix of Mac and other Unix gives you malware-free computing. Not by accident, but by design.</p><p>I have no sympathy for you.<br>
&nbsp;</p></htmltext>
<tokenext>So tired of the whining from Windows users .
Botnets are almost 10 years old now .
It 's 8 years since Bill Gates promised to eradicate them .
Why the fuck are you still running Windows ?
There is absolutely nothing it does which is unique .
A mix of Mac and other Unix gives you malware-free computing .
Not by accident , but by design.I have no sympathy for you .
 </tokentext>
<sentencetext>So tired of the whining from Windows users.
Botnets are almost 10 years old now.
It's 8 years since Bill Gates promised to eradicate them.
Why the fuck are you still running Windows?
There is absolutely nothing it does which is unique.
A mix of Mac and other Unix gives you malware-free computing.
Not by accident, but by design.I have no sympathy for you.
 </sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568082</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>dk90406</author>
	<datestamp>1269272040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>&gt; I'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall<p>
Then you are, IMO, part of the problem. All (professional) coders should have fundamental security knowledge in order to prevent the release of buggy insecure software. Many botnets are created by exploiting buffer overflows and their ilk.</p></htmltext>
<tokenext>&gt; I 'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall Then you are , IMO , part of the problem .
All ( professional ) coders should have fundamental security knowledge in order to prevent the release of buggy insecure software .
Many botnets are created by exploiting buffer overflows and their ilk .</tokentext>
<sentencetext>&gt; I'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall
Then you are, IMO, part of the problem.
All (professional) coders should have fundamental security knowledge in order to prevent the release of buggy insecure software.
Many botnets are created by exploiting buffer overflows and their ilk.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</id>
	<title>What gets around Firewalls and AVS?</title>
	<author>Drethon</author>
	<datestamp>1269266220000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>I'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall.  I have not found any problems on my computers but it is quite possible I've missed active bots with such simple protections.<br>
<br>
So my question is: Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus?</htmltext>
<tokenext>I 'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall .
I have not found any problems on my computers but it is quite possible I 've missed active bots with such simple protections .
So my question is : Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus ?</tokentext>
<sentencetext>I'm a coder not IT so my knowledge of security pretty much stops at installing anti-virus and setting up a firewall.
I have not found any problems on my computers but it is quite possible I've missed active bots with such simple protections.
So my question is: Is firewall and anti-virus really not that effective and if so how do bots get around firewall and anti-virus?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569986</id>
	<title>Defense...</title>
	<author>Whatchamacallit</author>
	<datestamp>1269277260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>a. Get off Windows if you can.  You simply don't see these attacks on other OS platforms.  Even with all the below precautions we still catch people getting infected with malware....</p><p>(Reality... We are stuck with Windows...)</p><p>1.   Install advanced firewall and web proxy filtering, block all social networks, non-work email, any Pr0n, or non-work related sites, etc.<br>2.   Block foreign international IP ranges such as China, Korea, India, Russia, the Balkins, etc that you really don't need.<br>3.   Remove admin privileges from your users on Windows; only IT staff such as developers and deskside tech's need it.<br>4.   Install anti-virus protection but don't think that covers you completely.<br>5.   Audit where your users are surfing, start blocking things you didn't think of.<br>6.   Be cautious of laptop users who could get infected while on WiFi when not using VPN, etc.<br>7.   Install a good intelligent Packet Analysis system like Netwitness and review it's logs regularly.  This is how that Kneber botnet with 74K+ infected systems was discovered.</p><p>(Seriously, get the heck off Windows if you can!)</p><p>I am not going to argue the Windows is vulnerable because it's popular argument.  Windows is vulnerable because it's security is terrible. Yeah every system has vulnerabilities but no one has quite so many as Windows!  If it wasn't for Windows, we would not have the problems we have with malware and SPAM.  i.e. all SPAM comes from infected Windows boxes and about 90\% of all email is SPAM!</p><p>Got to do online banking for your small business?  Do yourself a favor and go burn a Linux Live CD right now!  Then use it for online banking.  You won't get infected with that...  Many millions getting siphoned from small businesses with online banking because they're Windows computer got hacked by a trojan botnet!</p><p>If you have to use Windows, then setup a Citrix farm and lock it down super tight.</p></htmltext>
<tokenext>a. Get off Windows if you can .
You simply do n't see these attacks on other OS platforms .
Even with all the below precautions we still catch people getting infected with malware.... ( Reality... We are stuck with Windows... ) 1 .
Install advanced firewall and web proxy filtering , block all social networks , non-work email , any Pr0n , or non-work related sites , etc.2 .
Block foreign international IP ranges such as China , Korea , India , Russia , the Balkins , etc that you really do n't need.3 .
Remove admin privileges from your users on Windows ; only IT staff such as developers and deskside tech 's need it.4 .
Install anti-virus protection but do n't think that covers you completely.5 .
Audit where your users are surfing , start blocking things you did n't think of.6 .
Be cautious of laptop users who could get infected while on WiFi when not using VPN , etc.7 .
Install a good intelligent Packet Analysis system like Netwitness and review it 's logs regularly .
This is how that Kneber botnet with 74K + infected systems was discovered .
( Seriously , get the heck off Windows if you can !
) I am not going to argue the Windows is vulnerable because it 's popular argument .
Windows is vulnerable because it 's security is terrible .
Yeah every system has vulnerabilities but no one has quite so many as Windows !
If it was n't for Windows , we would not have the problems we have with malware and SPAM .
i.e. all SPAM comes from infected Windows boxes and about 90 \ % of all email is SPAM ! Got to do online banking for your small business ?
Do yourself a favor and go burn a Linux Live CD right now !
Then use it for online banking .
You wo n't get infected with that... Many millions getting siphoned from small businesses with online banking because they 're Windows computer got hacked by a trojan botnet ! If you have to use Windows , then setup a Citrix farm and lock it down super tight .</tokentext>
<sentencetext>a. Get off Windows if you can.
You simply don't see these attacks on other OS platforms.
Even with all the below precautions we still catch people getting infected with malware....(Reality... We are stuck with Windows...)1.
Install advanced firewall and web proxy filtering, block all social networks, non-work email, any Pr0n, or non-work related sites, etc.2.
Block foreign international IP ranges such as China, Korea, India, Russia, the Balkins, etc that you really don't need.3.
Remove admin privileges from your users on Windows; only IT staff such as developers and deskside tech's need it.4.
Install anti-virus protection but don't think that covers you completely.5.
Audit where your users are surfing, start blocking things you didn't think of.6.
Be cautious of laptop users who could get infected while on WiFi when not using VPN, etc.7.
Install a good intelligent Packet Analysis system like Netwitness and review it's logs regularly.
This is how that Kneber botnet with 74K+ infected systems was discovered.
(Seriously, get the heck off Windows if you can!
)I am not going to argue the Windows is vulnerable because it's popular argument.
Windows is vulnerable because it's security is terrible.
Yeah every system has vulnerabilities but no one has quite so many as Windows!
If it wasn't for Windows, we would not have the problems we have with malware and SPAM.
i.e. all SPAM comes from infected Windows boxes and about 90\% of all email is SPAM!Got to do online banking for your small business?
Do yourself a favor and go burn a Linux Live CD right now!
Then use it for online banking.
You won't get infected with that...  Many millions getting siphoned from small businesses with online banking because they're Windows computer got hacked by a trojan botnet!If you have to use Windows, then setup a Citrix farm and lock it down super tight.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567396</id>
	<title>Re:What gets around Firewalls and AVS?</title>
	<author>Ironhandx</author>
	<datestamp>1269270240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The problem is usually user-related in this case. If you execute something and "click away" all the little warnings that are liable to pop up that this thing is doing something nasty, you can, without even knowing, escalate the program privileges straight to the top where the antivirus/firewall can't do jack all about it.</p><p>Many Anti-Virus packages these days will attempt to deny you access to that part of the computer but I've seen people disable their anti-virus so many times to get "The cute squigglie mouse" to come up on their screen that it actually sickens me. Once thats done if the computer is on a trusted network breaking everything else on the network is relatively trivial unless each machine is set up as its own island fortress which within a company network isn't a good solution as it will also interfere with a lot of day-to-day useful apps.</p></htmltext>
<tokenext>The problem is usually user-related in this case .
If you execute something and " click away " all the little warnings that are liable to pop up that this thing is doing something nasty , you can , without even knowing , escalate the program privileges straight to the top where the antivirus/firewall ca n't do jack all about it.Many Anti-Virus packages these days will attempt to deny you access to that part of the computer but I 've seen people disable their anti-virus so many times to get " The cute squigglie mouse " to come up on their screen that it actually sickens me .
Once thats done if the computer is on a trusted network breaking everything else on the network is relatively trivial unless each machine is set up as its own island fortress which within a company network is n't a good solution as it will also interfere with a lot of day-to-day useful apps .</tokentext>
<sentencetext>The problem is usually user-related in this case.
If you execute something and "click away" all the little warnings that are liable to pop up that this thing is doing something nasty, you can, without even knowing, escalate the program privileges straight to the top where the antivirus/firewall can't do jack all about it.Many Anti-Virus packages these days will attempt to deny you access to that part of the computer but I've seen people disable their anti-virus so many times to get "The cute squigglie mouse" to come up on their screen that it actually sickens me.
Once thats done if the computer is on a trusted network breaking everything else on the network is relatively trivial unless each machine is set up as its own island fortress which within a company network isn't a good solution as it will also interfere with a lot of day-to-day useful apps.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31573172</id>
	<title>"ethical hacker" smiley demo/training session</title>
	<author>Anonymous</author>
	<datestamp>1269287220000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>A demo or training session whould<br>A live demonstration of infections on a scheduled time in the work week, maybe.<br>IT staff asks users to check mail - mail looks innocent with "Smileys!", "urgent", "your account is about to expire" messages.<br>People "click here" and then they get a blue screen saying "f--k you, just infected"</p><p>The fear of the BSOD will do the major part of the education<nobr> <wbr></nobr>:-)<br>Then make sure that you show them how much time it takes to clean up your "education" malware and then let the guys go back to work.</p><p>Make this demo/training a quarterly or half-yearly feature. Showing them the problem visually makes a lasting impact.</p></htmltext>
<tokenext>A demo or training session whouldA live demonstration of infections on a scheduled time in the work week , maybe.IT staff asks users to check mail - mail looks innocent with " Smileys !
" , " urgent " , " your account is about to expire " messages.People " click here " and then they get a blue screen saying " f--k you , just infected " The fear of the BSOD will do the major part of the education : - ) Then make sure that you show them how much time it takes to clean up your " education " malware and then let the guys go back to work.Make this demo/training a quarterly or half-yearly feature .
Showing them the problem visually makes a lasting impact .</tokentext>
<sentencetext>A demo or training session whouldA live demonstration of infections on a scheduled time in the work week, maybe.IT staff asks users to check mail - mail looks innocent with "Smileys!
", "urgent", "your account is about to expire" messages.People "click here" and then they get a blue screen saying "f--k you, just infected"The fear of the BSOD will do the major part of the education :-)Then make sure that you show them how much time it takes to clean up your "education" malware and then let the guys go back to work.Make this demo/training a quarterly or half-yearly feature.
Showing them the problem visually makes a lasting impact.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567606</id>
	<title>Re:Yeah...</title>
	<author>v1</author>
	<datestamp>1269270780000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><p><i>Competent users maybe?</i></p><p>As far as "programming errors" go, I'd label "expect competent users" as "#1".</p></htmltext>
<tokenext>Competent users maybe ? As far as " programming errors " go , I 'd label " expect competent users " as " # 1 " .</tokentext>
<sentencetext>Competent users maybe?As far as "programming errors" go, I'd label "expect competent users" as "#1".</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565962</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567934</id>
	<title>The best way to avoid botnet infection...</title>
	<author>Anonymous</author>
	<datestamp>1269271620000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>....is to prevent all Windows computers from accessing the internet.</p></htmltext>
<tokenext>....is to prevent all Windows computers from accessing the internet .</tokentext>
<sentencetext>....is to prevent all Windows computers from accessing the internet.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565962</id>
	<title>Re:Yeah...</title>
	<author>euyis</author>
	<datestamp>1269266220000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>Competent users maybe?</htmltext>
<tokenext>Competent users maybe ?</tokentext>
<sentencetext>Competent users maybe?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566018</id>
	<title>Better switch to telnet</title>
	<author>Anonymous</author>
	<datestamp>1269266460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>"Detected running a web browser"<br>There's your source of the problems.<br>Web browsers are<nobr> <wbr></nobr>/the/ vector for virus infections, other than ridiculously insecure OS's, so simply uninstall all browsers and use a telnet BBS for any serious internet work.</p></htmltext>
<tokenext>" Detected running a web browser " There 's your source of the problems.Web browsers are /the/ vector for virus infections , other than ridiculously insecure OS 's , so simply uninstall all browsers and use a telnet BBS for any serious internet work .</tokentext>
<sentencetext>"Detected running a web browser"There's your source of the problems.Web browsers are /the/ vector for virus infections, other than ridiculously insecure OS's, so simply uninstall all browsers and use a telnet BBS for any serious internet work.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31573950</id>
	<title>Re:Yeah...</title>
	<author>God of Lemmings</author>
	<datestamp>1269290160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>buwahahaha! It does now!

<a href="http://unix.derkeiler.com/Newsgroups/comp.os.vms/2009-04/msg00012.html" title="derkeiler.com">http://unix.derkeiler.com/Newsgroups/comp.os.vms/2009-04/msg00012.html</a> [derkeiler.com]</htmltext>
<tokenext>buwahahaha !
It does now !
http : //unix.derkeiler.com/Newsgroups/comp.os.vms/2009-04/msg00012.html [ derkeiler.com ]</tokentext>
<sentencetext>buwahahaha!
It does now!
http://unix.derkeiler.com/Newsgroups/comp.os.vms/2009-04/msg00012.html [derkeiler.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568318</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150</id>
	<title>Re:Yeah...</title>
	<author>Anonymous</author>
	<datestamp>1269267000000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p><a href="http://www.networkworld.com/news/2009/041709-first-mac-os-x-botnet.html" title="networkworld.com">No.</a> [networkworld.com] <a href="http://lwn.net/Articles/222153/" title="lwn.net">That's not sufficient.</a> [lwn.net]</p><p>Disallowing USB drives helped the military cut down on infections, though.</p><p>How about: users run restricted. Using GPO's: mandatory win updates daily with reboot. Automate patching of commonly-used helpers like flash, shockwave, adobereader, firefox, java. And MS security essentials.</p><p>Some rigorous port filters on EVERY machine and iptables rules on routers and l3 switches...a whitelist approach.</p></htmltext>
<tokenext>No .
[ networkworld.com ] That 's not sufficient .
[ lwn.net ] Disallowing USB drives helped the military cut down on infections , though.How about : users run restricted .
Using GPO 's : mandatory win updates daily with reboot .
Automate patching of commonly-used helpers like flash , shockwave , adobereader , firefox , java .
And MS security essentials.Some rigorous port filters on EVERY machine and iptables rules on routers and l3 switches...a whitelist approach .</tokentext>
<sentencetext>No.
[networkworld.com] That's not sufficient.
[lwn.net]Disallowing USB drives helped the military cut down on infections, though.How about: users run restricted.
Using GPO's: mandatory win updates daily with reboot.
Automate patching of commonly-used helpers like flash, shockwave, adobereader, firefox, java.
And MS security essentials.Some rigorous port filters on EVERY machine and iptables rules on routers and l3 switches...a whitelist approach.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575418</id>
	<title>Re:Yeah...</title>
	<author>Anonymous</author>
	<datestamp>1269252480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Competent or at least mildly educated users can be another factor in making you a tougher target, should by no means be anything you rely on though.</p></htmltext>
<tokenext>Competent or at least mildly educated users can be another factor in making you a tougher target , should by no means be anything you rely on though .</tokentext>
<sentencetext>Competent or at least mildly educated users can be another factor in making you a tougher target, should by no means be anything you rely on though.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566988</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566084</id>
	<title>In an ideal world...</title>
	<author>Anonymous</author>
	<datestamp>1269266760000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext>You'd be running a lot fewer XP boxes, and much, much meaner firewall rules. In practice, of course, users crying about how they "need" to "get their work done" generally prevents this.<br> <br>

That being so, there are a few things to do: At present, our good buddies at Adobe are among the most popular and exciting vectors for infection. Where possible, ensure that neither Flash, nor shockwave, nor Acrobat are installed. Where not possible, make <i>sure</i> that they are kept up to date. Yes, this means updating <i>all the bloody time</i> and WSUS won't help(useful tip, with some poking around, you can find a utility from adobe, an<nobr> <wbr></nobr>.exe that, when run, removes all versions of flash, they hide it; but it lurks in the bowels of their site somewhere. You can also find<nobr> <wbr></nobr>.msi flash installers. Set up a network share, readable by all your administered machines, writeable only by admins, containing that utility, and the<nobr> <wbr></nobr>.msi for the latest flash player. Every time adobe updates, download the newer<nobr> <wbr></nobr>.msi, and run a script on all your administered PCs that runs the flash remover, and then msiexecs the newest flash MSI. It's a pain in the ass; but it will save you from some flash exploits). Updates for all other plugins you are using, plus OS components, should of course be adhered to with the same regularity.<br> <br>

Assuming that user pushback isn't excessive, stripping executables and<nobr> <wbr></nobr>.zips from emails will also save you from some common vectors of stupidity.</htmltext>
<tokenext>You 'd be running a lot fewer XP boxes , and much , much meaner firewall rules .
In practice , of course , users crying about how they " need " to " get their work done " generally prevents this .
That being so , there are a few things to do : At present , our good buddies at Adobe are among the most popular and exciting vectors for infection .
Where possible , ensure that neither Flash , nor shockwave , nor Acrobat are installed .
Where not possible , make sure that they are kept up to date .
Yes , this means updating all the bloody time and WSUS wo n't help ( useful tip , with some poking around , you can find a utility from adobe , an .exe that , when run , removes all versions of flash , they hide it ; but it lurks in the bowels of their site somewhere .
You can also find .msi flash installers .
Set up a network share , readable by all your administered machines , writeable only by admins , containing that utility , and the .msi for the latest flash player .
Every time adobe updates , download the newer .msi , and run a script on all your administered PCs that runs the flash remover , and then msiexecs the newest flash MSI .
It 's a pain in the ass ; but it will save you from some flash exploits ) .
Updates for all other plugins you are using , plus OS components , should of course be adhered to with the same regularity .
Assuming that user pushback is n't excessive , stripping executables and .zips from emails will also save you from some common vectors of stupidity .</tokentext>
<sentencetext>You'd be running a lot fewer XP boxes, and much, much meaner firewall rules.
In practice, of course, users crying about how they "need" to "get their work done" generally prevents this.
That being so, there are a few things to do: At present, our good buddies at Adobe are among the most popular and exciting vectors for infection.
Where possible, ensure that neither Flash, nor shockwave, nor Acrobat are installed.
Where not possible, make sure that they are kept up to date.
Yes, this means updating all the bloody time and WSUS won't help(useful tip, with some poking around, you can find a utility from adobe, an .exe that, when run, removes all versions of flash, they hide it; but it lurks in the bowels of their site somewhere.
You can also find .msi flash installers.
Set up a network share, readable by all your administered machines, writeable only by admins, containing that utility, and the .msi for the latest flash player.
Every time adobe updates, download the newer .msi, and run a script on all your administered PCs that runs the flash remover, and then msiexecs the newest flash MSI.
It's a pain in the ass; but it will save you from some flash exploits).
Updates for all other plugins you are using, plus OS components, should of course be adhered to with the same regularity.
Assuming that user pushback isn't excessive, stripping executables and .zips from emails will also save you from some common vectors of stupidity.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567482</id>
	<title>Restrict what users can do</title>
	<author>ISurfTooMuch</author>
	<datestamp>1269270480000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>Here's what I'd do.</p><p>First, if you're running XP, know that its standalone user account types are horrible.  Administrators can do anything, while limited users often can't do enough, and some programs don't function correctly with this account type.  I hate to say it, but this is one of those cases where Vista was an improvement.  Its standard user accounts are just about right, so if you have the option to upgrade to Windows 7 (or even Vista), consider it.  There are certainly downsides, especially where older hardware is concerned, but better non-administrative accounts are a reason to think about it.</p><p>If you don't want to do that, then filtering is your next step.  First, shore up the browser by making sure its anti-phishing filters are turned on.  Another level of filtering/user advising can be performed by McAfee SiteAdvisor (http://www.siteadvisor.com).  Its main benefit is that it will place advisory icons next to search engine results, indicating the site's risk.  Show these to your users, and teach them what they mean.  If you're running Firefox, install AdBlock Plus.  That will filter out malware coming in through infected ad servers.</p><p>Next, you can use OpenDNS as a DNS filtering solution.  This will let you block sites that folks shouldn't be visiting at work...MySpace, Facebook...did I mention MySpace and Facebook.</p><p>Next, consider whether or not you need your users to have Flash, since it is yet another avenue for infection.  Unfortunately, some sites rely on it for basic functionality, so there may be some reason to leave it in, but if you do, MySpace and Facebook (especially MySpace) should be blocked.</p><p>Finally, look at your e-mail, since I'd be willing to bet that malware is coming in by that route.  What anti-spam measures is your mail server running?  If you aren't sure how well they're working, take a look at the mail your users are receiving daily.  And, just in case you aren't doing this, make damn sure users know that their work addresses shouldn't be receiving personal mail, no exceptions.  Let the pictures of kittens, puppies, and dancing babies go somewhere else.  Put the fear of God in them if nothing else works.  Their work addresses are for work, no exceptions.</p><p>You're going to have to fight this battle on an ongoing basis, but you can win if you stay aware of what users are doing and restrict the dangerous stuff.</p></htmltext>
<tokenext>Here 's what I 'd do.First , if you 're running XP , know that its standalone user account types are horrible .
Administrators can do anything , while limited users often ca n't do enough , and some programs do n't function correctly with this account type .
I hate to say it , but this is one of those cases where Vista was an improvement .
Its standard user accounts are just about right , so if you have the option to upgrade to Windows 7 ( or even Vista ) , consider it .
There are certainly downsides , especially where older hardware is concerned , but better non-administrative accounts are a reason to think about it.If you do n't want to do that , then filtering is your next step .
First , shore up the browser by making sure its anti-phishing filters are turned on .
Another level of filtering/user advising can be performed by McAfee SiteAdvisor ( http : //www.siteadvisor.com ) .
Its main benefit is that it will place advisory icons next to search engine results , indicating the site 's risk .
Show these to your users , and teach them what they mean .
If you 're running Firefox , install AdBlock Plus .
That will filter out malware coming in through infected ad servers.Next , you can use OpenDNS as a DNS filtering solution .
This will let you block sites that folks should n't be visiting at work...MySpace , Facebook...did I mention MySpace and Facebook.Next , consider whether or not you need your users to have Flash , since it is yet another avenue for infection .
Unfortunately , some sites rely on it for basic functionality , so there may be some reason to leave it in , but if you do , MySpace and Facebook ( especially MySpace ) should be blocked.Finally , look at your e-mail , since I 'd be willing to bet that malware is coming in by that route .
What anti-spam measures is your mail server running ?
If you are n't sure how well they 're working , take a look at the mail your users are receiving daily .
And , just in case you are n't doing this , make damn sure users know that their work addresses should n't be receiving personal mail , no exceptions .
Let the pictures of kittens , puppies , and dancing babies go somewhere else .
Put the fear of God in them if nothing else works .
Their work addresses are for work , no exceptions.You 're going to have to fight this battle on an ongoing basis , but you can win if you stay aware of what users are doing and restrict the dangerous stuff .</tokentext>
<sentencetext>Here's what I'd do.First, if you're running XP, know that its standalone user account types are horrible.
Administrators can do anything, while limited users often can't do enough, and some programs don't function correctly with this account type.
I hate to say it, but this is one of those cases where Vista was an improvement.
Its standard user accounts are just about right, so if you have the option to upgrade to Windows 7 (or even Vista), consider it.
There are certainly downsides, especially where older hardware is concerned, but better non-administrative accounts are a reason to think about it.If you don't want to do that, then filtering is your next step.
First, shore up the browser by making sure its anti-phishing filters are turned on.
Another level of filtering/user advising can be performed by McAfee SiteAdvisor (http://www.siteadvisor.com).
Its main benefit is that it will place advisory icons next to search engine results, indicating the site's risk.
Show these to your users, and teach them what they mean.
If you're running Firefox, install AdBlock Plus.
That will filter out malware coming in through infected ad servers.Next, you can use OpenDNS as a DNS filtering solution.
This will let you block sites that folks shouldn't be visiting at work...MySpace, Facebook...did I mention MySpace and Facebook.Next, consider whether or not you need your users to have Flash, since it is yet another avenue for infection.
Unfortunately, some sites rely on it for basic functionality, so there may be some reason to leave it in, but if you do, MySpace and Facebook (especially MySpace) should be blocked.Finally, look at your e-mail, since I'd be willing to bet that malware is coming in by that route.
What anti-spam measures is your mail server running?
If you aren't sure how well they're working, take a look at the mail your users are receiving daily.
And, just in case you aren't doing this, make damn sure users know that their work addresses shouldn't be receiving personal mail, no exceptions.
Let the pictures of kittens, puppies, and dancing babies go somewhere else.
Put the fear of God in them if nothing else works.
Their work addresses are for work, no exceptions.You're going to have to fight this battle on an ongoing basis, but you can win if you stay aware of what users are doing and restrict the dangerous stuff.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569866</id>
	<title>Draconian Measures</title>
	<author>cowtamer</author>
	<datestamp>1269276840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Create a live CD image to boot off of.  This probably means Linux, but I'm sure you could probably hack something with XP Embedded if you tried hard enough.</p><p>You could do a network boot, but someone could still infect that.</p><p>In your CD image, disable all nonsense such as Autorun.  When someone needs something installed, install it on a freshly reconstituted image machine and burn a custom CD-R for them.  Keep your image machines offline, and under physical security.</p><p>For that matter, push all your updates via new CDs, with a simple version numbering scheme.</p><p>Save work on network drives.  Scan the drives for macro and other forms of viruses.</p><p>I hope to God that nobody takes this advice<nobr> <wbr></nobr>:)</p></htmltext>
<tokenext>Create a live CD image to boot off of .
This probably means Linux , but I 'm sure you could probably hack something with XP Embedded if you tried hard enough.You could do a network boot , but someone could still infect that.In your CD image , disable all nonsense such as Autorun .
When someone needs something installed , install it on a freshly reconstituted image machine and burn a custom CD-R for them .
Keep your image machines offline , and under physical security.For that matter , push all your updates via new CDs , with a simple version numbering scheme.Save work on network drives .
Scan the drives for macro and other forms of viruses.I hope to God that nobody takes this advice : )</tokentext>
<sentencetext>Create a live CD image to boot off of.
This probably means Linux, but I'm sure you could probably hack something with XP Embedded if you tried hard enough.You could do a network boot, but someone could still infect that.In your CD image, disable all nonsense such as Autorun.
When someone needs something installed, install it on a freshly reconstituted image machine and burn a custom CD-R for them.
Keep your image machines offline, and under physical security.For that matter, push all your updates via new CDs, with a simple version numbering scheme.Save work on network drives.
Scan the drives for macro and other forms of viruses.I hope to God that nobody takes this advice :)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568318</id>
	<title>Re:Yeah...</title>
	<author>TheRaven64</author>
	<datestamp>1269272640000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext>Ah, VMS, the only OS to be banned from Defcon for being too secure.  They had to invent a 'must run on x86' rule to keep it out.</htmltext>
<tokenext>Ah , VMS , the only OS to be banned from Defcon for being too secure .
They had to invent a 'must run on x86 ' rule to keep it out .</tokentext>
<sentencetext>Ah, VMS, the only OS to be banned from Defcon for being too secure.
They had to invent a 'must run on x86' rule to keep it out.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565924</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566582</id>
	<title>dancing with dinosaurs episode postponed....</title>
	<author>Anonymous</author>
	<datestamp>1269268140000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext><p>due to increased levels of seismic/volcanic activity. if one of those things fell on/off the 'stage' or something....</p><p>never a better time to consult with/trust in your creators, of who, it has been said, leave nothing to chance.</p></htmltext>
<tokenext>due to increased levels of seismic/volcanic activity .
if one of those things fell on/off the 'stage ' or something....never a better time to consult with/trust in your creators , of who , it has been said , leave nothing to chance .</tokentext>
<sentencetext>due to increased levels of seismic/volcanic activity.
if one of those things fell on/off the 'stage' or something....never a better time to consult with/trust in your creators, of who, it has been said, leave nothing to chance.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570066</id>
	<title>Re:Is it really necessary to ask?</title>
	<author>c++0xFF</author>
	<datestamp>1269277380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>#1. Don't allow users to be Admins of their own machines. I know in this day and age it's harder to push this one on people, but the ultimate reality is that if the user can't infect the system then they aren't going to get very far.</p></div><p>I have mixed feelings on this.  I've had this restriction before, and it was probably the #1 problem with getting any work done.  More than once I got caught in a loop of asking for something to be installed, waiting for the approval, waiting for the installation, and then submitting subsequent requests when the IT grunts didn't set things up right.  What could have taken me a few <i>minutes</i> took <i>weeks</i> instead</p><p>On the other hand, I know much more than 95\% of those around me about properly administering the computer.  And even then, simply having a privileged account poses a risk, even for those who know what they're doing.  There has to be a way of finding a compromise here.</p></div>
	</htmltext>
<tokenext># 1 .
Do n't allow users to be Admins of their own machines .
I know in this day and age it 's harder to push this one on people , but the ultimate reality is that if the user ca n't infect the system then they are n't going to get very far.I have mixed feelings on this .
I 've had this restriction before , and it was probably the # 1 problem with getting any work done .
More than once I got caught in a loop of asking for something to be installed , waiting for the approval , waiting for the installation , and then submitting subsequent requests when the IT grunts did n't set things up right .
What could have taken me a few minutes took weeks insteadOn the other hand , I know much more than 95 \ % of those around me about properly administering the computer .
And even then , simply having a privileged account poses a risk , even for those who know what they 're doing .
There has to be a way of finding a compromise here .</tokentext>
<sentencetext>#1.
Don't allow users to be Admins of their own machines.
I know in this day and age it's harder to push this one on people, but the ultimate reality is that if the user can't infect the system then they aren't going to get very far.I have mixed feelings on this.
I've had this restriction before, and it was probably the #1 problem with getting any work done.
More than once I got caught in a loop of asking for something to be installed, waiting for the approval, waiting for the installation, and then submitting subsequent requests when the IT grunts didn't set things up right.
What could have taken me a few minutes took weeks insteadOn the other hand, I know much more than 95\% of those around me about properly administering the computer.
And even then, simply having a privileged account poses a risk, even for those who know what they're doing.
There has to be a way of finding a compromise here.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566146</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569704</id>
	<title>The Extreme Method</title>
	<author>Daengbo</author>
	<datestamp>1269276480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Hand your business off to Google Apps, Zoho, Freshbooks, Saleforce.com, and the like. Boot all computers with read-only media and very few applications. Netboot so that you only update the boot image in one place. Bingo. No botnets. OK, maybe not <i>none</i>, but you just power everything off for five minutes and restart with a clean network.</p><p>Yeah, I know it's not realistic for many companies. It's an option for some, though.</p></htmltext>
<tokenext>Hand your business off to Google Apps , Zoho , Freshbooks , Saleforce.com , and the like .
Boot all computers with read-only media and very few applications .
Netboot so that you only update the boot image in one place .
Bingo. No botnets .
OK , maybe not none , but you just power everything off for five minutes and restart with a clean network.Yeah , I know it 's not realistic for many companies .
It 's an option for some , though .</tokentext>
<sentencetext>Hand your business off to Google Apps, Zoho, Freshbooks, Saleforce.com, and the like.
Boot all computers with read-only media and very few applications.
Netboot so that you only update the boot image in one place.
Bingo. No botnets.
OK, maybe not none, but you just power everything off for five minutes and restart with a clean network.Yeah, I know it's not realistic for many companies.
It's an option for some, though.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569522</id>
	<title>Reply from an anonymous coward</title>
	<author>Anonymous</author>
	<datestamp>1269275880000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I think the human factor is still the biggest infection vector. As an IT pro, you usually have to chose between more security or more flexibility. You could have the best technology in the world and still get a network wide infection. The tie breaker is the users' needs. If the users want more "freedom", they will have to take on more personal responsibilities in ensuring the company's security. If the users want more security without the overhead of a security learning curve, more limited options would have to be applied by the network administrator.</p></htmltext>
<tokenext>I think the human factor is still the biggest infection vector .
As an IT pro , you usually have to chose between more security or more flexibility .
You could have the best technology in the world and still get a network wide infection .
The tie breaker is the users ' needs .
If the users want more " freedom " , they will have to take on more personal responsibilities in ensuring the company 's security .
If the users want more security without the overhead of a security learning curve , more limited options would have to be applied by the network administrator .</tokentext>
<sentencetext>I think the human factor is still the biggest infection vector.
As an IT pro, you usually have to chose between more security or more flexibility.
You could have the best technology in the world and still get a network wide infection.
The tie breaker is the users' needs.
If the users want more "freedom", they will have to take on more personal responsibilities in ensuring the company's security.
If the users want more security without the overhead of a security learning curve, more limited options would have to be applied by the network administrator.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570826</id>
	<title>Please no kneejerk "clueless users" comments...</title>
	<author>Anonymous</author>
	<datestamp>1269279900000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I completely and utterly disagree that you put a dumb stupid user on a PC and it means it gets insta-rooted.  I put my clueless girlfriend on her own user account on my hardened Debian Linux box and there's no fscking way that my "per user account" iptables will suddenly allow some rootkit to have her account emit or receive on ports she's not allowed to use.  There's also no friggin' way anything shall be run automatically on the next reboot.  At worst the malware shall have local priviledge and will only be run once she logs into her account.</p><p>That's how secure a correctly configured Linux is.</p><p>So please all paid M$ astroturfers, stop the kneejerk reactions: "it's because of the users, they're so dumb".  You know what the root cause (pun ?) of all these botnets is: Windows has a pathetic security record track. Don't make up for that one by saying it's because of the stupid users.</p><p>Paid M$ astroturfers, yes.  Botnets only because of stupid users: no way.  My SO *is* a "stupid user" and there's no way her stupidness will give the latest script kiddie exploit root access on the box we share.  Get real paid M$ astroturfers.<br>
&nbsp;</p></htmltext>
<tokenext>I completely and utterly disagree that you put a dumb stupid user on a PC and it means it gets insta-rooted .
I put my clueless girlfriend on her own user account on my hardened Debian Linux box and there 's no fscking way that my " per user account " iptables will suddenly allow some rootkit to have her account emit or receive on ports she 's not allowed to use .
There 's also no friggin ' way anything shall be run automatically on the next reboot .
At worst the malware shall have local priviledge and will only be run once she logs into her account.That 's how secure a correctly configured Linux is.So please all paid M $ astroturfers , stop the kneejerk reactions : " it 's because of the users , they 're so dumb " .
You know what the root cause ( pun ?
) of all these botnets is : Windows has a pathetic security record track .
Do n't make up for that one by saying it 's because of the stupid users.Paid M $ astroturfers , yes .
Botnets only because of stupid users : no way .
My SO * is * a " stupid user " and there 's no way her stupidness will give the latest script kiddie exploit root access on the box we share .
Get real paid M $ astroturfers .
 </tokentext>
<sentencetext>I completely and utterly disagree that you put a dumb stupid user on a PC and it means it gets insta-rooted.
I put my clueless girlfriend on her own user account on my hardened Debian Linux box and there's no fscking way that my "per user account" iptables will suddenly allow some rootkit to have her account emit or receive on ports she's not allowed to use.
There's also no friggin' way anything shall be run automatically on the next reboot.
At worst the malware shall have local priviledge and will only be run once she logs into her account.That's how secure a correctly configured Linux is.So please all paid M$ astroturfers, stop the kneejerk reactions: "it's because of the users, they're so dumb".
You know what the root cause (pun ?
) of all these botnets is: Windows has a pathetic security record track.
Don't make up for that one by saying it's because of the stupid users.Paid M$ astroturfers, yes.
Botnets only because of stupid users: no way.
My SO *is* a "stupid user" and there's no way her stupidness will give the latest script kiddie exploit root access on the box we share.
Get real paid M$ astroturfers.
 </sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575018</id>
	<title>Re:Yeah...</title>
	<author>Ephemeriis</author>
	<datestamp>1269250800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><blockquote><div><p>If you really want to be sure you avoid being part of a botnet, then yes, Windows is not one of the choices you have. It cant be secured, its like going down the rapids in a colander while trying to plug the holes with cabbage.</p></div></blockquote><p>Thing is, though, *everyone* running Windows treats it as holey, exploitable and generally unsafe. So they apply every security mechanism they can, they bother to audit things, and generally treat it as a dangerous thing that needs attention.</p></div><p>No they don't.</p><p>Your average home user has never updated or patched anything.  And they've probably got a cable/DSL modem plugged directly into their computer.  Just be glad XP SP2 and newer has a built-in firewall, because that's probably all the protection they've got.  That, and whatever trial antivirus came with the computer, and expired a year ago.</p><p>Your average small business is about the same...  Except that they'll have a dozen computers behind a $50 router with an unsecured WLAN.</p><p>When you get into medium-sized businesses you'll probably see a "computer guy" taking care of things...  They'll generally be running Windows Update, probably have working antivirus of some kind...  But the odds of them actually being properly administered and maintained are still pretty slim.</p><p>It isn't until you get up into the enterprise-y stuff that you start seeing people actually devote the necessary resources to keeping the network secure.  And even then there's still plenty of room to screw things up.</p></div>
	</htmltext>
<tokenext>If you really want to be sure you avoid being part of a botnet , then yes , Windows is not one of the choices you have .
It cant be secured , its like going down the rapids in a colander while trying to plug the holes with cabbage.Thing is , though , * everyone * running Windows treats it as holey , exploitable and generally unsafe .
So they apply every security mechanism they can , they bother to audit things , and generally treat it as a dangerous thing that needs attention.No they do n't.Your average home user has never updated or patched anything .
And they 've probably got a cable/DSL modem plugged directly into their computer .
Just be glad XP SP2 and newer has a built-in firewall , because that 's probably all the protection they 've got .
That , and whatever trial antivirus came with the computer , and expired a year ago.Your average small business is about the same... Except that they 'll have a dozen computers behind a $ 50 router with an unsecured WLAN.When you get into medium-sized businesses you 'll probably see a " computer guy " taking care of things... They 'll generally be running Windows Update , probably have working antivirus of some kind... But the odds of them actually being properly administered and maintained are still pretty slim.It is n't until you get up into the enterprise-y stuff that you start seeing people actually devote the necessary resources to keeping the network secure .
And even then there 's still plenty of room to screw things up .</tokentext>
<sentencetext>If you really want to be sure you avoid being part of a botnet, then yes, Windows is not one of the choices you have.
It cant be secured, its like going down the rapids in a colander while trying to plug the holes with cabbage.Thing is, though, *everyone* running Windows treats it as holey, exploitable and generally unsafe.
So they apply every security mechanism they can, they bother to audit things, and generally treat it as a dangerous thing that needs attention.No they don't.Your average home user has never updated or patched anything.
And they've probably got a cable/DSL modem plugged directly into their computer.
Just be glad XP SP2 and newer has a built-in firewall, because that's probably all the protection they've got.
That, and whatever trial antivirus came with the computer, and expired a year ago.Your average small business is about the same...  Except that they'll have a dozen computers behind a $50 router with an unsecured WLAN.When you get into medium-sized businesses you'll probably see a "computer guy" taking care of things...  They'll generally be running Windows Update, probably have working antivirus of some kind...  But the odds of them actually being properly administered and maintained are still pretty slim.It isn't until you get up into the enterprise-y stuff that you start seeing people actually devote the necessary resources to keeping the network secure.
And even then there's still plenty of room to screw things up.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566374</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_62</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31572892
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566048
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568380
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566282
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566884
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_53</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566010
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31700238
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_48</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566146
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31579362
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_39</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31573786
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566560
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566024
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566268
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566148
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566942
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570554
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566062
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570792
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566996
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31580000
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_54</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570234
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_68</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566148
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566942
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571052
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_61</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566084
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569168
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_47</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568082
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_51</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566148
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566942
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570454
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565962
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575100
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_37</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565924
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568318
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571504
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_42</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565908
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_67</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565962
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567606
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_70</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566888
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_66</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566048
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567048
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_57</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565962
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566988
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575418
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565924
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568318
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31573950
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566282
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568492
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566084
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566522
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_41</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565962
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566988
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568666
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566048
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566348
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_40</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566742
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_58</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566146
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570066
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565932
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567566
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_65</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566694
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570918
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_55</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566134
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567960
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566146
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31572612
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566678
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_60</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567150
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569436
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_46</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566572
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567084
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568636
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567194
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566210
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567888
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568484
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_52</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565962
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569252
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_38</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566488
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31572738
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_71</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566210
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567398
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566084
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568262
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_45</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568058
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566340
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568742
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566934
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566488
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568830
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_44</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571254
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566148
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566630
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_69</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565974
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566374
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575018
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_59</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575306
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_50</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566282
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567246
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569438
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566210
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567642
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_64</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566084
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31581418
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566996
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571036
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566546
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_43</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566146
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571664
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566516
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569868
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566996
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571198
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567576
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566996
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568112
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_56</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567396
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_63</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575476
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_49</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565924
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568318
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570952
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_22_1232234_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566996
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571732
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570290
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568940
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570334
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566188
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31573706
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566048
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568380
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566348
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567048
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567184
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566146
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31579362
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31572612
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571664
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570066
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566020
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566340
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568742
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567084
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568636
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566816
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566084
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569168
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566522
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568262
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31581418
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566010
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31700238
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566282
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566884
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567246
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568492
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567638
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569866
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565954
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567576
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567396
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566134
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568082
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566694
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566148
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566942
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570554
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570454
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571052
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566630
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568058
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566678
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566888
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569438
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566516
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569868
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31573786
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566934
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575306
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566572
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569436
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565866
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566150
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566996
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571732
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568112
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571036
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571198
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31580000
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567960
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567150
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31572892
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571254
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575476
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565924
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568318
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571504
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570952
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31573950
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565962
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566988
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568666
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575418
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567606
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575100
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567312
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31569252
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565932
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567566
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565974
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566374
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31575018
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31565908
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570826
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567342
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568850
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31571112
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567934
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567234
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566312
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568484
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566750
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566560
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566742
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570918
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566546
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567194
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570234
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566062
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31570792
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566024
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566268
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566488
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31572738
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31568830
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_22_1232234.17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31566210
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567398
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567888
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_22_1232234.31567642
</commentlist>
</conversation>
