Tale of Investigation into Company X Case and the Harm of Antivirus Scanning
Characters:
Citizen N - Good Citizen, Head of Company N
Company X - Unknown Company
Companies K and K2 - security companies
Company N wants to make a deal with company X, but N is afraid that he will be thrown. Read under the cut about what he did to reduce the risks, why it was not necessary to do this, and what's the antivirus.
So what to do? N hires company K, which checks the company X up and down - asks questions, looks at documents, etc. Commendable, they take care of safety and reduce risks.
But here is an ill luck, these checks take a lot of time and resources. And there is always the risk that company K is mistaken. N may even hire another company K2 to insure K if it makes a mistake. But it will take even more time and resources. What if K2 is wrong?
')
N plagued by doubts What should he do? What check to think up for X to make it faster, simpler and more efficient?
And then it illuminates: why bother to do all these checks and look for signs of fraud, if on the Internet about company X and so everything is written? Completely bad reviews - 9 out of 10 of her clients write that they were thrown. And so everything is clear without any investigation.
You can save a lot of time and resources, and at the same time rely on the opinion not of two companies K and K1, but on the opinion of ten (and maybe ten thousand) former clients of X.
The only problem is that they have not yet invented such a resource that would have information about the reputation of 2.5 billion different companies from 175 million people.
###
Now let's forget about kidalovo citizens dubious legal entities and return to our sheep. Symantec is not yet engaged in the reputation of legal entities. But it deals with the reputation of files. And we have anonymous information about 2.5 billion files from 175 million computers of our clients, this information makes it possible to assign a high-precision reputation index to each file. So why should we scan these files on your computer, if we know before the start of the scan that this file has infected a couple of thousand computers, or, on the contrary, everything is clean with it?
So we do not scan. And save your time and resources on your computer. Thanks to the Insight reputation technology, which will be available in the new version of the Symantec Endpoint Protection 12 (SEP12) corporate protection system. Downloading the beta version here .
PS: of course, it is necessary to scan, but only if the file is unknown or if there is no connection to the network. But in most cases you can do without it. Signatures, heuristics, behavioral analysis - this, of course, is good, but with an increase in the number of threats and their rapid mutation, it is sometimes slow and not very effective.
We believe that the future is reputational technology. What do you think?
Citizen N - Good Citizen, Head of Company N
Company X - Unknown Company
Companies K and K2 - security companies
Company N wants to make a deal with company X, but N is afraid that he will be thrown. Read under the cut about what he did to reduce the risks, why it was not necessary to do this, and what's the antivirus.
So what to do? N hires company K, which checks the company X up and down - asks questions, looks at documents, etc. Commendable, they take care of safety and reduce risks.
But here is an ill luck, these checks take a lot of time and resources. And there is always the risk that company K is mistaken. N may even hire another company K2 to insure K if it makes a mistake. But it will take even more time and resources. What if K2 is wrong?
')
N plagued by doubts What should he do? What check to think up for X to make it faster, simpler and more efficient?
And then it illuminates: why bother to do all these checks and look for signs of fraud, if on the Internet about company X and so everything is written? Completely bad reviews - 9 out of 10 of her clients write that they were thrown. And so everything is clear without any investigation.
You can save a lot of time and resources, and at the same time rely on the opinion not of two companies K and K1, but on the opinion of ten (and maybe ten thousand) former clients of X.
The only problem is that they have not yet invented such a resource that would have information about the reputation of 2.5 billion different companies from 175 million people.
###
Now let's forget about kidalovo citizens dubious legal entities and return to our sheep. Symantec is not yet engaged in the reputation of legal entities. But it deals with the reputation of files. And we have anonymous information about 2.5 billion files from 175 million computers of our clients, this information makes it possible to assign a high-precision reputation index to each file. So why should we scan these files on your computer, if we know before the start of the scan that this file has infected a couple of thousand computers, or, on the contrary, everything is clean with it?
So we do not scan. And save your time and resources on your computer. Thanks to the Insight reputation technology, which will be available in the new version of the Symantec Endpoint Protection 12 (SEP12) corporate protection system. Downloading the beta version here .
PS: of course, it is necessary to scan, but only if the file is unknown or if there is no connection to the network. But in most cases you can do without it. Signatures, heuristics, behavioral analysis - this, of course, is good, but with an increase in the number of threats and their rapid mutation, it is sometimes slow and not very effective.
We believe that the future is reputational technology. What do you think?
Source: https://habr.com/ru/post/120983/
All Articles