It’s no secret that I’m a Fedora User and advocate. I’ve been using Red Hat Linux since ’97 and Fedora since the change. So I just found a js with a counter for the release of Fedora 9 and set it up. There have been many changes over time, some versions I really didn’t like: Red Hat 9 or Fedora 4. I’m not sure of the details of why I just remember upgrading and downgrading a week later. I really have my hopes up for Fedora 9, the actual stable release (8) isn’t one of my favorite upgrades: it fixed some things and broke others. We’ll see what Fedora has in store for us. I’ll be posting a small review once I upgrade and the workarounds I use to get my box working just how I like it.
Reading through the Red Hat Magazine I found an article with something of a Dejavu: user awareness and “education”. I’ve read it, heard it and said it a billion times; if we can’t make the users aware of the risks that they are exposed to on a daily basis, of some basic concepts, we are all screwed!. I bet all of you have lived at least once to be sitting in an class room, auditorium, web cafe or any other place and the guy or gal next to you just smacks you with the most basic of questions: What is X? in English please! That’s the moment when one of two things happen:
- You turn around and look at him with anger and think what the hell is this specimen doing attending this class/talk/presentation/name it?
- You remember about that user awareness thing you’ve read about in so many articles and books before , give him a short answer and after it’s all over you try to break this poor soul the basics
As I stated before if we can’t make the users understand a bit of how a computer works, if we can’t help are colleagues, family & friends get the basic concepts of the machine and the network they have at fingers it’s a fight we cannot win. That is because the “bad guys” are going to target them and they are just to many. So when ever you get 5 minutes to work as a multiplier, to break some basics to your users, or better yet are in position to start program in the office do so. The world and all fellow security / technology savvy people will thank you.
About a year ago I went through the process of evaluating AV’s for the company I was working for.
What I did was the following:
- Setup some detection tests using Eicar and some “wild” viruses.
- I asked some vendors that I had short-listed (Symantec, Sophos, Panda, Fortinet) to provide fully fledged versions.
- For each of the vendors I looked up their listed vulnerabilities in the past year (ovdb) and the time it took them to issue and install an update.
- Compared the upgrade strategy: engine, threat DB, application; some vendors don’t automatically give you all of that.
- Used info from http://virusbtn.com to compare some results in time.
- Setup demos to see them in action, and test their reporting capabilities in real time.
- After all the technical work, of course $$$ came into play.
With the information I made a BIG table and put some weights on the items and let the best player win.
PS: For those who will ask, Sophos came out with the best results in our environment.