[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Virus Scanner
From:       David Harley <harley () icrf ! icnet ! uk>
Date:       1997-07-27 11:20:32
[Download RAW message or body]

> 
> Has anyone used Norton's Anti-Virus product add on for CheckPoint
> FireWall-1 (NT)?  Doesn't McAfee have a similar add-on?  

No. Personally, I wouldn't necessarily go for either of those vendors, 
even if I had a lot of faith in the firewall add-on approach, their
huge market-share notwithstanding. That doesn't mean they aren't 
adequate products: I mention it because I notice a tendency among
security people who aren't particularly virus-literate to take the
claims of the best-sellers' marketing people uncritically.

> I would think that
> if you protected e-mail attachments and ftp traffic, that this would be
> sufficient virus protection.  

I assume you're thinking of Internet-borne viruses only when you say 
this. B-) Even then, I have to disagree. FTP isn't the only vulnerability
to which web traffic exposes you. 

> Is there any way to limit these virus add-ons
> to that type of traffic only?
> 
That question worries me. If you've blocked the other loopholes you should
be concerned about by other means, such as realtime scanning on the
desktop, perhaps you don't need the FW-1 add-ins either, except as a
supplementary defence. If you haven't blocked other entry points, your
whole strategy is badly flawed.  You have to consider what -all- the
possible entry points are before you start deciding to do without some of
them.

-- 
David Harley                  |              alt.comp.virus FAQ
D.Harley@icrf.icnet.uk        |           & Anti-Virus Web Page
Support & Security Analyst    |    Folk London On-Line gig-list
Imperial Cancer Research Fund | http://webworlds.co.uk/dharley/

[prev in list] [next in list] [prev in thread] [next in thread]