Semi targeted phishing attacks and this isn’t even getting into targeted attacks
My point was running EMET would stop most 0day since its stop exploits from getting around built in Windows anti exploitation techniques.
If you look at the amount of time you spend dealing with viruses/malware and weighing it against spending two weeks building a more secure base image you usually find it being worth while.
Some A/V will stop the results of these exploits…SOME of the results, not all. I really want to push for removing Java from our machines at work. I even have a script that removes all versions V. 7 and below. Problem is, that some user NEED websites that us Java. Also patching, testing, and pushing out updates to machines in our domain is incredibly time consuming.
Our base image that we use is considered bare metal. It doesn’t even include drivers or software. So in that sense, it’s fairly secure.
I have played in all realms of IT I understand the suck
The proxy thing I suggested works really well from customer feed back I have been getting. They were able to review a few months of proxy logs and figure out all valid apps block everything else and this was with very large companies.
It’s honestly to the point with most companies understand being secure will cause some pain but its a necessity for a successful business. Most of the companies I work with are F500 however its trickling down to smaller companies now.
In my anti-virus logs a lot of what comes through it Java exploits. As far as patching and upgrading, etc. goes. Java is one of the worst fucking apps to deal with.
I like to think that we are a pretty large/major organization. After all, we are a top 10 hospital/health system and just had a nobel prize winner. Even still, the fallout of implementing big brother-like controls in a “University” environment (which is bullshit, because our hospitals and health system size crushes the university) is mind-boggling.
In a similar environment. If you’re like my place of employment, there’s also political shit. “Oh make him full admin”, “Don’t put AV on his machine”…blah blah blah.
UGGGGGG. Political exemptions FTL! I wonder how many compromised networks stem from these bullshit exemptions. It always seems the people that “need admin” end up breaking shit and demand you drop everything to help them fix their fuckup.
Looking at deploying Google Chrome Enterprise (yes it’s seperate), it comes with some ADMX templates too. There is an option to block javascript and allow certain sites. Pretty awesome.
I’m pretty sure the Chrome app itself may be the same. It does come as an .msi file which typically is easier to work with in a windows environment as far as deploying goes.
I love the fact that Chrome stars settings that are pushed through Group Policy:
Two different types of policies for Chrome…obviously by the picture, ones users can change (like the homepage) and ones they can’t
Here’s a good chunk of some of the settings you can push out.
Agreed. Also I think it just works the best UI and feature wise. I read awhile ago that for most Java exploits, Chrome is the only browser that prompts the “Are you sure you want to run this plug-in” message.
