Author Topic: Military Email question (Read 370 times)

DREDIOCK · « **on:** May 25, 2006, 07:19:21 PM »

Was curious what kind of Anitvirus software the military uses?

do they have some sort of special superduper AV software they run on their machines?

Had received a bunch of files from a buddy of mine whom when I send mail out I dont send downloadable attachments because he "doesnt trust downloaded files from anyone because of potential viruses"

So I questioned him about it saying "I thought you didnt download email files?"

He replied that those files he received he got from someone working in the military and as such they used AV software that was more secure so they were more trustworthy.

Is that a true statement? or and complete load of crap?

Airscrew · « **Reply #1 on:** May 25, 2006, 07:36:03 PM »

Last I looked AF used Norton anti virus. Load of crap. AV good, his reasoning sounds faulty. I would trust an attached file from someone in my own company but not from outside the company because I know our system is protected and its been screened for virus's. You still run the AV on your own system before you open no matter you sends it to you.

Vulcan · « **Reply #2 on:** May 25, 2006, 07:45:20 PM »

IIRC from a recent presso Ciphertrust is pretty prominant in the US Military as their email firewall/spam/compliance solution. Ciphertrust use either Sophos (branded as Ciphertrust AV), McAfee or both, and has some fairly complex rules/functionality about inbound files and how they get quarantined/released.

(edit: so technically thats a yes depending on who you compare with)

Sandman · « **Reply #3 on:** May 26, 2006, 09:57:55 AM »

We have Norton AV here in the client side for the Navy. I'm not sure what's on the server side.

Brenjen · « **Reply #4 on:** May 26, 2006, 10:03:03 AM »

Just remind him in todays internet, attachments are "old school" virus transmission vehicles. There are far more that use images or even text in todays enviroment.

Vulcan · « **Reply #5 on:** May 26, 2006, 07:06:20 PM »

Quote

Originally posted by Brenjen
Just remind him in todays internet, attachments are "old school" virus transmission vehicles. There are far more that use images or even text in todays enviroment.

Actually the majority of virus's come via email. Its very rare to see image based attacks. Unless you visit some extremely dodgey websites, I've done so deliberately trying to test some intrusion prevention gear and it was actually reasonably hard to find anything - after 1 hour I only managed to get a single WMF hit from a banner advert on some 3rd rate sex link site. Whereas I've had an SME client whos firewall typically blocks 2000 email based virus's a week.

DREDIOCK · « **Reply #6 on:** May 26, 2006, 08:21:03 PM »

Guess what Im asking is.
Is Email from a PC connected to a military system any safer then from someone who keeps their AV up to date scans all incomming attachments before sending them back out to someone else?

Russian · « **Reply #7 on:** May 26, 2006, 08:29:58 PM »

Exchange server scans all outgoing and incoming emails and then Norton on PC does same.(if managed)

Vulcan · « **Reply #8 on:** May 26, 2006, 09:42:52 PM »

Quote

Originally posted by DREDIOCK
Guess what Im asking is.
Is Email from a PC connected to a military system any safer then from someone who keeps their AV up to date scans all incomming attachments before sending them back out to someone else?

Most likely yes, as they use multiple layers of AV scanning combined with more complex quarantine procedures for filetypes and related issues on both inbound and outbound email. Whereas a simple Exchange setup with AV is.. minimal at best.

Brenjen · « **Reply #9 on:** May 26, 2006, 09:52:43 PM »

Quote

Originally posted by Vulcan
Actually the majority of virus's come via email. Its very rare to see image based attacks. Unless you visit some extremely dodgey websites, I've done so deliberately trying to test some intrusion prevention gear and it was actually reasonably hard to find anything - after 1 hour I only managed to get a single WMF hit from a banner advert on some 3rd rate sex link site. Whereas I've had an SME client whos firewall typically blocks 2000 email based virus's a week.

My point is, attachments are an old school way of getting a virus into a P/C via Email. You can leave attachments unopened all you want, if your P/C is vulnerable, to can still get one, there are far newer & craftier ways to infect a P/C out there today. For that matter not all malicious codes out there are viruses.

The average Joe just bumbles along thinking if he doesn't open attachments in his email, he's safe & that's just not true.

Vulcan · « **Reply #10 on:** May 27, 2006, 06:12:47 PM »

Quote

Originally posted by Brenjen
My point is, attachments are an old school way of getting a virus into a P/C via Email. You can leave attachments unopened all you want, if your P/C is vulnerable, to can still get one, there are far newer & craftier ways to infect a P/C out there today. For that matter not all malicious codes out there are viruses.

The average Joe just bumbles along thinking if he doesn't open attachments in his email, he's safe & that's just not true.

Err no you specificaly said "There are far more that use images" which is not true. The only other thing I ever see en masse is scripted attacks such as IIS or PHP exploits.

Email still is the superior method for getting users infected . Email gives you superior social engineering interactive which could bypass some security mechanisms (otherwise know users-are-stupid). Malicious code on websites and in images is relatively simply to defeat.

Brenjen · « **Reply #11 on:** May 27, 2006, 09:39:26 PM »

Quote

Originally posted by Vulcan
Err no you specificaly said "There are far more that use images" which is not true. The only other thing I ever see en masse is scripted attacks such as IIS or PHP exploits.

Email still is the superior method for getting users infected . Email gives you superior social engineering interactive which could bypass some security mechanisms (otherwise know users-are-stupid). Malicious code on websites and in images is relatively simply to defeat.

Let me put this in terms you can understand; email is what I am talking about! When I said far more from images & text it was emails I was refering too.

Ever get one of those animated pictures in an email? It can contain malicious code.

"Err no" Derrrr yes. I know what my point was, & I restated it. I may have said "far more" enter that way & I mispoke, "far more" do not enter that way, but far more can than could when the ancient "don't open attatchments" rule mattered. Viruses are few & far between anyway, I know people who have NEVER used AV software & have never gotten anything that caused them trouble, sure they might have been a carrier, but that is unlikely.

Replicant · « **Reply #12 on:** May 31, 2006, 02:23:05 PM »

The RAF use McAfee or Sophos or at least did a few years ago. Not sure what we're using with NATO but will check it out.