Email Security Poll Results
Hello all, We had 39 responses to the poll. The results follow the signature paragraph. A few words of explanation about the results. 1) For the Yes-No questions, most answers were either YES or NO. However, a few of the results were something like "yes, but not encrypted zips." For the "yes-but" answers, I counted them as a "half of a yes." 2) For the AV engines, the percentages add up to >100% because many users said they ran multiple AV engines. 3) For frequency of AV signature updates, several responded something like "update daily or as new updates become available." For answers that said they updated on a regular frequency plus more often when necessary, the frequency was counted as appropriate, plus it was also counted in the "other, plus as announced" category. A few observations and comments: 1) Subscribers to the DShield and NANOG mailing lists contributed answers. This means the answers are biased (originating from the "security aware" group of users) and probably do not reflect the general state of email security. 2) It was refreshing to find that everyone claimed to be updating their AV signatures on a regular basis. It would be interesting to know how many average users and small businesses update on such a regular basis. 3) Personally, I found it very surprising how many organizations depended solely upon their end users to perform AV screening, that none was being performed organization-wide. I was also surprised at how many organizations permit executable content to be sent by email. I hope that everyone finds these results interesting and they are put to good use! Jon Kibler -- Jon R. Kibler Chief Technical Officer A.S.E.T., Inc. Charleston, SC USA (843) 849-8214 Please respond YES (Y), NO (N), or Not Applicable (N/A): -------------------------------------------------------- Does your organization perform any screening of email attachments? 72% YES Does your organization perform A-V checks on all email attachments? 85% YES Does your organization perform any checks on email attachment file type? 62% YES Does your organization allow users to receive executable content attachments? 49% YES Does your organization allow users to receive zip file or similar compressed attachments? 90% YES Does your organization allow users to receive MS Office and similar type files that may contain macro viruses? 95% YES Does your organization allow users to receive embedded or attached HTML email? 99% YES Does your organization allow users to receive active content attachments, such as HTML with <SCRIPT> tags? 80% YES Please respond as appropriate: ------------------------------ What AV engine do you use to screen email attachments (Symantec, NAI, FProtect, Trend, ClamAV, etc)? Symantec 53% McAfee 16% ClamAV 16% Trend 16% Kaspersky 8% AVG 8% Sophos 5% Other 5% Fsecure 3% How often does your organization update its AV signatures? every 2 hrs or more often 16% every 4 hrs 8% every 8 hrs 8% every 12 hrs 5% daily 58% only as announced 5% other, plus as announced 16% ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
Based on Jon's results, it is reasonable to conclude that most corporate network operators provide some level of email security. Any given corporation can establish top-down policies mandating the use of an email security product. Said corporation only needs to manage compliance with the policy. However, in the context of the commercial email operation there is a delicate balance between email security and sales prevention. My question is, at what point does email security become too onerous for the ISP customer? Is it reasonable to completely ban attachments? Thank you for your time. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Jon R. Kibler Sent: Sunday, March 07, 2004 1:02 PM To: nanog@merit.edu; list@dshield.org Subject: Email Security Poll Results Hello all, We had 39 responses to the poll. The results follow the signature paragraph. A few words of explanation about the results. 1) For the Yes-No questions, most answers were either YES or NO. However, a few of the results were something like "yes, but not encrypted zips." For the "yes-but" answers, I counted them as a "half of a yes." 2) For the AV engines, the percentages add up to >100% because many users said they ran multiple AV engines. 3) For frequency of AV signature updates, several responded something like "update daily or as new updates become available." For answers that said they updated on a regular frequency plus more often when necessary, the frequency was counted as appropriate, plus it was also counted in the "other, plus as announced" category. A few observations and comments: 1) Subscribers to the DShield and NANOG mailing lists contributed answers. This means the answers are biased (originating from the "security aware" group of users) and probably do not reflect the general state of email security. 2) It was refreshing to find that everyone claimed to be updating their AV signatures on a regular basis. It would be interesting to know how many average users and small businesses update on such a regular basis. 3) Personally, I found it very surprising how many organizations depended solely upon their end users to perform AV screening, that none was being performed organization-wide. I was also surprised at how many organizations permit executable content to be sent by email. I hope that everyone finds these results interesting and they are put to good use! Jon Kibler -- Jon R. Kibler Chief Technical Officer A.S.E.T., Inc. Charleston, SC USA (843) 849-8214 Please respond YES (Y), NO (N), or Not Applicable (N/A): -------------------------------------------------------- Does your organization perform any screening of email attachments? 72% YES Does your organization perform A-V checks on all email attachments? 85% YES Does your organization perform any checks on email attachment file type? 62% YES Does your organization allow users to receive executable content attachments? 49% YES Does your organization allow users to receive zip file or similar compressed attachments? 90% YES Does your organization allow users to receive MS Office and similar type files that may contain macro viruses? 95% YES Does your organization allow users to receive embedded or attached HTML email? 99% YES Does your organization allow users to receive active content attachments, such as HTML with <SCRIPT> tags? 80% YES Please respond as appropriate: ------------------------------ What AV engine do you use to screen email attachments (Symantec, NAI, FProtect, Trend, ClamAV, etc)? Symantec 53% McAfee 16% ClamAV 16% Trend 16% Kaspersky 8% AVG 8% Sophos 5% Other 5% Fsecure 3% How often does your organization update its AV signatures? every 2 hrs or more often 16% every 4 hrs 8% every 8 hrs 8% every 12 hrs 5% daily 58% only as announced 5% other, plus as announced 16% ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
<Is it reasonable to completely ban attachments?> I'm inclined to think not. Its like opening a flood gate and trying to close it. Simply put, even dropping passworded Zip files for me has churned a large degree of debate/resistance from my management and users. My arguing that SMTP is not FTP, hasn't won me any leverage based in part from the countering "We used to be able to do this". Of course theres always the argument "Censorship" too, which leads me to believe, their lemmings and I'm just going to have to find another way to fix a problem that has no signs of going away. But, just my 2¢s Cheers -Joe ----- Original Message ----- From: "Christopher J. Wolff" <chris@bblabs.com> To: <nanog@merit.edu> Sent: Sunday, March 07, 2004 3:26 PM Subject: Email security Best Practices; was RE: Email Security Poll
Based on Jon's results, it is reasonable to conclude that most corporate network operators provide some level of email security. Any given corporation can establish top-down policies mandating the use of an email security product. Said corporation only needs to manage compliance with
policy.
However, in the context of the commercial email operation there is a delicate balance between email security and sales prevention.
My question is, at what point does email security become too onerous for
the the
ISP customer? Is it reasonable to completely ban attachments?
Thank you for your time.
Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
participants (3)
-
Christopher J. Wolff
-
joe
-
Jon R. Kibler