[unisog] AV for MACS

BACHAND, Dave (Info. Tech. Services) BachandD at easternct.edu
Mon Dec 6 14:42:12 GMT 2004


Hate to burst your bubble.  We have a small but fervent following of MAC
users here at Eastern.  I HAVE seen MAC viruses, and I HAVE seen MAC web
servers defaced when they failed to keep their machines patched.

Seems to me that it is prudent to use AV on every system that touches
shared data, whether they be Windows, MAC, or Linux.



-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Hasan Khalil
Sent: Saturday, December 04, 2004 7:09 PM
To: UNIversity Security Operations Group
Subject: Re: [unisog] AV for MACS


On Dec 4, 2004, at 18:28, Stan Horwitz wrote:

>
> On Fri, 3 Dec 2004, David Foster wrote:
>>
>> Well I would submit that in todays networking environment folks
>> like you are part of the problem. I work on Solaris, Linux and
>> IRIX systems, and my attitude used to be somewhat aligned with
>> yours. Until I was forced to install Sophos Antivirus software
>> on all systems to comply with our new campus minimum standards
>> for network security, and saw how many virus-laden files I had
>> on my systems.
>>
>> What you claim is the "only reason" for running Mac AV software
>> is definitely reason enough, IMHO. Even if we assume that your
>> Mac is safe from virii, for the time being, do you really think
>> that is the only issue here?
>
> As I said, running AV software to prevent Mac users from
> inadvertantly spreading a virus (or worm) to Windows users
> is a reasonable thing to do, but the point that was made
> about malicious macros makes more sense. And yes, I am
> certain my Mac is free of all virii, including macros.

How often do you ever really see a Mac take down your network? How 
often do you even see a Mac do Bad Things(tm) (virus related or not)? 
I'm really curious to see what other campus' experiences are, because, 
apart from false positives on campus-wide scans, to my knowledge, we've 
had little to none in that department.

Note: s/Mac/Mac\ OS\ X

_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list