[unisog] AV for MACS

Cal Frye cjf at calfrye.com
Mon Dec 6 13:49:42 GMT 2004

1) We have had a couple of cases of SSH being used to route massive file 
transfers through a privileged Mac, using most of our Internet bandwidth. The 
problem in these cases was weak passwords, coupled with users not being aware 
their systems were listening on SSH.

2) "Internet Connection Sharing" on Windows and Macintosh is a Bad Thing (tm), 
particularly on the fringes of our wireless cloud where a system has a wired 
connection in a different subnet than the wireless one. There are, of course, 
ways to limit the bad effects, but IMHO it's way too easy to set this up. Saw 
one of these just last night as folks returned to campus from the weekend at 
home :-(

3) We have an annoying "feature" of Virex that acts to maintain a low-grade 
infection of the Thus macro virus on campus. By default, Virex does not scan the 
directory where the Microsoft default template is stored, hence it never cleans 
it up once infected. Our users think they are running AV on their Macs, but are 
still happily sending infected files to their colleagues. Then they're baffled 
when they're told their system is infected.

--Cal Frye, Network Administrator, Oberlin College
  www.ouuf.org, www.calfrye.com

   "If most of us are ashamed of shabby clothes and shoddy furniture, let us be 
more ashamed of shabby ideas and shoddy philosophies." -- Albert Einstein.

Hasan Khalil wrote:
> How often do you ever really see a Mac take down your network? How often 
> do you even see a Mac do Bad Things(tm) (virus related or not)? I'm 
> really curious to see what other campus' experiences are, because, apart 
> from false positives on campus-wide scans, to my knowledge, we've had 
> little to none in that department.
> Note: s/Mac/Mac\ OS\ X

More information about the unisog mailing list