[unisog] AV for MACS

Stephen Gill gillsr at cymru.com
Mon Dec 6 18:37:06 GMT 2004


Hi Julian,

> But again, that's a compromise of a host due to poor configuration, not a
> viral/worm infection.

The point is it was compromised.  The motivations are the same, and
miscreants use targets of opportunity.  Why bother with a virus if you can
own a system through a weak password?  "Viruses" can just as easily be
installed _after_ a system is compromised.

Strictly using AV is not the answer either.  At times, close to 50% of the
malware we see is not detected by antivirus signatures.  Does AV help?
Sure, but it probably doesn't catch as much as you would hope.

We win by degrees and use tools to fill in gaps where others stop short.  No
single solution is perfect - using multiple tools to complement each other
will increase the likelihood of a succesful defense.

Cheers,
-- steve 





More information about the unisog mailing list