[unisog] AV for MACS

hermit921 hermit921 at yahoo.com
Mon Dec 6 20:16:14 GMT 2004


Not much here that is useful:
http://www.avantgarde.com/ttln113004.html

I, too, would like to know what they considered an attack.  Most of the 
attacks I see don't indicate prior knowledge of the OS they are attacking.

hermit921



At 11:05 AM 12/6/2004, Russell Fulton wrote:
>On Mon, 2004-12-06 at 10:20 -0700, Jim Dillon wrote:
>
> > Platform    Total attacks     Attacks/day     Attacks/hour
> > XP SP1      139,024           8,177           341
> > OS X        138,647           8,155           339
> > Win SBS      25,222           1,400            61
> > XP SP2        1,386              82             3.4
> > XP w/ZoneAlarm  848              50             2.1
> > Linspire        795              46             1.9
>
>I would be interested in seeing more details of this exercise.  Do you
>have a url for the full write up Jim?
>
>The table on its own raises more questions than it answers: such as were
>the attacks actually relevant to the platform? and even more basic -
>what constitutes an attack.
>
>I suspect that the key thing here is the amount of firewalling the
>respective systems had, or to look at it another way, were 135-139 + 445
>exposed.
>
>In my books malicious code designed for windows but sent to a UNIX
>system is not an attack.
>
>All that said, our official policy is that all Mac run SAV.  With the
>current version on Mac OSX people seem very happy but there are issues
>with OS9, to the point where some departments decided that it was more
>trouble that it was worth.
>
>With the increasing popularity of Linux on the desktop in the 'real
>world' I am now wondering when (not if) we will see a significant threat
>to Linux systems from automated malware.  Remember that Linux users are
>just as vulnerable to social engineering issues as windows  and macs
>users, particularly as they become less sophisticated.  Perhaps I should
>rephrase that ;)  --- as the linux user population includes a greater
>proportion of of less sophisticated users.
>
>Cheers, Russell
>
>--
>Russell Fulton, Information Security Officer, The University of Auckland
>New Zealand
>
>_______________________________________________
>unisog mailing list
>unisog at lists.sans.org
>http://www.dshield.org/mailman/listinfo/unisog




More information about the unisog mailing list