[unisog] AV for MACS

Stephen Gill gillsr at qorbit.net
Mon Dec 6 21:55:19 GMT 2004


Interesting ;).

--- snip snip ---

<unisog at lists.sans.org>: host mail2.sans.org[63.100.47.43] said: 553 sorry,
    that domain isn't in my list of allowed rcpthosts (#5.7.1) (in reply to
    RCPT TO command)

--- snip snip ---


Hi Hasan,

> The point here is that some of us feel that Mac OS X is much more
> 'immune' to virus attack than many other operating systems, including
> at the top of this list Microsoft's Windows. Looking at the subject
> line of this thread, the point is _not_ that it was compromised. I
> still haven't seen anything to refute this claim.

I think you missed the point of my note.  Whether or not a given platform is
more or less immune, doesn't mean you should ignore certain aspects of
security on it.  The same argument for a "properly secured" host can be made
on any platform.

Likewise, AV catches only a portion of malware out there.

If there is an opportunity for abuse, sooner or later it _will_ get abused.
The question is what tools have you put in place to deal with those issues
_when_, not _if_ they happen.  Whether or not you feel AV should be part of
your toolkit for that platform is entirely up to you.

> I'd say Mac OS X is more secure by a long ways. That's just my subjective
> opinion though.

I can't say I'd disagree.

> I think there has been sufficient attack, err, 'discussion' on the
> honeypot report table that Jim Dillon was kind enough to forward to us,
> so I don't think I even need to get into that one. Russell Fulton
> pretty much summed up what I wanted to say regarding that one.

I'd probably agree with you on that too, though I wasn't even involved in
that discussion :).

-- steve





More information about the unisog mailing list