[unisog] AV for MACS
gillsr at cymru.com
Tue Dec 7 15:55:16 GMT 2004
One thing to keep in mind is that some of those "vulnerabilities" get placed
there by unwitting users. There are many a windows virus/trojan that spread
through e-mail, p2p, aim, etc.
Additionally it is important to remember that many a windows bot spread by
exploiting the backdoors of others _not_ just through native Operating
System vulnerabilities. Specifically a few windows mentionables include
mydoom, bagle, lovegate, radmin, optix, netdevil, subseven, kuang, msblast
Other "vulnerabilities" get placed there by people through insecure
configurations. Many a windows bot spread through this manner (tcp 445
ntscan for weak logins comes to mind). Misconfigurations will also get
There is a common factor between these all of these: people. Although
operating system vulnerabilities are still a possibility, you don't need
them to have a problem, you just need people and miscreants to abuse them.
What would stop the same thing from happening on OSX? Having a plan of
action for what to do if/when this happens would be a great idea. AV
*might* be one of those tools to help you, or it might not. You must weigh
the cost and benefits of course.
More information about the unisog