[unisog] AV for MACS

Stephen Gill gillsr at cymru.com
Tue Dec 7 15:55:16 GMT 2004


Hi Karl,

One thing to keep in mind is that some of those "vulnerabilities" get placed
there by unwitting users.  There are many a windows virus/trojan that spread
through e-mail, p2p, aim, etc.

Additionally it is important to remember that many a windows bot spread by
exploiting the backdoors of others _not_ just through native Operating
System vulnerabilities.  Specifically a few windows mentionables include
mydoom, bagle, lovegate, radmin, optix, netdevil, subseven, kuang, msblast
backdoor, etc.  

Other "vulnerabilities" get placed there by people through insecure
configurations.  Many a windows bot spread through this manner (tcp 445
ntscan for weak logins comes to mind).  Misconfigurations will also get
abused.

There is a common factor between these all of these: people.  Although
operating system vulnerabilities are still a possibility, you don't need
them to have a problem, you just need people and miscreants to abuse them.

What would stop the same thing from happening on OSX?  Having a plan of
action for what to do if/when this happens would be a great idea.  AV
*might* be one of those tools to help you, or it might not.  You must weigh
the cost and benefits of course.

-- steve





More information about the unisog mailing list