[unisog] AV for MACS - Additional Info as requested

Richard Godbee rwg at vt.edu
Tue Dec 7 14:16:10 GMT 2004


On Dec 6, 2004, at 2:55 PM, Jim Dillon wrote:

> http://www.usatoday.com/tech/news/computersecurity/hacking/2004-11-29- 
> honeypot_x.htm

The following PDF has more information than the press release and USA  
Today story:
http://www.avantgarde.com/xxxxttln.pdf

Things that bothered me about their report:

- They never defined what they considered an attack.
- All of the Windows systems in their test were configured with an  
account with Administrator privileges and a password of "password".
- They claim "Windows XP SP1 does not include an integrated firewall  
application ..."
- They claim OS X survived because all of the attacks were  
Windows-specific.  It is further implied that the OS X machine would  
have been "very vulnerable" if someone had just bothered to write an  
exploit or two.  (It couldn't be that OS X has almost no programs  
listening on external interfaces out of the box!  No way!)
- Avantgarde is a marketing company, and various articles found with  
Google imply Zone Labs had a hand in the study.  By the end of the  
report, I felt like I was reading a vendor-supplied white-paper about  
personal firewall software.  (Must ... buy ... firewall ... software  
... *drool*)

-- 
Richard Godbee, Unix Systems Administrator
Department of Geosciences, Virginia Tech
4044 Derring Hall (0420), Blacksburg, VA 24061
rwg at vt.edu / +1.540.231.7002 / +1.540.231.3386 (FAX)




More information about the unisog mailing list