[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [FD] AV scan on read vs write debate....
From: Carlos P <charly_en_el_trabajo () yahoo ! com>
Date: 2014-06-30 14:40:44
Message-ID: 1404139244.23037.YahooMailNeo () web122304 ! mail ! ne1 ! yahoo ! com
[Download RAW message or body]
I agree with you, but from the outside, running "macintosh virus list" on g=
oogle makes me share their point of view, why should I burn cycles for such=
a tiny threat?
They are right if they only think in terms of their own platform.
I would concentrate my effort in solidarity, perhaps you can agree on a lig=
hter read scanning or an scheduled one. Yes, windows virus landscapes sucks=
, I wish a had a mac, please help me.
Show them that linux share the same scenario with mac and that you run AV i=
n linux despite the low threat.
My only doubt is about word macro virus in macintosh:
http://support.microsoft.com/kb/187243 (i see it in spanish)
Hope it helps you.
Carlos Pantelides
@dev4sec
http://seguridad-agile.blogspot.com/
El d=EDa lunes, 30 de junio de 2014 3:19, Reindl Harald <h.reindl@thelounge=
.net> escribi=F3:
=
Am 30.06.2014 01:38, schrieb Exibar:
> I see a war a-brewing in our Macintosh area, they're pushing for AV
> scanning on Write only...=A0 I'm pushing back, hard and winning so far....
> They don't seem to get it no matter how much they say they understand the
> dangers,
they're still stuck in the world where "Mac viruses just don't
> exist", and apparently they don't care if they have a Windows virus dorma=
nt
> on their machines either.... they claim they have a huge performance
> improvement with scan on read turned off...=A0 It always comes back to
> performance in their argument....
> =
> Does anyone have any white papers or any links or even any off the cuff
> thoughts that I can bring to these folks that will help prove my point th=
at
> only having scan on write is a *very* bad idea and a huge security hole?
easy - ask them what the scan of a
download helps
if it's executed later while due download there
was no matching signature
first comes the malware and then the signature to detect
if the dumb folk scan only once while store the malware
on a central fileserver that will greatly multiply damage
everytime a client opens the file with no scanning again
but if you are talk with Apple "the OS is secure" priests
forget it, they are learning resistent
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic