>However, "Microsoft crap" is the main target for virus distributors >because it is so ubiquitous, and because this is what most Third >World Mutants are using. Even those living in the slums of Manila or If security is essential for one's business to the point of willing to use non-microshit OS, then that will buy more security against the attackers at large than anything one can put on the top of windoze. Targeted attacks will not be affected by using, say, Macintoshes, but *ALL* attacks that press reported in the last 12 months would be effectively disabled. Small companies without employees with IQ < 70 are starting to realise this. If ability to use ms word, ms powerpoint and ms excell is the total and exhaustive sum of talents, then such employee belongs to the third world place. Unfortunately, some areas of Silly Valley are such places :-) We use Macs, and air gap as the firewall. This means that each workplace has two Macs, one on the internal net w/o any external connectivity (I mean no copper/wireless, maybe some Tempest), and the other connected to the Internet through the regular firewall. The policy is that all the development and sensitive office mail happens on the intranet. PGP is still used for mail and encrypted partitions for sensitive data. The Internet Macs are for surfing and anything else that the user wants to do. We do not attempt to protect ourselves from malicious employees - we trust them to be intelligent enough to circumvent all such attempts. We found that this double-hw setup is in practice cheaper than the constant maintenance of the firewall patches, scanning all bits for the shit, etc. And it is definitely safer. Of course, we use single monitor with dual inputs.
