Over To You: Dear Ed, My understanding is that Unix/BSD are more susceptible to Worms and not viruses.
From TechTarget's WhatIs (dot) com defines a worm as a self-replicating code that does not alter files but resides in active memory and duplicates itself. It is common for worms to be noticed ONLY when their uncontrolled replication consumes system resources, slowing or halting other tasks. From Webopedia, you will find an article titled, "The Difference Between a Computer Virus, Worm and Trojan Horse", a worm has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One common mistake that people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are NOT exactly the same thing. I believe that due to compliance this area is being treated generically to all operating systems even when it would be a waste of time and resources both of man power and computing to make it so for all. Are these measures being applied just because management and those who are managing compliance are requiring it without the true understanding of the difference of these techniques, I ask you. I suppose that it is the easier method approach. If you are a large fortune 500 firm, you may need to apply this needed technology for the infections that are of the blended hybrid category. Otherwise, I agree with you, "I like to stick with the philosophy that you only get vaccinations or take antibiotics if the risks with them are lower than the risks without them." This has also been my experience and my two (2) cents. Regard, Harvey Rothenberg “Science without religion is lame. Religion without science is blind.” Albert Einstein --- On Tue, 6/11/13, Edward Ned Harvey (lopser) wrote: > From: Edward Ned Harvey (lopser) > Subject: Re: [lopsa-discuss] Antivirus best practices: for Mac? for Unix? > To: "Mack Rhinelander" , "discuss" > Date: Tuesday, June 11, 2013, 7:37 AM > > From: discuss-boun...@lists.lopsa.org > [mailto:discuss- > > boun...@lists.lopsa.org] > On Behalf Of Mack Rhinelander > > > > I'm deploying antivirus in our small office, and I'm > researching best > > practices. > > > > Is antivirus appropriate for Mac's/OS X? > > No OS is perfect; they are all subject to vulnerabilities, > so at least in theory, it is best practice to run antivirus > to reduce the risk. In fact, viruses and malware do > exist for macs / linux. > > However, in practice, I like to stick with the philosophy > that you only get vaccinations or take antibiotics if the > risks with them are lower than the risks without them. > (In personal health, too.) > > In my experience so far, I've never seen mac or linux > antivirus actually *defend* against a mac or linux > virus. And I *have* on several occasions, seen the > antivirus cause some harm. The clearest most dramatic > example was when the CEO ran sophos on his mac. He had > a huge tar.gz file backup of his most important stuff. > For backup, he wanted to copy it out of there. So we > mounted a samba share, and started a "cp" to copy it > out. After an inordinately long time, computer > crashed. I lost some hours working on it, and > eventually figured out, that sophos saw him trying to write > a tar.gz file, so sophos intercepted the behavior, caused IO > wait for the "cp" process, meanwhile writing the whole thing > from local disk to local disk in the tmp directory, and then > extracted it to scan for viruses, before it would allow cp > to actually write the new location. But there wasn't > enough disk space for 3 copies of the same information on > local disk. > > Solution: Uninstall sophos. > _______________________________________________ > Discuss mailing list > Discuss@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System > Administrators > http://lopsa.org/ > _______________________________________________ Discuss mailing list Discuss@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
