"Then, as I said, the PCI requirements are total nonsense..." You say this based on absolutely zero understanding of what the requirements are, by your own admission?
On Sun, Apr 25, 2010 at 8:40 PM, Nick FitzGerald <[email protected]> wrote: > Tracy Reed to me: > >> > Anyone authoritatively stating that antivirus software is a necessary >> > component of a "reasonably secure" system is a fool. >> >> No, they just think all the world is Windows. > > My comments were, and still are, OS agnostic. > > It matters not what the OS -- anyone authoritatively stating that > antivirus software is a necessary component of a "reasonably secure" > system is a fool. > > Ditto my second comment... > >> > So _if_, as you and another recent poster strongly imply, the PCI >> > standards include a specific _requirement_ for antivirus software, then >> > the standards themselves are total nonsense... >> >> PCI only requires antivirus for systems commonly affected by >> viruses. ... > > Then, as I said, the PCI requirements are total nonsense... > >> ... This means Windows. PCI security council has said that UN*X >> OSs etc. are not required to have antivirus. > > So what system and application integrity requirements do they require > for those OSes (presumably "instead of antivirus")? > > Your response strengthens my belief that PCI is dangerous because it > enshrines small-minded ignorance as "best practice" (or, at least, as > "minimally acceptable practice") without recognizing the possibility > that there may be better options that have not been so, ummm "over > sold" as to become perceived as necessary. > > > > Regards, > > Nick FitzGerald > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
