Why exactly are you complying with Nick's statements? I would have thought you guys were arguing against said statements?
By the way, requirement #6 is particularly funny; it sounds peculiarly redundant to me... Cheers. On Mon, Apr 26, 2010 at 7:34 AM, Shaqe Wan <[email protected]> wrote: > > Nick, > > Please if you don't know what the standards are, please read: > > https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml > > See *Requirement #5*. Read that requirement carefully and its not bad to > read it twice though in case you don't figure it out from the first glance ! > > Also, I said that using an AV is some basic thing to do in any company that > wants to deal with CC, its a basic thing for even companies not dealing with > CC too !!! Or do you state that people must use a BOX with no AV installed > on it? If you believe in that fact? Then please request a change in the PCI > DSS requirements and make them force the usage of a non Windows O.S, such as > any *n?x system. > > Finally, the topic here is not about "default allow vs default deny" and if > I understand what that is or not! You can open a new discussion about that, > and I shall join there and discuss it further with you, in case you need > some clarification regarding it. > > Regards, > Shaqe > > > --- On *Sun, 4/25/10, Nick FitzGerald <[email protected]>* wrote: > > > From: Nick FitzGerald <[email protected]> > Subject: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds > To: [email protected] > Date: Sunday, April 25, 2010, 1:57 PM > > Shaqe Wan wrote: > > <<snip>> > > Because it shall be nonsense to deal with CC, and not have an Anti-virus > for example !! > > Well, you see, _that_ is abject nonsense on its face. > > Do you have any understanding of one of the most basic of security > issues -- default allow vs. default deny? > > There are many more secure ways to run systems _without_ antivirus > software. > > Anyone authoritatively stating that antivirus software is a necessary > component of a "reasonably secure" system is a fool. > > Anyone authoritatively stating that antivirus software is a necessary > component of a "sufficiently secure" system is one (or more) of; a > fool, a person with an unusually low standard of system security, or a > shill for an antivirus producer. > > So _if_, as you and another recent poster strongly imply, the PCI > standards include a specific _requirement_ for antivirus software, then > the standards themselves are total nonsense... > > > > Regards, > > Nick FitzGerald > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
