On 19 December 2017 at 11:51, Michael <[email protected]> wrote: > > On 2017-12-19, at 2:15 AM, @lbutlr <[email protected]> wrote: > > > On 18 Dec 2017, at 03:14, Jean-Christophe Helary < > [email protected]> wrote: > >> A client is kind of requesting that I install an anti-virus/malware on > my mac… >
Giving the timing, the OP may be subject to "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations" (NIST Special Publication 800-171)? This requires: 1. 3.7.4 Check media containing diagnostic and test programs for malicious code before the media are used in the information system. 1. 3.14.2 Provide protection from malicious code at appropriate locations within organizational information systems. 1. 3.14.4 Update malicious code protection mechanisms when new releases are available. These are very reasonable requirements. ClamAV, used properly, would meet them. > > > > Explain to them the reasons this is a bad idea. > > OK, why is this a bad idea? > > >> Do you have any recommendation ? I checked the web already and it looks > like Sophos does the job *and* is free… > > > > My recommendation for Macs is always the same, do not run as admin, do > not run anti-virus software. Do not download software for bit torrent. > > 1. What is wrong with AV? > Many AV tools run with admin or root privileges, send too much information to a system not under your control. > 2. What is wrong with bit torrent? > > I know that bad stuff can be seeded, and labeled as "good". > But it is no different than downloading anything else. > And if you trust the person publishing the seed, what is wrong with the > resultant file? > > (I have my own issues with bit torrent. In the long past, bit torrent > software would not let you download faster than you uploaded; to promote > sharing, your download credit was based on what you have uploaded. So > instead of downloading as fast as your download pipe, by downloading from > five or six places at once, your download was limited to your upload speed. > I do hope that has been changed/fixed.) > > > > > If you are very concerned, then crank up the gatekeeper protection to > only allow App Store apps (and previously installed app) to run. > > Mine is set to require signed applications, or else manual authorization. > The OP may have a belt, but his customer is within their rights to ask for suspenders too. If the OP is subject to NIST Special Publication 800-171 then a tool that scans for malicious code is mandatory, has to be actually used, and has to be updated as new versions come along. -- George N. White III <[email protected]> Head of St. Margarets Bay, Nova Scotia
_______________________________________________ MacOSX-talk mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-talk
