Whitelist is a very blunt tool. If software is replaced, upgraded or patched things soon get messy and involve a lot of administrative overhead. It is also not very flexible.
Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -----Original Message----- From: S Powell <powe...@gmail.com> Date: Thu, 13 Oct 2011 16:32:32 To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com> Reply-To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com>Subject: Re: Macs and vunerabilities I know that many people on this list use GPO to whitelist apps in windows, you can do the same on a mac with parental controls. We have a few, laptops and iMacs; and while they are only used by admins, we have had normal users using them in the past. we have used Sophos and ClamXAV, but for the most part simply limiting the users from running as admin goes a long way. MacDefender required admin credentials to install. ----------------- Who'd you rather be, the Beatles or the Rolling Stones? On Thu, Oct 13, 2011 at 15:41, Steven Peck <sep...@gmail.com> wrote: > The most recent big one was the Mac Defender. > http://en.wikipedia.org/wiki/Mac_Defender > > Apple's initial response was 'head inthe ground'. Due to outrage they did > eventually provide a fix. > > QUOTE > According to Sophos, by May 24, there had been sixty thousand calls to > AppleCare <http://en.wikipedia.org/wiki/AppleCare> technical support about > Mac Defender-related > issues,[16]<http://en.wikipedia.org/wiki/Mac_Defender#cite_note-wisniewski-apple-support-15>and > Ed Bott of > ZDNet <http://en.wikipedia.org/wiki/ZDNet> reports that the number of > calls to AppleCare increased in volume due to Mac Defender, and that a > majority of the calls now pertain to Mac > Defender.[17]<http://en.wikipedia.org/wiki/Mac_Defender#cite_note-bott-16>AppleCare > employees have been told not to assist callers in removing the > software.[18]<http://en.wikipedia.org/wiki/Mac_Defender#cite_note-cluley-malware-17>Specifically, > support employees have been told not to instruct callers on > how to use Force Quit and Activity Monitor to stop Mac Defender, as well as > not to direct callers to any discussions pertaining to the problems caused > by Mac > Defender.[16]<http://en.wikipedia.org/wiki/Mac_Defender#cite_note-wisniewski-apple-support-15>An > anonymous AppleCare support employee said that Apple instituted the > policy in order to prevent users from relying on technical support instead > of anti-virus > programs.[18]<http://en.wikipedia.org/wiki/Mac_Defender#cite_note-cluley-malware-17> > /QUOTE > > While I don't see it in the wikipedia article, I believe that Russian law > enforcement raided a company where they provided services using this and a > variety of other programs to exploit systems and information stolen from > them. > > While in this case and it's varients these are primarily trojan based, with > no enterprise monitoring or reporting capabilities you have no way of > knowing if this is in your environment or not. > > On Thu, Oct 13, 2011 at 3:01 PM, David Lum <david....@nwea.org> wrote: > >> Well, we’re getting a Mac invasion here and there is zero apparent concern >> for managing these things or worrying about vulnerabilities. To get to AD >> resources they’re standing up Win7 VM’s but doing as much work as possible >> on the native MacOS.**** >> >> ** ** >> >> They can get to the Internet, file shares, printers, e-mail, etc on native >> Mac but I just have alarms going off in my head “unmanaged machines with no >> idea what intellectual property is on them”.**** >> >> ** ** >> >> Dave**** >> >> ** ** >> >> *From:* kz2...@googlemail.com [mailto:kz2...@googlemail.com] >> *Sent:* Thursday, October 13, 2011 2:49 PM >> >> *To:* NT System Admin Issues >> *Subject:* Re: Macs and vunerabilities**** >> >> ** ** >> >> I remember the big "mac virus" recently was socially engineered - but >> that's definitely the mac's biggest vulnerability. Given that mac users >> generally believe they are invulnerable, its an arguably bigger vector than >> the same one on a Windows system.**** >> >> Sent from my POS BlackBerry wireless device, which may wipe itself at any >> moment**** >> ------------------------------ >> >> *From: *David Lum <david....@nwea.org> **** >> >> *Date: *Thu, 13 Oct 2011 21:45:39 +0000**** >> >> *To: *NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com>**** >> >> *ReplyTo: *"NT System Admin Issues" < >> ntsysadmin@lyris.sunbelt-software.com>**** >> >> *Subject: *Macs and vunerabilities**** >> >> ** ** >> >> Does anyone have a link to an article or two that shows vulnerabilities >> that have actually been exploited? Preferably not a random blog post…**** >> >> *David Lum* >> Systems Engineer // NWEATM >> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764**** >> >> ** ** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin**** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin**** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
