Although I feel that AV is having a diminishing value it is nonetheless another layer. We have AV on our Macs at the office as that is the policy, although I have never received an alert from a Mac that I can remember (we have maybe only a dozen Macs). I get alerts daily from Windows workstations that blocked malicious payloads.
On Sun, Aug 26, 2012 at 6:05 AM, Bill Swearingen <[email protected]>wrote: > the irony of this question being asked on the "hack naked" list must be > noted. > > > On Sun, Aug 26, 2012 at 4:33 AM, John Strand > <[email protected]>wrote: > >> Lol. >> >> John Strand >> 605-550-0742 >> Sent from my phone. >> On Aug 25, 2012 10:05 PM, "Arch Angel" <[email protected]> wrote: >> >>> No worries John we would never question your genius, now if you wouldn't >>> open that PDF and wait for instructions :-) >>> >>> Not yet, wait for.... >>> >>> Almost ready.... >>> >>> There we go, thank you for your time :-) >>> >>> Robert >>> (arch3angel) >>> On Aug 25, 2012 10:15 AM, "John Strand" <[email protected]> >>> wrote: >>> >>>> Yea.. >>>> >>>> Thinking about it. Smart has nothing to do with it. >>>> >>>> I just announced to a security list that I dont run AV on my mac. >>>> >>>> Not to bright... Is it? >>>> >>>> John >>>> >>>> On Sat, Aug 25, 2012 at 7:17 AM, ash <[email protected]> wrote: >>>> >>>>> Hahaha I have to agree .. I also run Sophos on my macs .. im also >>>>> not as smart as John Strand .. and I am Australian .. I don’t have much >>>>> going for me here do I??**** >>>>> >>>>> ** ** >>>>> >>>>> DAMMIT**** >>>>> >>>>> ** ** >>>>> >>>>> ** ** >>>>> >>>>> Ash D**** >>>>> >>>>> ** ** >>>>> >>>>> *From:* [email protected] [mailto: >>>>> [email protected]] *On Behalf Of *Jeremy >>>>> Pommerening >>>>> *Sent:* Saturday, 25 August 2012 2:16 AM >>>>> >>>>> *To:* PaulDotCom Security Weekly Mailing List >>>>> *Subject:* Re: [Pauldotcom] AV for OSX**** >>>>> >>>>> ** ** >>>>> >>>>> I run Sophos on my MAC and don't notice any performance hit. But I am >>>>> NOT as smart as John Strand. >>>>> >>>>> **** >>>>> >>>>> **** >>>>> >>>>> Jeremy Pommerening >>>>> CISSP,GCFA,GPEN,GAWN,GCFW, >>>>> MCSE Win2K, MCSE NT4**** >>>>> >>>>> *From:* xgermx <[email protected]> >>>>> *To:* PaulDotCom Security Weekly Mailing List < >>>>> [email protected]> >>>>> *Sent:* Friday, August 24, 2012 10:22 AM >>>>> *Subject:* Re: [Pauldotcom] AV for OSX**** >>>>> >>>>> >>>>> >>>>> **** >>>>> >>>>> I like that analogy Chistopher. I've been running Sophos for a couple >>>>> days now and it's stayed out of my way for the most part. Even if I decide >>>>> to turn it off, I'll keep it installed for one-off scans. >>>>> >>>>> Thanks all. >>>>> >>>>> >>>>> >>>>> >>>>> **** >>>>> >>>>> On Fri, Aug 24, 2012 at 8:59 AM, Christopher Croad <[email protected]> >>>>> wrote:**** >>>>> >>>>> I have mixed feelings. I figure AV is at best 30% effective, and I >>>>> know I can keep my Mac pretty secure without it. Still, I run Sophos on >>>>> my >>>>> Mac and it doesn't get in the way. If it did, I would have no issue in >>>>> shutting it down. AV is like seatbelts on an airplane. They provide a >>>>> little security during bumpy flights, but a lap belt isn't going to do >>>>> much when the plane is rocking and rolling ( or crashing). >>>>> >>>>> Chris Croad**** >>>>> >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: [email protected] [mailto: >>>>> [email protected]] On Behalf Of Josh More >>>>> Sent: Thursday, August 23, 2012 11:23 PM >>>>> To: PaulDotCom Security Weekly Mailing List**** >>>>> >>>>> Subject: Re: [Pauldotcom] AV for OSX >>>>> >>>>> I agree with Ryan's view. >>>>> >>>>> Also, as a counterpoint to Michael's, it is surprisingly difficult to >>>>> not do anything stupid under OSX. The only way I've found to be >>>>> reasonably secure is to not run as admin (not hard, actually), use >>>>> Little Snitch and Glimmer Proxy (annoying) AND replace Safari >>>>> completely with a hardened Firefox (noscript, HTTPS Everywhere, >>>>> Request Policy, WOT, Adblock+, Certificate Patrol, etc)... which >>>>> pretty much completely kills a large part of the OSX experience. >>>>> >>>>> When you add to this, the tendency of Apple to release patches as >>>>> frequently as cicadas, I don't think that adding an additional layer >>>>> of defense, imperfect as it is, is a bad idea. >>>>> >>>>> I use Sophos on mine. >>>>> >>>>> -Josh More >>>>> >>>>> >>>>> >>>>> On Thu, Aug 23, 2012 at 4:43 PM, Michael D. Wood >>>>> <[email protected]> wrote: >>>>> > I also agree. Don't believe the hype, when/if it really comes down >>>>> to it - >>>>> > maybe, then look into something. In the meantime, be security aware >>>>> and >>>>> > don't do anything stupid. >>>>> > >>>>> > -- >>>>> > Michael D. Wood >>>>> > ITSecurityPros.org <http://itsecuritypros.org/> >>>>> > http://www.itsecuritypros.org/ >>>>> > >>>>> > -----Original Message----- >>>>> > From: [email protected] >>>>> > [mailto:[email protected]] On Behalf Of Alex >>>>> Kornilov >>>>> > Sent: Thursday, August 23, 2012 10:55 AM >>>>> > To: [email protected] >>>>> > Subject: Re: [Pauldotcom] AV for OSX >>>>> > >>>>> > On 8/22/12 10:20 PM, John Strand wrote: >>>>> >> No. >>>>> >> >>>>> >> The reason? I have yet to be on a test were it gets in the way. >>>>> >> >>>>> >> I do know it causes your system to run slower and crash more. >>>>> >> >>>>> >> I would rather have a faster, less secure system than the illusion >>>>> of >>>>> >> security. >>>>> > +1 >>>>> > I agree. Don't believe propaganda from yellow press IT blogs. >>>>> > _______________________________________________ >>>>> > Pauldotcom mailing list >>>>> > [email protected] >>>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>> > Main Web Site: http://pauldotcom.com >>>>> > >>>>> > _______________________________________________ >>>>> > Pauldotcom mailing list >>>>> > [email protected] >>>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>> > Main Web Site: http://pauldotcom.com/ >>>>> _______________________________________________ >>>>> Pauldotcom mailing list >>>>> [email protected] >>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>> Main Web Site: http://pauldotcom.com/ >>>>> _______________________________________________ >>>>> Pauldotcom mailing list >>>>> [email protected] >>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>> Main Web Site: http://pauldotcom.com/**** >>>>> >>>>> ** ** >>>>> >>>>> >>>>> _______________________________________________ >>>>> Pauldotcom mailing list >>>>> [email protected] >>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>> Main Web Site: http://pauldotcom.com/**** >>>>> >>>>> _______________________________________________ >>>>> Pauldotcom mailing list >>>>> [email protected] >>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>> Main Web Site: http://pauldotcom.com >>>>> >>>> >>>> >>>> >>>> -- >>>> John Strand >>>> O: (605) 550-0742 >>>> C: (303) 710-1171 >>>> >>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
