Re: Malware (antivirus) software for Macintosh

[Louis APONTE <LouisAponte () WEBER EDU>]

Alex
 
You are correct Apple knew about this we all know that a response was
slow incoming. I am not sure why Flashback was a non-event for us, since
I have a very small population on McAfee anti-malware 1.x or
(9.1.0.4478) I spot checked critical systems at the start of this, what
I found was tons of needed updates queued up. I guess what I said badly
was you need an AV solution in place (McAfee does rather well on snow
leopard and Mt lion ), but don't forget the importance of patching via
updates if you have no other central solution for Mac patching. We also
enable the Mac firewall and include that in our guidelines on securing
Macs. No I would never say you don't need a Mac AV solution, the only
box I have in my office completely free of threats is a tissue box.


 
 
Louis Aponte

Weber State University

 
> > > On 5/17/2012 at 2:50 PM, in message
<848EA831-20E8-4958-A96E-8715EC4A52A0 () unc edu>, "Everett, Alex D"
<alex.everett () UNC EDU> wrote:

Louis: 

Maybe I am misreading this, but Apple Updates did not offer protection
in time, though patching is of course sound advice.
A Java vulnerability was not patched until after exploitation took
place.
We did have good experience with anti-malware software if the user had
it already installed.
We had poor experience with network security mitigation technologies.

References:
https://www.securelist.com/en/analysis/204792227/The_anatomy_of_Flashfake_Part_1

Sincerely,

Alex Everett, CISSP, CCNA
University of North Carolina
Chapel Hill, NC

On May 17, 2012, at 4:01 PM, Louis APONTE wrote:



Hi 

McAfee antimalware here, I have to say keeping your Mac software
updates current was primary protection vector we saw for Flashback. As
Apple released the two or three OS patches we installed asap. I am
saying its best to do both in tandem for best results set OS updates to
daily and install automatically as a service for your Mac users, and
have AV of one kind or another. Very few of our users disagree with this
approach. 



> > > On 5/17/2012 at 01:17 PM, in message
<99589267-1F4D-430C-ACE0-5E75F39521D5 () uvm edu>, Dean Williams
<dean.williams () UVM EDU> wrote:

A rash of Flashback infections has us thinking about mal ware
protection for our Macintoshes.  Is anyone using a product that you’d
recommend (or recommend against!)?   If you are supporting mal ware
protection for your Macintoshes, is the impact on system performance
acceptable?   Is it effective in preventing or at least detecting
infections?  Are updates timely?  Is it affordable?   

Thanks for any experience or insight you can share.  

Dean Williams, GSLC      
Information Security Officer                              
Enterprise Technology Services       
University of Vermont 
Dean.Williams () uvm edu | 802-656-1174  
http://www.uvm.edu/it/ 











Sincerely,


Alex Everett, CISSP, CCNA
Information Security Office
University of North Carolina at Chapel Hill
919.445.9393