Re: AV for OSX

[John Strand <john () blackhillsinfosec com>]

Lol.

John Strand
605-550-0742
Sent from my phone.
On Aug 25, 2012 10:05 PM, "Arch Angel" <arch3angel () gmail com> wrote:

> No worries John we would never question your genius, now if you wouldn't
> open that PDF and wait for instructions :-)
>
> Not yet, wait for....
>
> Almost ready....
>
> There we go, thank you for your time :-)
>
> Robert
> (arch3angel)
> On Aug 25, 2012 10:15 AM, "John Strand" <john () blackhillsinfosec com>
> wrote:
>
> > Yea..
> >
> > Thinking about it.  Smart has nothing to do with it.
> >
> > I just announced to a security list that I dont run AV on my mac.
> >
> > Not to bright...  Is it?
> >
> > John
> >
> > On Sat, Aug 25, 2012 at 7:17 AM, ash <ash () ash-d net> wrote:
> >
> > >  Hahaha I have to agree .. I also run Sophos on my macs .. im also not
> > > as smart as John Strand .. and I am Australian .. I don’t have much going
> > > for me here do I??****
> > >
> > > ** **
> > >
> > > DAMMIT****
> > >
> > > ** **
> > >
> > > ** **
> > >
> > > Ash D****
> > >
> > > ** **
> > >
> > > *From:* pauldotcom-bounces () mail pauldotcom com [mailto:
> > > pauldotcom-bounces () mail pauldotcom com] *On Behalf Of *Jeremy
> > > Pommerening
> > > *Sent:* Saturday, 25 August 2012 2:16 AM
> > >
> > > *To:* PaulDotCom Security Weekly Mailing List
> > > *Subject:* Re: [Pauldotcom] AV for OSX****
> > >
> > >  ** **
> > >
> > > I run Sophos on my MAC and don't notice any performance hit.  But I am
> > > NOT as smart as John Strand.
> > >
> > > ****
> > >
> > >  ****
> > >
> > > Jeremy Pommerening
> > > CISSP,GCFA,GPEN,GAWN,GCFW,
> > > MCSE Win2K, MCSE NT4****
> > >
> > > *From:* xgermx <xgermx () gmail com>
> > > *To:* PaulDotCom Security Weekly Mailing List <
> > > pauldotcom () mail pauldotcom com>
> > > *Sent:* Friday, August 24, 2012 10:22 AM
> > > *Subject:* Re: [Pauldotcom] AV for OSX****
> > >
> > >
> > >
> > > ****
> > >
> > > I like that analogy Chistopher. I've been running Sophos for a couple
> > > days now and it's stayed out of my way for the most part. Even if I decide
> > > to turn it off, I'll keep it installed for one-off scans.
> > >
> > > Thanks all.
> > >
> > >
> > >
> > >
> > > ****
> > >
> > > On Fri, Aug 24, 2012 at 8:59 AM, Christopher Croad <ccroad () syr edu>
> > > wrote:****
> > >
> > > I have mixed feelings.  I figure AV is at best 30% effective, and I know
> > > I can keep my Mac pretty secure without it.  Still, I run Sophos on my Mac
> > > and it doesn't get in the way.  If it did, I would have no issue in
> > > shutting it down.  AV is like seatbelts on an airplane.  They provide a
> > > little security during bumpy flights, but a lap belt isn't  going to do
> > > much when the plane is rocking and rolling ( or crashing).
> > >
> > > Chris Croad****
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: pauldotcom-bounces () pdc-mail pauldotcom com [mailto:
> > > pauldotcom-bounces () pdc-mail pauldotcom com] On Behalf Of Josh More
> > > Sent: Thursday, August 23, 2012 11:23 PM
> > > To: PaulDotCom Security Weekly Mailing List****
> > >
> > > Subject: Re: [Pauldotcom] AV for OSX
> > >
> > > I agree with Ryan's view.
> > >
> > > Also, as a counterpoint to Michael's, it is surprisingly difficult to
> > > not do anything stupid under OSX.  The only way I've found to be
> > > reasonably secure is to not run as admin (not hard, actually), use
> > > Little Snitch and Glimmer Proxy (annoying) AND replace Safari
> > > completely with a hardened Firefox (noscript, HTTPS Everywhere,
> > > Request Policy, WOT, Adblock+, Certificate Patrol, etc)... which
> > > pretty much completely kills a large part of the OSX experience.
> > >
> > > When you add to this, the tendency of Apple to release patches as
> > > frequently as cicadas, I don't think that adding an additional layer
> > > of defense, imperfect as it is, is a bad idea.
> > >
> > > I use Sophos on mine.
> > >
> > > -Josh More
> > >
> > >
> > >
> > > On Thu, Aug 23, 2012 at 4:43 PM, Michael D. Wood
> > > <mike () itsecuritypros org> wrote:
> > > > I also agree.  Don't believe the hype, when/if it really comes down to
> > > it -
> > > > maybe, then look into something.  In the meantime, be security aware
> > > and
> > > > don't do anything stupid.
> > > >
> > > > --
> > > > Michael D. Wood
> > > > ITSecurityPros.org <http://itsecuritypros.org/>
> > > > http://www.itsecuritypros.org/
> > > >
> > > > -----Original Message-----
> > > > From: pauldotcom-bounces () mail pauldotcom com
> > > > [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Alex
> > > Kornilov
> > > > Sent: Thursday, August 23, 2012 10:55 AM
> > > > To: pauldotcom () mail pauldotcom com
> > > > Subject: Re: [Pauldotcom] AV for OSX
> > > >
> > > > On 8/22/12 10:20 PM, John Strand wrote:
> > > > > No.
> > > > >
> > > > > The reason?  I have yet to be on a test were it gets in the way.
> > > > >
> > > > > I do know it causes your system to run slower and crash more.
> > > > >
> > > > > I would rather have a faster, less secure system than the illusion of
> > > > > security.
> > > > +1
> > > > I agree. Don't believe propaganda from yellow press IT blogs.
> > > > _______________________________________________
> > > > Pauldotcom mailing list
> > > > Pauldotcom () mail pauldotcom com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com
> > > >
> > > > _______________________________________________
> > > > Pauldotcom mailing list
> > > > Pauldotcom () mail pauldotcom com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com/
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom () mail pauldotcom com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com/
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom () mail pauldotcom com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com/****
> > >
> > > ** **
> > >
> > >
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom () mail pauldotcom com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com/****
> > >
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom () mail pauldotcom com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> >
> >
> > --
> > John Strand
> > O: (605) 550-0742
> > C: (303) 710-1171
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com