Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds

From: Michel Messerschmidt <lists@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 26 Apr 2010 23:07:14 +0200

On Mon, Apr 26, 2010 at 06:02:48AM -0700, Shaqe Wan wrote:

I am not stating that PCI is good in no way, but I am saying that its a MUST for companies dealing with CC. And in a windows environment, an AV is important.

Did you consider that an anti-virus may actually be the worst security
solution for certain threats because it allows companies not to think
about security while providing insufficient protection?

What's your choice:
Company A installs an anti-virus and updates it regularly (BTW regularly
includes once a year).
Company B has a recovery concept, incident response team, vulnerability
monitoring, patch management, NIDS, security training but no anti-virus.

He probably thought that I am with the rules of PCI, or that I don't have any idea that the world is not just WINDOWS !!!

No, I don't think so.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Honer, Lance
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Shaqe Wan
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Lyal Collins
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Mike Hale

References:
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Shaqe Wan
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Christian Sciberras
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Shaqe Wan

Prev by Date: [Full-disclosure] Team SHATTER Security Advisory - Oracle Database SQL Injection vulnerability in DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE
Next by Date: [Full-disclosure] 2010 Nmap/SecTools.org survey
Previous by thread: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
Next by thread: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
Index(es):
- Date
- Thread

Relevant Pages

Re: a-squared and Trojan Scan
... not an anti-virus since I don't have a virus that needs ... | 6/15/06 updates from Microsoft have been installed. ... McAfee focuses on viruses and Trojans and some non-viral malware while Ad-aware SE focuses ...
(microsoft.public.windowsxp.security_admin)
Re: a-squared and Trojan Scan
... not an anti-virus since I don't have a virus that needs ... | 6/15/06 updates from Microsoft have been installed. ... McAfee focuses on viruses and Trojans and some non-viral malware while Ad-aware SE focuses ...
(microsoft.public.windowsxp.security_admin)
Re: Cant Display .eml in Outlook Express and Printer Issues
... What anti-virus application or security suite is installed and is your subscription current? ... Disable email scanning by your anti-virus application. ... Please do NOT install IE7 or WinXP SP3 at this point, ... received message does not have the photos inline. ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: a-squared and Trojan Scan
... | the left pane and Security is the next best option. ... Microsoft should put ... | Anti-Virus in the pane since there is a forum for it. ... McAfee Stinger is a tool that only target ~55 infectors, mostly internet Worms so unless you ...
(microsoft.public.windowsxp.security_admin)
RE: [Re-post] Suggestions for basic software for security
... You can download a free Anti-Trojan tool, ... You can download the free Ad-Aware from www.ad-aware.com ... Anti-Virus - free Anti-Virus is from the AVG Free Edition. ... Suggestions for basic software for security ...
(Security-Basics)