Aug
19
PCI DSS 1.2 – Anti-virus for *all* platforms
Posted (db) in General on August-19-2008

 

virus As I wrote yesterday on the summary of changes to PCI DSS 1.2 coming October 1st to a city near you.

Requirement 5:  Clarified that requirement for use of anti-virus software applies to all operating system types.

I was a little surprised because the prevailing wisdom that only Anti-virus protection applies to Microsoft windows platform really applied for PCI.

While still on the "marathon morning" webinar this morning:  Graham Cluley (his blog is here) of Sophos had an excellent and informative presentation "Viruses and Spam in 2008 – A look a the current security landscape and future trends"

Two Items of note related to PCI DSS and Anti-virus:

 

I would say that the risk is low to OSX and Linux, but we are seeing attacks in 2008 on these platforms which does make the PCI DSS 1.2 Anti-Virus requirement clarification more reasonable. Expect to see AV for Linux, Mac and other platforms products being marketed towards the end of this year and 2009 and on.

 

 

 

No related posts.
   Read More   

Comments:
Auntie AntiVirus on September 23rd, 2008 at 2:29 pm #

Putting Antivirus on a hardened secured high availability Unix system. Such as a database cluster is not a good idea.

NM on April 23rd, 2009 at 11:09 am #

Oh I sure expect to see AVs being marketed to Linux, because there’s money to be made, not because they’re of any use. And I’m not surprised that Sophos is going to claim that Linux needs virus protection, since that’s what they’re selling.
Fact is, there is no actual virus on Linux in the wild, and you can’t get infected with this primitive thing unless you execute binaries of dubious origin. You don’t do that on Linux. You install RPMs or DEBs. No virus vector. That doesn’t mean there aren’t worms or rootkits or exploits; just that programs that replicate by infecting binaries — what is actually /meant/ by “virus” — aren’t an issue.

Post a comment
Name: 
Email: 
URL: 
Comments: