[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds

To: nick@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
From: Mike Hale <eyeronic.design@xxxxxxxxx>
Date: Sun, 25 Apr 2010 22:08:19 -0700

"Then, as I said, the PCI requirements are total nonsense..."
You say this based on absolutely zero understanding of what the
requirements are, by your own admission?

On Sun, Apr 25, 2010 at 8:40 PM, Nick FitzGerald
<nick@xxxxxxxxxxxxxxxxxxx> wrote:
> Tracy Reed to me:
>
>> > Anyone authoritatively stating that antivirus software is a necessary
>> > component of a "reasonably secure" system is a fool.
>>
>> No, they just think all the world is Windows.
>
> My comments were, and still are, OS agnostic.
>
> It matters not what the OS -- anyone authoritatively stating that
> antivirus software is a necessary component of a "reasonably secure"
> system is a fool.
>
> Ditto my second comment...
>
>> > So _if_, as you and another recent poster strongly imply, the PCI
>> > standards include a specific _requirement_ for antivirus software, then
>> > the standards themselves are total nonsense...
>>
>> PCI only requires antivirus for systems commonly affected by
>> viruses.  ...
>
> Then, as I said, the PCI requirements are total nonsense...
>
>> ...  This means Windows. PCI security council has said that UN*X
>> OSs etc. are not required to have antivirus.
>
> So what system and application integrity requirements do they require
> for those OSes (presumably "instead of antivirus")?
>
> Your response strengthens my belief that PCI is dangerous because it
> enshrines small-minded ignorance as "best practice" (or, at least, as
> "minimally acceptable practice") without recognizing the possibility
> that there may be better options that have not been so, ummm "over
> sold" as to become perceived as necessary.
>
>
>
> Regards,
>
> Nick FitzGerald
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Shaqe Wan
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Nick FitzGerald
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Tracy Reed
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Nick FitzGerald

Prev by Date: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
Next by Date: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
Previous by thread: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
Next by thread: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
Index(es):
- Date
- Thread