RE: [Fed-Talk] Someday is here UNCLASSIFIED (UNCLASSIFIED)
RE: [Fed-Talk] Someday is here UNCLASSIFIED (UNCLASSIFIED)
- Subject: RE: [Fed-Talk] Someday is here UNCLASSIFIED (UNCLASSIFIED)
- From: "Traynor, Paul I" <email@hidden>
- Date: Mon, 28 Apr 2008 21:58:34 -0500
- Thread-topic: [Fed-Talk] Someday is here UNCLASSIFIED (UNCLASSIFIED)
There is NOT a NISPOM or DIACAP requirement that an antivirus solution runs in "on-access" mode. For example, McAfee uvscan for Solaris satisfies the antivirus requirement, but does not check files as they are opened, ever. Rather, it offers the ability to scan the system "On-demand." On an ongoing basis, a non-on-access scanner uses 0% CPU, because it is not doing anything. It is just meeting the STIG requirement by virtue of its existence on the system.
Mcafee for Mac 7.7 is known to suck down CPU. Upgrade to 8.6 for much improvement. And turn off on-access scanning anyway.
________________________________
From: William G. Cerniuk [mailto:email@hidden]
Sent: Mon 4/28/2008 8:20 AM
To: Michael; Fed Talk
Subject: Re: [Fed-Talk] Someday is here UNCLASSIFIED (UNCLASSIFIED)
The McAfee problem is endemic to their development approach (bad)
under Mac OS X. Based on empirical observation I would guess it has
to do with them porting code not native to Mac OS X. This code does
not seem adequately threaded and is more monolithic (yadda yadda). The
McAfee enterprise product come with 4 pages of caveats for Mac OS X.
Norton's AV suffers from the almost identical problem.
I identified VirusBarrier X early on as a much better approach to AV
software on Mac OS X. It not only does not drag system performance
down and runs nicely on Mac OS X servers (they also have a pure server
version) it performs heuristics to try and catch virus/Trojan activity
before the malware is known. VirusBarrier X has been criticized for
not catching all the Windows viruses, which cannot hurt Mac OS, as
they pass through the system in the data files. But all things
considered, while I would like to be my brother's keeper, the utility
and performance on my Mac OS X system is much more important than
correcting another platform's intrinsic problems.
Very Respectfully,
Wm. Cerniuk
E2E Project Manager, Innovation Program
Chief Health Informatics Office
VHA Office of Information
703.594.7616
Time is Short, and the Water Rises
On Apr 28, 2008, at 9:10 AM, Michael wrote:
> Yes, all the seriously big servers and clusters have some type of
> exemption written into their security plan, because anti-virus
> software seriously hinders the performance of these million dollar
> plus machines. As far as I know all these machines are running Unix
> or Linux. Machines like Army Research Laboratory's JVN, 1024 dual
> Xeon boxes in a cluster, running something called The Linux Networx
> system.
>
> McAfee on my desktop dual cpu Mac takes 75% of my cpu resources.
> Half the time I can't remove USB devices because of the anti-virus
> software. It interferes with asr (terminal command to image a hard
> disk to another).
>
> On top of that all current anti-virus software is flawed starting at
> the basic concept of detecting only what was seen before. Detecting
> virus activity what Gatekeeper did for free, but the big companies
> took the easy approach, with more then ten years of time to produce
> a better product they have totally failed, they drop hundreds of
> thousands of known viruses from their databases every year. Vendors
> ship computers infected with known viruses because the anti-virus
> software they include no longer has that virus in the database.
>
> And another 1/2 million comprised web server over the last week,
> including UN and UK gov servers.
>
> Michael
>
> On Apr 28, 2008, at 12:38 AM, Traynor, Paul I wrote:
>
>> By "exemption." I assume Michael officially means EXCEPTION (which
>> requires "acceptance of risk," ***IN WRITING*** - signed/faxed/filed
>> from a govvie in authority representing the data owner).
>> Furthermore,
>> if you broaden the definition from anti-virus to anti-malware, then
>> it
>> gets even worse (Gold-Disk/DISA SRR expects and evaluates Anti-
>> Spyware
>> as well).
>
>> Michael wrote:
>>
>> On Apr 25, 2008, at 2:30 PM, Traynor, Paul I wrote:
>>
>>> Actually, both NISPOM and DIACAP do require anti-virus software for
>>> all systems, including Macs.
>>
>>
>> All Linux and Unix systems too? They have a lot of systems with some
>> type of exemption, the ones I know about just aren't desktop or
>> laptop
>> systems and they are both unclassified and classified systems. The
>> ones I'm thinking of are things like the high performance systems at
>> the Army Research Laboratory for example. SGI Altix's, Networx
>> systems, and others.
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden