As I wrote yesterday on the summary of changes to PCI DSS 1.2 coming October 1st to a city near you.
Requirement 5: Clarified that requirement for use of anti-virus software applies to all operating system types.
I was a little surprised because the prevailing wisdom that only Anti-virus protection applies to Microsoft windows platform really applied for PCI.
While still on the “marathon morning” webinar this morning: Graham Cluley (his blog is here) of Sophos had an excellent and informative presentation “Viruses and Spam in 2008 - A look a the current security landscape and future trends”
Two Items of note related to PCI DSS and Anti-virus:
See: [http://www.sophos.com/pressoffice/news/articles/2008/02/rstbtool.html](http://www.sophos.com/pressoffice/news/articles/2008/02/rstbtool.html “
I would say that the risk is low to OSX and Linux, but we are seeing attacks in 2008 on these platforms which does make the PCI DSS 1.2 Anti-Virus requirement clarification more reasonable. Expect to see AV for Linux, Mac and other platforms products being marketed towards the end of this year and 2009 and on.