PCI DSS 1.2 - Anti-virus for *all* platforms

virus

As I wrote yesterday on the summary of changes to PCI DSS 1.2 coming October 1st to a city near you.

Requirement 5: Clarified that requirement for use of anti-virus software applies to all operating system types.

I was a little surprised because the prevailing wisdom that only Anti-virus protection applies to Microsoft windows platform really applied for PCI.

While still on the “marathon morning” webinar this morning: Graham Cluley (his blog is here) of Sophos had an excellent and informative presentation “Viruses and Spam in 2008 - A look a the current security landscape and future trends”

Two Items of note related to PCI DSS and Anti-virus:

appleVirus

See: http://www.sophos.com/pressoffice/news/articles/2008/06/machovdyA.html

linuxVirus

See: [http://www.sophos.com/pressoffice/news/articles/2008/02/rstbtool.html](http://www.sophos.com/pressoffice/news/articles/2008/02/rstbtool.html
http://www.sophos.com/pressoffice/news/articles/2008/02/rstbtool.html

“)

I would say that the risk is low to OSX and Linux, but we are seeing attacks in 2008 on these platforms which does make the PCI DSS 1.2 Anti-Virus requirement clarification more reasonable. Expect to see AV for Linux, Mac and other platforms products being marketed towards the end of this year and 2009 and on.

Comments

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×