Hacker News new | past | comments | ask | show | jobs | submit login

Same, I’ve been in an org that got PCI-DSS level 1 without antivirus beyond Windows Defender or any invasive systems to restrict application installation.

It did involve a lot of documentation of inter-machine security controls, network access restriction and a penetration test by an offensive security company starting with a machine inside the network, but it can be done! Also in my opinion it gives you a more genuinely secure environment.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: