enterprise AV testing
we are looking to replace our current AV solution. We have found a few we want to test but I need some suggestions for testing. Does anyone know if there is a site the will show the success/failure of a AV product to detect a virus.
I am temped to load a few VMs and try to find some virus out that just to see if the AVs we are looking at will catch them. Years ago when MS released antigen my co works ran the same test and the MS product didn't catch anything. So they went with Sep. I don't mind to run the test again but if there is a site that is already doing something like this I don't want to wast my time.
They are all pretty much useless. Just look for the cheapest and easiest installation.
The main thing is to check what resource overhead they present. To put it very bluntly, all you are buying is a tick on a checklist and something to cover your arse ;) (employment wise that is NOT IT security).
What they discover............. basically buggerall in today's infosec environment....... no point in testing............. unless you have a few thousand obfuscated and zero days........ then expect 25% - 40%.
I am sorryb to say that what you are asking is the thinking of 5 years' or more ago............... the threat horizon is quite different these days.
Just my view...........
I use the free version of AVG. Most Anti Virus today is nothing but a bundle type thing; Back 10 or 15 years ago, Norton was selling the same crap McAfee was, which was an Anti Virus product by itself.
That's almost impossible to sell today without the Spyware bundled in, because if you look at any given AV anything, most of them are "Security Suites" now, which is because I'm thinking those companies realize that no one is really getting a Virus anymore.
I can't even remember the last time I saw a true Virus that wasn't either Malware, Spyware, or a Fake Security Center of some type. I don't even remember. I used to collect Viruses, but really, it's not easy now. I've still got a few but these days when even Yahoo, Hotmail, and other free mail and ISP mail, are ALL scanning attachments by default, it's pretty damn hard to get infected.
They didn't really do that before, but now they ALL scan for an infection before they let you attach anything. The days of Email Viruses, where you had an Email with an attachment, and you had to open it up, run it, THEN you got infected, are gone. LONG gone.
Most stuff you see is going to have Anti Virus of course, but, really, you're paying for updates to the Database for Spyware and stuff. Oh and they now call ANY type of Security tool as a threat and you have to smack the **** out of it to make it stop.
So yea, on the ONE Windows Partition I have, which, is Windows 7 on a newer machine, I have AVG free and that's it. I'm not spending money on something that doesn't really do much.
This machine's Windows partition has basically AVG Free, and Spybot. The rest of my machines all run Unix of some type, so they don't really need that stuff.
My FreeBSD 9 boxes DO have some AV stuff, but only for Windows really. ClamAV is free too so It's alright. But Nihil basically told you the truth; You're wasting your time, and you'll be wasting more of it since that crap roots itself so far into the Registry you'd be able to file a sexual harassment case if it weren't for the fact that it asks you first if it's OK lol.
OK Let me clarify of few points here. Running a Winblows network without antivirus is not simple.
You will need:
Antivirus and Malware filtering for email (before it gets to your mail server) I use Spam Soap ( or whatever that service is called now).
Websense. I cannot go over all the protection this software provides, but it really keeps users from shooting themselves in the foot.
NO GATEWAY on your servers. This can be tricky if you want to RDP into a server via VPN and your Firewall and VPN are the same device. SSH works but - well that's another post.
If you are running a 2003 mixed mode domain – quit reading and upgrade your domain to 2008 (Keep the antivirus)
System Center Essentials – Patch management and package deployment all in one. This is really important. If you keep your standard desktop up to date (Jave, Flash, Adobe, Office) Then deploying updates is a lot easier.
Use the admin templates, and clean up AD!
Windows 7 – Windows defender – me likes a lot. Turn it on and have it update silently.
Once all this is complete – do not renew you AV license.
You should have at least one person dedicated to System Center and one to Websense.
This post assumes that all your security groups are correct, the everyone security group is disabled and no one knows the domain admin level passwords or the local admin password. Also your firewall has more than “TCP any any allow”
What is the final result of testing?