AV Strategy
Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: AV Strategy

  1. #1

    AV Strategy

    Lets get a discussion going on general Antivirus practice.

    It seems many people have different perspectives on AV, heres a few:

    -No AV is necessary
    Some would say that no AV is necessary if you are configured and updated like you should be. I personally think this is valid in a sense but after the MS04-028 GDI+ vulnerability, it makes me wonder. What would happen if the vulnerabiltiy went unreported? There is no way to secure Internet Explorer from it, unless you don't load images. (btw would MS04-028 effect FireFox?)
    -Multiple AV's
    One might think that running multiple AV's would check the results of the other, but that can lead to errors while checking files and severe performance issues.
    -Single AV
    One strong AV solution to protect your box.

    My opinion is that a single AV is necessary on mail and file servers. On a workstation, could a multiple AV solution work out? Clamwin doesn't have realtime protection AFAIK, and would not interfere with software like Norton that uses realtime protection. Would there be any benefit to running a realtime AV like Norton, with a sidekick AV like Clamwin? I understand and believe running two realtime AV's like McAffee and Norton isn't smart for reasons stated, but I don't think Clamwin would interfere with performance of another AV?

    Anyhow, what are your Antivirus setups, or do you think they aren't necessary?

    //me goes to chipotle

    edit:
    My setup is one AV, Clamwin. It is lightweight and the defs are updated well. If you want, you can make your own defs, which rocks. I like Clamwin a lot, I might write a tut to support it.

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    I believe in a single A/V solution (one that is proven to work thoroughly and effectively) with updates and definition's that are able to be downloaded at any given time. As long as I stay on par with updates and definitions (my A/V solution must have those capabilities) then I'm comfortable and believe that I can't be infected (well, that and using common sense with certain things).

    This solution (the one I use) has never failed me and I can't even remember the last time I was infected with a virus.
    Space For Rent.. =]

  3. #3
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    I do get infected every so often. Usually because my wife goes to alot of puzzle and game sites that usually offer something for 'free' that she just has to sign up for.

    But I am using the Avast free AV and it is working great. It catches most of the infections before they get on the box and every thing else with in an hour or so. I run Trend's Housecall about once a week and it has never found any yet that the avast has missed. I am very content with the way I have my boxes set at present, but then again I am always looking for something better ( and free also).
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  4. #4
    Member
    Join Date
    Sep 2004
    Posts
    31
    No one single AV will be able to catch all viruses (especially 0 day nasties!) but I think that as long as people are security minded they will update their signatures regularly or allow the program to update itself. Companies are always on the look out for something new that hasn't been discovered yet and they are doing their best to patch their software in a timely manner. Good surfing habits and keeping in the forefront the ideas that AV software is only as good as the latest and most up to date files should protect the majority of us from getting to infected.
    There wasn\'t any paper used here, but millions of electrons were terribly inconvenienced

  5. #5
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    My personal opinion is that a single AV suite is suffice:
    My background is that I'm not too educated IT wise, and so, I bought the Symantec NetSec 2004 suite. [ A name I had heard of, and a complete package ]
    that is, it covers everything, and each part is compatable with the rest [allegedly]

    No one single AV will be able to catch all viruses (especially 0 day nasties!)
    No one will catch zero day exploits.
    Because they are zero day............
    But the AV providers will get something ready ASAP. [allegedly]
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    I don't believe one will catch all zero day exploits, however combine it with knowledge/wisdom of the subject, common sense, and always updated updates/definitions and you got a pretty good strategy. One that has never failed me..
    Space For Rent.. =]

  7. #7
    Senior Member
    Join Date
    Feb 2004
    Location
    Near Manchester (England)
    Posts
    145

    Arrow I Use Norton Anti-Virus ...

    as part of Norton Internet Security 2003. It hasn't let me down, as far as I'm aware! I update it every time I go online, it's the first thing I do!

    I'm with SecGod in that whatever Anti-Virus software you use, it's only as good as it's last update.

    As for Zero day exploits, there's no guarantee but heuristic analysis may catch one or two? Norton has heuristic analysis, so to me that is a good thing.

    As for Norton being intrusive of your system? Well yes it is, but that is due to the in depth level that it works at! Yeah, I could utilise an Anti-Virus package that is less intrusive, however, this requres the user to be competent and security minded. Other people use my home PC, so I have to consider my needs to protect my home PC from them! lol

    You pays yer money (or don't (in the case of free personal editions)) and takes yer pick!
    Tomorrow is another day for yesterdays work!

  8. #8
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Simple Simon: I'm just wondering, but in what ways are Norton intrusive on your system?
    Space For Rent.. =]

  9. #9
    Senior Member
    Join Date
    Feb 2004
    Location
    Near Manchester (England)
    Posts
    145

    Question FAO Spyder32 ...

    Perhaps intrusive is not the right word, more intense? It runs a number of processes which can be resource intensive! An example being it scans incoming and outgoing emails by default! This causes a slight delay for me and the other users when reading or sending emails, however, to me this is a small price to pay for the protection it affords.
    Tomorrow is another day for yesterdays work!

  10. #10
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Hrmm, I must not have that package or whatever (mine doesn't scan my e-mail's, whether outgoing or incoming). I'm interested in the processes that run with Norton, I know of a few but can you share some of them with me (particularly the one's that take up the most resources) and which one of them are not needed to be run. If they are taking up resources, I'll close them/turn them off because obviously I need to conserve resources on the system.
    Space For Rent.. =]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •