enterprise AV testing
Results 1 to 5 of 5

Thread: enterprise AV testing

  1. #1
    Junior Member
    Join Date
    Oct 2009
    Posts
    6

    enterprise AV testing

    we are looking to replace our current AV solution. We have found a few we want to test but I need some suggestions for testing. Does anyone know if there is a site the will show the success/failure of a AV product to detect a virus.

    I am temped to load a few VMs and try to find some virus out that just to see if the AVs we are looking at will catch them. Years ago when MS released antigen my co works ran the same test and the MS product didn't catch anything. So they went with Sep. I don't mind to run the test again but if there is a site that is already doing something like this I don't want to wast my time.

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi,

    They are all pretty much useless. Just look for the cheapest and easiest installation.

    The main thing is to check what resource overhead they present. To put it very bluntly, all you are buying is a tick on a checklist and something to cover your arse (employment wise that is NOT IT security).

    What they discover............. basically buggerall in today's infosec environment....... no point in testing............. unless you have a few thousand obfuscated and zero days........ then expect 25% - 40%.

    I am sorryb to say that what you are asking is the thinking of 5 years' or more ago............... the threat horizon is quite different these days.

    Just my view...........
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I use the free version of AVG. Most Anti Virus today is nothing but a bundle type thing; Back 10 or 15 years ago, Norton was selling the same crap McAfee was, which was an Anti Virus product by itself.

    That's almost impossible to sell today without the Spyware bundled in, because if you look at any given AV anything, most of them are "Security Suites" now, which is because I'm thinking those companies realize that no one is really getting a Virus anymore.

    I can't even remember the last time I saw a true Virus that wasn't either Malware, Spyware, or a Fake Security Center of some type. I don't even remember. I used to collect Viruses, but really, it's not easy now. I've still got a few but these days when even Yahoo, Hotmail, and other free mail and ISP mail, are ALL scanning attachments by default, it's pretty damn hard to get infected.

    They didn't really do that before, but now they ALL scan for an infection before they let you attach anything. The days of Email Viruses, where you had an Email with an attachment, and you had to open it up, run it, THEN you got infected, are gone. LONG gone.

    Most stuff you see is going to have Anti Virus of course, but, really, you're paying for updates to the Database for Spyware and stuff. Oh and they now call ANY type of Security tool as a threat and you have to smack the **** out of it to make it stop.

    So yea, on the ONE Windows Partition I have, which, is Windows 7 on a newer machine, I have AVG free and that's it. I'm not spending money on something that doesn't really do much.

    This machine's Windows partition has basically AVG Free, and Spybot. The rest of my machines all run Unix of some type, so they don't really need that stuff.

    My FreeBSD 9 boxes DO have some AV stuff, but only for Windows really. ClamAV is free too so It's alright. But Nihil basically told you the truth; You're wasting your time, and you'll be wasting more of it since that crap roots itself so far into the Registry you'd be able to file a sexual harassment case if it weren't for the fact that it asks you first if it's OK lol.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  4. #4
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    OK Let me clarify of few points here. Running a Winblows network without antivirus is not simple.



    You will need:

    Antivirus and Malware filtering for email (before it gets to your mail server) I use Spam Soap ( or whatever that service is called now).

    Websense. I cannot go over all the protection this software provides, but it really keeps users from shooting themselves in the foot.

    NO GATEWAY on your servers. This can be tricky if you want to RDP into a server via VPN and your Firewall and VPN are the same device. SSH works but - well that's another post.

    If you are running a 2003 mixed mode domain – quit reading and upgrade your domain to 2008 (Keep the antivirus)

    System Center Essentials – Patch management and package deployment all in one. This is really important. If you keep your standard desktop up to date (Jave, Flash, Adobe, Office) Then deploying updates is a lot easier.

    Use the admin templates, and clean up AD!

    Windows 7 – Windows defender – me likes a lot. Turn it on and have it update silently.

    Once all this is complete – do not renew you AV license.

    You should have at least one person dedicated to System Center and one to Websense.

    This post assumes that all your security groups are correct, the everyone security group is disabled and no one knows the domain admin level passwords or the local admin password. Also your firewall has more than “TCP any any allow”
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  5. #5
    Junior Member
    Join Date
    May 2014
    Posts
    7
    What is the final result of testing?

Similar Threads

  1. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 08:37 PM
  2. SUSE Linux Enterprise Desktop 10 beta review
    By J_K9 in forum Operating Systems
    Replies: 16
    Last Post: June 20th, 2006, 11:51 PM
  3. New Book Coming Out on Penetration Testing: Thoughts?
    By genXer in forum Product / Book / Training / Conference Reviews
    Replies: 1
    Last Post: December 9th, 2005, 05:51 PM
  4. Vulnerability Testing (from inside the network)
    By Aspman in forum Newbie Security Questions
    Replies: 9
    Last Post: December 21st, 2004, 12:15 PM
  5. IM security risk
    By Spyrus in forum Miscellaneous Security Discussions
    Replies: 11
    Last Post: February 14th, 2003, 12:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides