Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: AV For Windows

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    AV For Windows

    With the GeCad and now the Sybari purchases by Microsoft, it is widely speculated that they will make some sort of announcement at the RSA Security Conference during Bill Gates' keynote address regarding a desktop and / or enterprise level AV solution.

    Everyone seems to have their favorite AV program- Trend, McAfee, AVG, Sophos, Symantec, etc. I am curious, what features or components do you feel are necessary to make it a good AV product? Or, why do you prefer one product over another?

    Aside from aesthetics and support and such, getting down to the nitty gritty- what does the program need to do on a technical level in order to effectively protect against malware- specifically on a Windows platform?

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Everyone seems to have their favorite AV program- Trend, McAfee, AVG, Sophos, Symantec, etc. I am curious, what features or components do you feel are necessary to make it a good AV product? Or, why do you prefer one product over another?

    Aside from aesthetics and support and such, getting down to the nitty gritty- what does the program need to do on a technical level in order to effectively protect against malware- specifically on a Windows platform?
    One thing to keep in mind is the difference between a corporate/enterprise AV and a home user AV. I wouldn't use AVG on a corporate side although I wouldn't be adverse to using Sybari (because of it's multiple AV engine usage). For a personal side, I'd use AVG because of that four letter word.

    But if I was on a corporate side, I'd be more inclined to ensure that it had the following features:

    - small overhead/less interference with the application/server being provided (e.g., email, ftp, etc.)
    - low window of vulnerability due to time (some worms are geographically specific and some AVs miss it)
    - multiple engines (ye old multiple layers of security -- no AV is perfect and will miss something; by having something with multiple engines that risk is substantial, IMO, lowered)
    - not a single reliance on signatures (I don't think any AV at corporate level is strictly signature these days but the heuristic scanning shouldn't interfere or should be flexible enough for me to pick out specific attachments and such).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Aug 2002
    Posts
    115
    We have been using Mcafee for quite a few years now. Being as it is, we are a Metro Government organization so everything we do has to go out for 'bid'. Mcafee has always been good to us on the corporate side of the house. It is easy to manage and deploy through EPO agents. Just recently the AV contract went back out for bid. The folks upstairs keep this a secret from all of us in the IT department. We just found out that we are to begin removing Mcafee and to repackage Trend's AV for a SMS deployment. I know that Mcafee had decent heuristic scanning abilities and excellent console control. It integrated nicely with Exchange etc. Does anyone know how well Trend operates on the enterprise level? We still have a few months before the Mcafee license expires and I'd like to build a case to renew Mcafee. Where did this Trend Micro come from and has anyone had a sucessful 6000+ client rollout?

    Maybe I am just afraid of change when something seems to be working so well...but I would like everyones imput who has expierence with either client or both. Thanks.
    Civilization. The death of dreams.

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    For home users it has to update the virus definitions automatically. Most endusers can't be trusted to click the update button.
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  5. #5
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    For home users it has to update the virus definitions automatically. Most endusers can't be trusted to click the update button.
    Let me take that a step farther. Not only does it have to update automaticaly but but the time in between updates is an important factor. I know when I was looking around for a good AV to use that AVG updated exponentialy more often than McAffee or Norton. That may or may not ne the case today as I have not compared them in some time.

    Also automated scans and what it does with infections is also a major factor. One problem I have found with AVG is you have to actualy check the logs to find infection if it is found during an automated scan. For example I picked up a virus not to long ago and my system was scanned at 3:00am. I did not know about it untill I checked the logs at 11:00am. So AVG kinda droped the ball on that one. When I turned my screen on there should have been a window up saying that there was an infection found. Hell I should have found out while i was downloading the file. Or very shortly there after. And what average ordinary every day (l)user checks their AV logs on a regular basis?

    Now all this is coming froma home user that doesnt have much experience (read: any) with corporate level software.

  6. #6
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    Does anyone know how well Trend operates on the enterprise level? We still have a few months before the Mcafee license expires and I'd like to build a case to renew Mcafee. Where did this Trend Micro come from and has anyone had a sucessful 6000+ client rollout?
    Trend rocks. I have nothing against McAfee per se, and EPO is a great product, but Trend Micro's products and service rock. Are you rolling out Trend Micro Control Manager (TMCM) to centrally manage, or just OfficeScan Corporate Edition (OSCE)?

    If you buy the Trend Micro "Neat Suite" you get the whole spectrum of Trend Micro products including Interscan Messaging Security Suite (IMSS) and Interscan Web Security Suite (IWSS) and more. The Outbreak Prevention Services and the Damage Cleanup Services really help as well.

    Plus, everything is manageable centrally through the Trend Micro Control Manager. I think you will like what they have to offer. I am working with a few deployments, some of which are significantly larger than 6,000 clients.

    McAfee just lost the Hotmail account as well- which gave Trend 187,000,000 more clients. It seems like Trend has been snatching a lot of McAfee business lately.


  7. #7
    Senior Member
    Join Date
    Aug 2002
    Posts
    115
    Not sure how many of you subscribe to Security Focus - Security Basics mailing list but they do have a current thread discussing AV comparison. You can locate it in the archives here...

    http://www.securityfocus.com/archive/105

    BTW, High volume mailing list are only suggested for those who are masochists.
    Civilization. The death of dreams.

  8. #8
    Senior Member
    Join Date
    Jan 2005
    Posts
    217

    Trend Micro Rox!

    For Corporate Networks, I can tell you one example about the scenario where Trend Micro’s Corporate AV had been used in a network of approximately 500-1000 BOXES (mostly using MS Windows systems) and maybe now their BOXes get doubled or tripled (not to mention that they have 2 other BIG Manufacturing facilities in our country which are probably using the same TM AV for their Corporate Network). During the time that I worked in a Japanese manufacturing firm in the Philippines (producing electronic products),

    I’ve been assigned as Section Technical Support and directly collaborating with the I.S. (Information System) Group about the LAN/WAN security. It was then the year 2001 and I could say that TM is doing a good job back then. I discussed with the IS Head and she had told me that even with her previous company, they used TM in their corporate network.

    Now that I’m outside the Philippines, I could still say that they have one of the best tools in their Network. Their Corporate E-mail system is doing its job well. For instance, my yahoo e-mail is somewhat automatically sending (infected) e-mail to the contact list including some of my friends’ company email with the said company. The message is being blocked by their Microsoft Exchange Server and returned you a message (sort of report) about the incident and warns you that your e-mail had been sending some bad stuffs to their network. Well, this is just one of the scenario that TM is capable of doing what it is meant to do.

    By the way, you can check the full story behind Trend Micro HerE.


    Overview of Trend Micro’s Enterprise Tools

    TM has a steady-growing number of products for a specific BOX and NETWORK.
    \"Life without FREEDOM is no life at all\". - William Wallace
    MyhomE MyboX StealtH (loop n. see loop.)
    http://www.geocities.com/sebeneleben/SOTBMulti.gif

  9. #9
    Senior Member
    Join Date
    Jan 2005
    Posts
    217

    For Home Users

    For Home users, there are lots of things that we could consider in choosing tools for our BOX. I used some of the infamous tools (not only AV) for my MS BOX. I could add that it really helps me in keeping my BOX safe (almost).

    Just to add an important point in using such tools in my MS BOX, below is the summary of TooLs I am currently using together with my AV.

    A. Adware/Spyware Tools
    1. Ad-Aware SE Personal - Build 1.05 (Nicolas Stark Computing AB - Lavasoft)
    2. SpyBot - Search & Destroy 1.3 - Freeware, (Patrick Michael Kolla / Safer Networking Limited)
    3. Spy Sweeper - Program Version 3.5.0 (Build 194) Using Spyware Definitions 421 (Webroot)
    4. NoAdware v2.01
    5. XoftSpy v3.44 (ParetoLogic Inc.) – Note that it found lots of threat that the 4 guys above haven’t. Coz I run them in this sequence today.

    B. Firewall
    1. ZoneAlarm version 5.5.062.004 (Zone Labs)

    C. Antivirus and other miscelaneous Tools
    1. Norton Antivirus Version 10.0.1.13 (Norton SystemWorks 2004 Version: 7.00 Build: 81 )
    2. HijackThis v1.99.0
    3. Qwik-Fix Pro (by PivX Solutions)
    4. Other specific threat remover (McAfee’s Stinger, Symantec’s *fix tools, etc.)

    Note: I also used the ONLINE TOOLS of SYMANTEC and TREND MICRO almost on a weekly basis.

    ??? MS dumped MA? Good for TM.
    \"Life without FREEDOM is no life at all\". - William Wallace
    MyhomE MyboX StealtH (loop n. see loop.)
    http://www.geocities.com/sebeneleben/SOTBMulti.gif

  10. #10
    Junior Member
    Join Date
    Aug 2004
    Posts
    1
    I like the last post, it just highlights how bad the problem is getting. Were going to end up with more Anti-Virus/Spyware/Firewall packages on our machines than the other software on them.

    Thus in answering the orginal post, I would like to see (for both corporate and home use), all in one packages to deal with the problems. One install does all would be great.

    For coporate I've used a few on rollouts (never the trend one though, may have to try it out), and I really like Sophos, especially when used with Enterprise Manager. Can be a bit of a pain to install, but once up and running gives you a lot of confidence that any potential problems on the network will be dealt with.

    All the best
    James

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •