[Dshield] Email Security Poll Results

Jon R. Kibler Jon.Kibler at aset.com
Sun Mar 7 20:02:10 GMT 2004

Hello all,

We had 39 responses to the poll. The results follow the signature paragraph.

A few words of explanation about the results.
  1) For the Yes-No questions, most answers were either YES or NO. However,
     a few of the results were something like "yes, but not encrypted zips."
     For the "yes-but" answers, I counted them as a "half of a yes."

  2) For the AV engines, the percentages add up to >100% because many users
     said they ran multiple AV engines.

  3) For frequency of AV signature updates, several responded something like
     "update daily or as new updates become available." For answers that said
     they updated on a regular frequency plus more often when necessary, the
     frequency was counted as appropriate, plus it was also counted in the
     "other, plus as announced" category.

A few observations and comments:
  1) Subscribers to the DShield and NANOG mailing lists contributed answers.
     This means the answers are biased (originating from the "security aware"
     group of users) and probably do not reflect the general state of email

  2) It was refreshing to find that everyone claimed to be updating their AV
     signatures on a regular basis. It would be interesting to know how many
     average users and small businesses update on such a regular basis.

  3) Personally, I found it very surprising how many organizations depended
     solely upon their end users to perform AV screening, that none was 
     being performed organization-wide. I was also surprised at how many
     organizations permit executable content to be sent by email.

I hope that everyone finds these results interesting and they are put to good use!

Jon Kibler
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214

Please respond YES (Y), NO (N), or Not Applicable (N/A):
Does your organization perform any screening of email attachments?	72% YES

Does your organization perform A-V checks on all email attachments?	85% YES

Does your organization perform any checks on email attachment file type?	62% YES

Does your organization allow users to receive executable content attachments?	49% YES

Does your organization allow users to receive zip file or similar compressed attachments?	90% YES

Does your organization allow users to receive MS Office and similar type files that may contain macro viruses?	95% YES

Does your organization allow users to receive embedded or attached HTML email?	99% YES

Does your organization allow users to receive active content attachments, such as HTML with <SCRIPT> tags?	80% YES

Please respond as appropriate:
What AV engine do you use to screen email attachments (Symantec, NAI, FProtect, Trend, ClamAV, etc)?
Symantec	53%
McAfee		16%
ClamAV		16%
Trend		16%
Kaspersky	 8%
AVG		 8%
Sophos		 5%
Other		 5%
Fsecure		 3%

How often does your organization update its AV signatures?
every 2 hrs or more often	16%
every 4 hrs			 8%
every 8 hrs			 8%
every 12 hrs			 5%
daily				58%
only as announced		 5%
other, plus as announced 	16%

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the list mailing list