[unisog] AV for MACS

Nguyen, Minh Nguyen at lsdo.ucdavis.edu
Mon Dec 6 16:49:06 GMT 2004

A little off topic - but thought I would share my experience with the
group.  This comment only pertains to Windows.

I had been using Norton Antivirus Corporate Edition for about the past 6
years.   However, within the past year, I have notice trends in which
NAV was one of the last vendors to release "emergency" virus
definitions.  In addition, there were a few cases where NAV claimed a
machine was clean - but scanning the machine with other antivirus
products (Panda and McAfee Viruscan) indicated that the machine was
infected.   Some of the virus were several months old!!!  Fortunately
for us - we rely heavily on email attachments to prevent the receiving
or spreading of virus.

I did some research into several virus vendors - including McAfee,
Panda, Sophos, Kaspersky.   In my opinion, Kaspersky seemed to update
their virus definition the most frequently.  Then Panda and then Sophos.
McAfee did a reasonably good job - updating only once a week, but they
often release a definition out much more frequently.   NAV just did a
really poor job.   

As far as user interface (for the home users), the order of usability
was something like:  NAV (really easy and intuitive), McAfee (Ok - but
some quirkiness), then Panda.  I thought Sophos and Kaspersky was rather
poor.  Of course - this is all subjective.   For the central management
interface, my preference was Symantec (very easy), Panda, McAfee,
Kaspersky, then Sophos.   

Pricing wise - the best pricing I got was McAfee.  Symantec used to be
on par with McAfee until they changed their Exchange AV line (see

Next, I evaluated the Exchange component.   The only two that I though
was great was Symantec and McAfee.   Panda didn't offer the attachment
filtering granularity that Symantec and McAfee did.  I didn't like
Sophos or Kaspersky's interface at all.  A note on the Exchange AV from
Symantec vs McAfee.  In the past, our Symantec product included the
latest Exchange AV product.  Symantec decided to rename their product
from NAV for Exchange to Symantec Mail Security for Exchange and told me
it was no longer covered under our agreement.  The purchase of Symantec
Mail Security would have doubled our AV cost!  

In the end, we decided to go with McAfee.  The pricing of McAfee was
comparable to all the other AV vendor - except that it included the
Exchange AV.   If you added Exchange AV into the other product, the
competitors prices would have roughly doubled.   If pricing was no
object, I would have gone with Panda for the desktop AV and McAfee for
the Exchange Server.

Anyways, just thought I'd share my experience with the group.


PS - this list is great.  

Minh Nguyen
Assistant Dean of Technology
College of Letters & Science Deans' Office
mailto:mtnguyen at ucdavis.edu (530)752-7647

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Willie O' Connor
Sent: Monday, December 06, 2004 1:16 AM
To: 'UNIversity Security Operations Group'
Subject: RE: [unisog] AV for MACS

Hi All,
Ok I'm seem to have stirred a wee hornets nest :) 

Our College security policies state that our machines must have an
"approved" Antivirus system on network attached machines. The "approved"
list for Macintosh machines are Mcafee Virex, Norton AV and Clam AV... 

I have heard bad things about Norton and kernel extensions and kernel
panics but on the other hand some people swear by it. We do use Symantec
Corporate edition on the Windows side and I have to admit we have been
very lucky because of it. Our licenses also cover a number of Norton AV
for Macs V9.0.3 licenses. We also have Virex and Clam AV, and on top of
all that our gateways run either Trend AV or Vexira. As you can see a
wide and varied amount of software is available to me. I was more
interested in experiences in the use of this software on a Mac, my
current preference is towards Clam AV, mainly because I use it on my
linux machines and it was recommended to me by an experienced Mac user.

Thanks for all the replies to date.

A Chara
"I don't care to belong to a club that accepts people like me as
Groucho Marx
| Willie O' Connor         | Email: Willie.OConnor at cs.tcd.ie
| Systems Administrator    | Phone: 353-1-6083675
| Computer Science Dept    | FAX:   353-1-6772204
| Trinity College Dublin   | 
| Oriel House		   | WWW:   http://www.cs.tcd.ie/Willie.OConnor
| Fenian Street, Dublin 2  |

More information about the unisog mailing list