[unisog] Request Opinions on Anti-Virus Software

David Escalante david.escalante at bc.edu
Mon Jun 6 14:38:13 GMT 2005


We've seen the same with McAfee, __but__ we have __not__ seen it when 
we've submitted malware to McAfee's AVERT Labs -- in those cases the DAT 
update includes "our" malware the same day, and we get an EXTRA.DAT to 
push via ePO instantly as well.

If you look at the number of changes to the DATs, it is a significant 
number daily.  There aren't big articles in the news daily about the 
tens or hundreds of new malware variants that appeared, but the numbers 
are up that high.  If no one finds and submits the new malware and the 
undetected variants, it can't be fixed by McAfee or any other vendor.

/preach on/  I would strongly encourage folks who find computers with 
malware that is not detected by current A/V to take the time to submit 
binaries to their respective A/V vendor -- at this point we're finding 
that if we don't help our A/V vendor, waiting for someone else to submit 
binaries can take days, and we're actually perpetuating the problem.  
__Don't__ assume "someone else will take care of it" -- be a good 
netizen, take the extra time, and help the rest of us when you find new 
malware by isolating and submitting it. /preach off/
--
David Escalante
Boston College

Robert Maxwell UMD OITSecurity wrote:

>Here at UMCP we're seeing something similar, but that isn't surprising since we're buying mcafee on the same contract. 
>
>Rob Maxwell
>-----Original Message-----
>From: "Andy Johnston" <andy at umbc.edu>
>Date: Fri, 3 Jun 2005 17:16:38 
>To:unisog at lists.sans.org
>Subject: [unisog] Request Opinions on Anti-Virus Software
>
>
>Hi, folks.
>
>UMBC has a site license McAfee Anti-Virus software and a server on our
>network that mirrors DAT updates.  We've noticed that we are frequently
>seeing malware infecting campus systems well before (sometimes several
>days) the DAT update that handles the problem appears.
>
>Has anyone else had similar problems?
>
>How do other McAfee users feel about it?
>



More information about the unisog mailing list