[unisog] Request Opinions on Anti-Virus Software
david.escalante at bc.edu
Mon Jun 6 14:38:13 GMT 2005
We've seen the same with McAfee, __but__ we have __not__ seen it when
we've submitted malware to McAfee's AVERT Labs -- in those cases the DAT
update includes "our" malware the same day, and we get an EXTRA.DAT to
push via ePO instantly as well.
If you look at the number of changes to the DATs, it is a significant
number daily. There aren't big articles in the news daily about the
tens or hundreds of new malware variants that appeared, but the numbers
are up that high. If no one finds and submits the new malware and the
undetected variants, it can't be fixed by McAfee or any other vendor.
/preach on/ I would strongly encourage folks who find computers with
malware that is not detected by current A/V to take the time to submit
binaries to their respective A/V vendor -- at this point we're finding
that if we don't help our A/V vendor, waiting for someone else to submit
binaries can take days, and we're actually perpetuating the problem.
__Don't__ assume "someone else will take care of it" -- be a good
netizen, take the extra time, and help the rest of us when you find new
malware by isolating and submitting it. /preach off/
Robert Maxwell UMD OITSecurity wrote:
>Here at UMCP we're seeing something similar, but that isn't surprising since we're buying mcafee on the same contract.
>From: "Andy Johnston" <andy at umbc.edu>
>Date: Fri, 3 Jun 2005 17:16:38
>To:unisog at lists.sans.org
>Subject: [unisog] Request Opinions on Anti-Virus Software
>UMBC has a site license McAfee Anti-Virus software and a server on our
>network that mirrors DAT updates. We've noticed that we are frequently
>seeing malware infecting campus systems well before (sometimes several
>days) the DAT update that handles the problem appears.
>Has anyone else had similar problems?
>How do other McAfee users feel about it?
More information about the unisog