[unisog] Request Opinions on Anti-Virus Software

Hall, Rand rand at merrimack.edu
Tue Jun 7 14:31:29 GMT 2005

Hmmm, I'm surprised by two things:

1) All of this talk about email-borne viruses. I thought most
companies/schools had a pretty good handle on this.

2) I don't recall seeing anyone mention non-email virus propagation. The
ONLY way any of our kids got infected this year was via AIM links or by
having blank admin passwords.

None of the virus vendors are to blame for being "slow" to provide
updates. There are hundreds/thousands of boutique variants written each
day. People need to submit them before reactive DATs can be created.

Mitigation can be helped along by using multiple A/V products in your
data path, using enterprise solutions like McAfee's EPO to facilitate
ultrafast DAT distribution, user education, and using you're A/V's
proactive features like McAfee's buffer overflow protection and outbound
access protection.

Rand P. Hall, Director, Network Services
SunGard Collegis, Inc.
Merrimack College, North Andover, MA, USA
Rand.Hall at merrimack.edu 

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Andy Johnston
Sent: Friday, June 03, 2005 5:17 PM
To: unisog at lists.sans.org
Subject: [unisog] Request Opinions on Anti-Virus Software

Hi, folks.

UMBC has a site license McAfee Anti-Virus software and a server on our
network that mirrors DAT updates.  We've noticed that we are frequently
seeing malware infecting campus systems well before (sometimes several
days) the DAT update that handles the problem appears.

Has anyone else had similar problems?

How do other McAfee users feel about it?

Symantec users: How do you feel about Symantec?

We're trying to decide which way to go for AV software.

Opinions, gripes and grumbles welcome and encouraged.  Please respond to
the list in case anyone else is facing the same issues.


- Andy Johnston

** Andy Johnston (andy at umbc.edu)         *
** IT Security                           *PGP key:(afj2005)
** Office of Information Technology, UMBC* 88 CA 0D 45 C2 0E 0B 0F 3F 55
** 410-455-2583 (v)/410-455-1065 (f)     * 7A BD FE 3C 84 6F 1B B5 1D FA

unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list