Your Favorite Enterprise Level AV Product

[Default User]

Greetings All,

I'm looking for information on what people's favorite enterprise level AV
product is and why they like it. We are in the process of reevaluating our
current vendor (I won't name them at this point), and would like to get
some insight into what other people think about their own AV vendors. Ease
of installation, frequency of updates, remote management of desktop AV,
reporting options, zero-day efficiency, etc.. are a few of the
considerations we have as we look at vendors.

Thank you!

 

[Virus Guy]

I'm looking for information on what people's favorite enterprise
level AV product is and why they like it.

We use Symantec Corporate AV, either version 8 or 9 (offhand I don't
remember which one we have).

I like it because it never expires, and I have a keygen for it.

We are in the process of reevaluating our current vendor

Many large organizations are begining to question the relevance of
client-based AV software, given the poly-morphic nature of most
malware - a trend which is accelerating.

These days, AV software is basically going to tell you that you
_already_ have a virus or trojan that got onto your system at some
point in the past and it's only now that it's being detected by
(you-name-it) AV product.

You should give more consideration to utilities like AdAware, Spybot
SD and Spyware Blaster (that "harden" or "innoculate" your web
browser), a good (and periodically updated) hosts file, and software
that constantly monitors your registry for important key changes (like
MooSoft's "The Cleaner").

Web browsing by your employees will be how your organization is
infiltrated by malware 99% of the time, so a good web-browsing policy
(enforced by appropriate network-based blocking appliances) should be
your top priority.

Also, note that the Sun Java runtime engine (JRE) is a vastly
overlooked intrusion route, and proper updating of systems with the
most recent version (or simply not installing it in the first place)
is critical. Note also that the removal of older versions of the JRE
is also essential (but often overlooked).

 

[Default User]

Many large organizations are begining to question the relevance of
client-based AV software, given the poly-morphic nature of most
malware - a trend which is accelerating.

These days, AV software is basically going to tell you that you
_already_ have a virus or trojan that got onto your system at some
point in the past and it's only now that it's being detected by
(you-name-it) AV product.

I don't believe that's the case when a known virus/trojan/worm is
recognized prior to being allowed onto a system, or to be delivered through
an email system. Although I understand what it is you're suggesting here.

You should give more consideration to utilities like AdAware, Spybot
SD and Spyware Blaster (that "harden" or "innoculate" your web
browser), a good (and periodically updated) hosts file, and software
that constantly monitors your registry for important key changes (like
MooSoft's "The Cleaner").

All good points, and we do use a layered approach to security that includes
proactive response to unusual behavior, incident alerts through logging
analysis and correlation, and simply denying anything that is not
specifically allowed. Limiting the ability of users to escalate to
privileged access is also important - including administrators.

Web browsing by your employees will be how your organization is
infiltrated by malware 99% of the time, so a good web-browsing policy
(enforced by appropriate network-based blocking appliances) should be
your top priority.

Also, note that the Sun Java runtime engine (JRE) is a vastly
overlooked intrusion route, and proper updating of systems with the
most recent version (or simply not installing it in the first place)
is critical. Note also that the removal of older versions of the JRE
is also essential (but often overlooked).

All good and valid information. I appreciate your response.

Thank you.