Security Basics: RE: Different AV Prouducts

["Anthony Mihaljevic" <Anthony.Mihaljevic () netsolutionsIT com au>]

I have always liked Sophos as its footprint on the clients/servers is
minimal. Their tech support is also first class.

Sophos has a management console where you can edit/create policies and
shoot it out to the clients. You are also able to install Sophos AV from
this console. It will detect other AV products, uninstall it and install
Sophos.

Tony M

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Andy Cuff (Talisker)
Sent: Thursday, 14 August 2008 2:07 AM
To: pthroumoulos () rochester rr com; security-basics () securityfocus com
Subject: RE: Different AV Prouducts

I would strongly suggest reconsidering your options and escalating your
issue with Symantec.  You may face the same support issues with another
AV
vendor, in addition to trying to integrate a new AV into your
enterprise.

I'm not advocating Symantec over Sophos or Kapersky, I'm just
considering
the impact of the change.  I

Regards

Andy Cuff
Computer Network Defence Ltd
www.SecurityWizardry.com
> I was wondering if anybody could provide me with any positive 
> information about switching from Symantec Corporate Edition 
> (10.1.4.4000) to any other AV products. I have looked at a 
> couple different solutions but am by no means a security guru 
> and would appreciate any feedback I could get that would help 
> persuade me to switch to a different solution. The two other 
> products that I am considering are Kaspersky or Sophos. 
> Reason I picked these two is that I have seen quite a few 
> emails bounced back and forth about the quality of both of 
> these products compared to Symantec. Obviously all AV 
> products are going to be better at certain things than others 
> such as detection and removal. All I am looking for is a 
> product that I can implement on about 180+ clients and about 
> 30 servers that will be easily managed and not have too large 
> of a foot print and I do not want to have to visit every 
> client to remove the old AV before deploying the new solution.
>
> One of the reasons I would like to switch from Symantec to 
> another product is that just recently I had to deal with 
> their tech support for an issue we were experiencing on our 
> clients. My experience with tech support has left me very 
> jaded as it took them almost three weeks to figure out the problem.
>
> The issue we were experiencing was when a user would log into 
> their desktop explorer.exe would not load and they would only 
> see their wallpaper (All dell machines) The solution to the 
> issue was to turn of "tamper protection"
>
> on all the clients, though this did solve the issue I am 
> still a little concerned about the fact that you need to turn 
> off any component of any AV product. I also feel like 
> Symantec does not do the best job at detection of other types 
> of malware besides viruses. Several times this year I had 
> several infected clients that I had to rebuild because 
> Symantec did not detect the issues till it was too late to do 
> anything. If anybody could point me in the right direction to 
> getting more info on a better AV solution than Symantec I 
> would greatly appreciate it.