Full Disclosure: Re: looking for enterprise AV solution

["Elazar Broad" <elazar () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+1 for Vipre, its cheap(about $10 or less per seat, per year),
generally resource conscious and pretty granular centralized policy

management and last but not least, its detection and fp to fn ratio
is pretty solid. Aside from a recent issues with its Outlook
plugin(which have been fixed) and some engine update deployment
issues on a handful of machines(there is a workaround), my overall
experience has been quite good.

On Wed, 27 Oct 2010 06:36:24 -0400 James Rankin
<kz20fl () googlemail com> wrote:
> Ditto on the belt and braces approach.
>
> I've had a lot of good experiences with Sunbelt's Vipre product.
> It is
> extremely easy to deploy and manage in the enterprise.
>
> On 27 October 2010 11:32, Jamie Riden <jamie.riden () gmail com>
> wrote:
>
> > On 26 October 2010 19:26, bk <chort0 () gmail com> wrote:
> > > (resending from correct account)
> > > On Oct 26, 2010, at 6:55 AM, Mikhail A. Utin wrote:
> > >
> > > > Folks,
> > > > We are looking an enterprise level AV-software <snip>. Any
> advising?
> > > Signature-based AV is a dead technology.  Updates don't get
> released
> > until hours after you're already infected, so all it really ends
> up doing is
> > being a resource-suck on your CPUs and hard-disk access.
> > > My recommendation:  Buy whatever has the highest composite
> score for ease
> > of management, limited resource consumption, and affordability.
> > > Anyone who says "get Vendor X" or "get Brand Y" without
> telling you what
> > selection criteria they used is a tool.  How do you know if what
> is
> > important to you was also important to them in making the
> selection?
> > If you've got a decent perimeter, it should keep the threats out
> for
> > some time, but I tend to agree. AV these days is starting to be
> more
> > about detection than prevention - it will at least highlight
> that you
> > have a problem so you can deal with it. Think of it as part of
> your
> > intrusion detection if it helps.
> >
> > Oh, and somewhere I used to work ran two separate AV products on
> the
> > mail gateway, and then a third on desktops on servers. I suspect
> this
> > was more about licensing models (couldn't do per-seat for email
> as we
> > had >100k email addresses) than paranoia, but it did help out
> > considerably to have independent engines.
> >
> > cheers,
> >  Jamie
> > --
> > Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
> > http://uk.linkedin.com/in/jamieriden
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you
> put into
> the machine wrong figures, will the right answers come out?' I am
> not able
> rightly to apprehend the kind of confusion of ideas that could
> provoke such
> a question."
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQECAAYFAkzIXNQACgkQi04xwClgpZh7/AP9FmLXwe93hL0OnOMMhiJ8K5oU7Ato
VjUiFNaj/Ycs4COh8LUrKJ0rTCseX5ye0AThaXJpiXgLs0kxxkrFbQQBF0zhCsTyWivL
E+vGcId/B8D2C46NfEvPgNsLtd96sRYY6e0qoV42+vEX08aiV/3rlRM9xKnXsk9i91Kt
JURFGks=
=/He8
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/