RE: Antivirus

["Jason Bethune" <jbethune () town kentville ns ca>]

Thanks Axel ( love guns and roses by the way; im sure you haven't heard that
one before). I have been searching around the net for some user reviews on
those that you have mentioned. I am about a week into this research. It is
starting to come to a head in the past couple days as RTVSCAN.exe is causing
more and more computer slow downs. Not good when a batch is trying to be
posted in out financial system. In the end I need a reliable product that
has central management with lockout features to the user. Malware detection
is tied for #1 for the product I end up choosing. My users have at least
stopped opening any attachments they get that they don't know who they are
form and so on. As we all know the end user is the z factor in the whole
situation of choosing a good security product. 

Jason Bethune

IT Specialist
Town of Kentville
354 Main Street
Kentville, NS 
B4N 1K6

www.town.kentville.ns.ca


-----Original Message-----
From: Axel Pettinger [mailto:api () worldonline de] 
Sent: Wednesday, August 10, 2005 3:45 PM
To: Jason Bethune
Subject: Re: [Full-disclosure] Antivirus

Hi Jason,

With such a small user network you should definitely have a look at the
products of other anti virus vendors - not just Symantec's. In our
company we used NAV CE (later SAV CE) several years till 2004, but I was
never happy with it. It's bloated and its malware detection capabilities
are not very good.

Just as an example, do you know runtime compressors (like UPX)? Malware
is very often packed with such compressors to make the file smaller and
the file contents less readable. Many runtime compressors exist, but
only a few av companies make sure that the format of these runtime
compressors is known to their av scan engine so that the scanner is able
to detect malicious code inside of these packed executables. The results
are funny identifications of one and the same malware (compressed,
unpacked, repackaged with another runtime compressor). Symantec's av
scanner doesn't know the format of many runtime compressors and as a
result it usually fails to detect known packed malware when it is
unpacked or repackaged with another compressor.

My favorite av scanners are those from Kaspersky (www.kaspersky.com) and
McAfee because in my experience both have simply the best malware
detection capabilities. Kaspersky's av scanner is also very easy to
update, has small definitions, - if you want - hourly updates and knows
the most runtime compressor and archive formats of all av scanners. You
should definitely have a closer look at McAfee's and Kaspersky's av
products. As I said before they are very good in malware detection, but
in regard to performance, stability and general handling of these
products it's up to you to find out whether they're suited for your
environment.

Regards,
Axel Pettinger


> Jason Bethune wrote:
>
> I know this is not really the place to ask this question but I need
> some professional advice and well you guys know a lot. I need to get
> rid of our current Antivirus solution in the small 20+ user network we
> have running on SBS 2003. Currently running NAV 7.6 Corporate Edition.
> Any opinions on the new version of Norton 10.0? Should I look at Trend
> Micro? Both seem to priced about the same for Canadian customers. I
> hope this is not too way off topic but I don't post here very often.
> If you can give me some advice that would be greatly appreciated.
>
> Jason
>
>     ---------------------------------------------------------------
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/