Educause Security Discussion mailing list archives

Re: Centralized Antivirus Recommendation

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 3 May 2010 17:01:34 -0400

On Mon, 03 May 2010 16:00:35 EDT, "Sabourin, Justin" said:

We're currently researching options to move away from our current
antivirus solution in favor of something with better detection abilities
and a solid management console/reporting server.


Out of curiosity, do you have a sane metric for measuring "better detection
abilities"? Do you have any guidelines for false positives/negatives (remember
that it's almost impossible to get both numbers to be low at the same time,
and as one vendor demonstrated recently, *both* types of errors have major
security implications...)  How about trade-offs between "detect every variant
known to man" against "finish the scan before the user gets annoyed"?

(No, I don't have answers - just trying to promote asking better questions :)

Attachment: _bin
Description:

Current thread:

Centralized Antivirus Recommendation Sabourin, Justin (May 03)
- <Possible follow-ups>
- Re: Centralized Antivirus Recommendation Mike Hanson (May 03)
- Re: Centralized Antivirus Recommendation Mark Rogowski (May 03)
- Re: Centralized Antivirus Recommendation Eme Ejike (May 03)
- Re: Centralized Antivirus Recommendation Alex Keller (May 03)
- Re: Centralized Antivirus Recommendation Dexter Caldwell (May 03)
- Re: Centralized Antivirus Recommendation Valdis Kletnieks (May 03)
- Re: Centralized Antivirus Recommendation Lanham, Sean (May 03)
- Re: Centralized Antivirus Recommendation King, Ronald A. (May 03)
- Re: Centralized Antivirus Recommendation Jay Fowler (May 03)
- Re: Centralized Antivirus Recommendation Eric Case (May 03)
- Re: Centralized Antivirus Recommendation Schoenefeld, Keith (May 04)
- Re: Centralized Antivirus Recommendation Dexter Caldwell (May 04)