Educause Security Discussion mailing list archives
Re: Centralized Antivirus Recommendation
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 3 May 2010 17:01:34 -0400
On Mon, 03 May 2010 16:00:35 EDT, "Sabourin, Justin" said:
We're currently researching options to move away from our current antivirus solution in favor of something with better detection abilities and a solid management console/reporting server.
Out of curiosity, do you have a sane metric for measuring "better detection abilities"? Do you have any guidelines for false positives/negatives (remember that it's almost impossible to get both numbers to be low at the same time, and as one vendor demonstrated recently, *both* types of errors have major security implications...) How about trade-offs between "detect every variant known to man" against "finish the scan before the user gets annoyed"? (No, I don't have answers - just trying to promote asking better questions :)
Attachment:
_bin
Description:
Current thread:
- Centralized Antivirus Recommendation Sabourin, Justin (May 03)
- <Possible follow-ups>
- Re: Centralized Antivirus Recommendation Mike Hanson (May 03)
- Re: Centralized Antivirus Recommendation Mark Rogowski (May 03)
- Re: Centralized Antivirus Recommendation Eme Ejike (May 03)
- Re: Centralized Antivirus Recommendation Alex Keller (May 03)
- Re: Centralized Antivirus Recommendation Dexter Caldwell (May 03)
- Re: Centralized Antivirus Recommendation Valdis Kletnieks (May 03)
- Re: Centralized Antivirus Recommendation Lanham, Sean (May 03)
- Re: Centralized Antivirus Recommendation King, Ronald A. (May 03)
- Re: Centralized Antivirus Recommendation Jay Fowler (May 03)
- Re: Centralized Antivirus Recommendation Eric Case (May 03)
- Re: Centralized Antivirus Recommendation Schoenefeld, Keith (May 04)
- Re: Centralized Antivirus Recommendation Dexter Caldwell (May 04)