Re: Centralized Antivirus Recommendation

["King, Ronald A." <raking () NSU EDU>]

I compared McAfee, Symantec and Sophos a few years back.  We chose Sophos based on its ease of management compared to 
the other two.  As for performance, Sophos appeared to perform better.  The only thing we really see is when the system 
first starts up and Sophos immediately updates itself, but, this usually isn't too intense.  I am in the process of 
moving to Enterprise Console 4 from 3.5 and then to Endpoint Security 9 from 7.  Base on the documentation, it looks 
really easy.

Management is much easier and faster with Sophos.  I think that is what impressed me the most.  While others are going 
with a web based management using Java, they suffer from a serious performance degradation.  McAfee had things missing 
dependent on the browser you used. When we had Conficker hit us, we were able to quickly respond.  If we used one of 
the others, I don't think it would have gone as well (as well as a virus outbreak could).  We have one of our OUs for 
labs tied directly to a management group and a group policy based install for anything new that is tied to Active 
Directory.

Support has always been great.  We had 8 or 10 hours of help, maybe more, deploying.  They helped design our standalone 
client for off-site installs, assisted in active directory integration, and gave tips for working with the MS SQL DB 
backend.  For general support, they are very fast at getting back to you if you call and leave a message.  Most of our 
stuff goes through email and is usually taken care of in a day.  For the Conficker issue I referred to earlier, they 
spent a good amount of time helping to include educating me on how the bugger worked.

The only thing we have had to deal with is an add-on for IE.  Though I haven't had any issues, there have been others 
that disable the web add-on to resolve their issue.  EC 4 and Endpoint 9 have the ability to turn this off.  I'm hoping 
there is functionality to allow and disallow options for it.

One thing we are really excited about in the new release is the software control and PII scanning.

I've had limited experience with the other three, which includes none from a centralized management standpoint.  But, 
for what it's worth, ESET tended to block legit apps by default.  AVG has so many components, including the web scanner 
that it has slowed down systems.  I no longer recommend the freebie.  Kapersky, I have no experience with.

Anyway, these are my 2 cents based on what we have dealt with for 2 years.  We are renewing for at least another one 
and have no plans to change.  Sometimes it's good to be kept out of the papers.

Feel free to contact me for any further information of list.

Ronald King
Security Engineer
Norfolk State University
Marie V. McDemmond Center for Applied Research
Suite 401
700 Park Ave.
Norfolk, Virginia  23504
Phone:  757-823-3918
Fax: 757-823-2128
Email: raking () nsu edu<mailto:raking () nsu edu>
http://security.nsu.edu

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Sabourin, Justin
Sent: Monday, May 03, 2010 4:01 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Centralized Antivirus Recommendation

We're currently researching options to move away from our current antivirus solution in favor of something with better 
detection abilities and a solid management console/reporting server.  We're also a technology centric institution so 
the performance impacts of antivirus clients are frequently noted by our students so low overhead is also desirable.

Currently we're considering the following based on other feedback.  Your thoughts on installation, deployment, and 
management are much appreciated!



*         Sophos

*         AVG

*         ESET

*         Kapersky

Justin Sabourin * Manager of Network Operations * Division of Technology Services * Wentworth Institute of Technology * 
550 Huntington Ave, Boston MA 02115

CONFIDENTIALITY: This e-mail (including any attachments) may contain confidential, proprietary and privileged 
information, and unauthorized disclosure or use is prohibited. If you received this e-mail in error, please notify the 
sender and delete this e-mail from your system.