Re: Microsoft antivirus

[David Opitz <dopitz () LOYOLA EDU>]

We use Symantec Endpoint Protection.  About a year ago we were re-evaluating that decision.  As part of that, I got a 
chance to talk to the Microsoft Product Manager for Forefront Endpoint Protection.  He wanted to know what it is that I 
like about Symantec, so I listed off all the features I like, mostly from a security viewpoint but also management and 
reporting.  Quick examples are SONAR, which Symantec uses for behavior detection to find malware (they also do 
traditional malware signatures), INSIGHT which looks up every downloaded file in a huge Symantec database and can block 
it if it has never seen it before, a network threat detection piece, and some efficiencies for working with VMWare 
servers.  After I explained each one of those features, the Microsoft guy would agree that his product did not yet have 
that, but he frequently added that those are things he hopes/plans to build into future versions of FEP.

Based on the extra security we would get from those features, we decided to continue paying Symantec instead of using 
the FEP which would essentially be free for us.  Depending on your environment, you might come up with a different 
decision.  I'm giving Microsoft a couple of years to add those new features and then we will do another evaluation.  
I'd guess Microsoft will have some cool new features by then, and hopefully this competition from Microsoft will 
continue to push the traditional anti-virus vendors to keep innovating and improving their products as well.

Peace,
Dave Opitz
Loyola University Maryland

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ed 
Zawacki
Sent: Monday, March 11, 2013 12:18 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Microsoft antivirus

I'm curious as to whether anyone has taken advantage of their campus'
Microsoft licensing agreement to switch from say McAffee or Symantec's endpoint solution to Microsoft's?

If so, how are you feeling about the Microsoft solution?

Or, if you thought about it and decided not to do it, I'm also interested in the rationale/any documentation you might 
have on that decision.

(Obviously, the cost savings would be nice, but I'm not too impressed by what I see from MS. Just wondering if I'm 
missing something)

Thanks

--
Ed Zawacki
Chief Information Security and Privacy Officer Academic Computing and Communications Center University of Illinois at 
Chicago
(312) 996-0658

General Security Line: (312) 432-0074