Educause Security Discussion mailing list archives
Re: Microsoft antivirus
From: Tim Doty <tdoty () MST EDU>
Date: Tue, 12 Mar 2013 14:11:52 -0500
On 03/12/2013 12:00 PM, Jason Gates wrote:
Accepted risks and environments differ between institutions, but for our environment I expect that security layers will inevitably fail and if some do, I'll sleep better knowing we would have a better than basic chance at preventing a compromise. Agreed, there is no magic bullet, but a fence is as strong as its weakest link. -jason
While I agree with your premise, I am convinced that all* AV are equally different. I'm no fan of Microsoft (quite the contrary), but my experience with FEP, while disappointing, is better than it was with McAfee. Either way we had drive-by infections. Either way we have too many users logged in with administrative rights.
For those that are able to take advantage of SCCM its possible to leverage the data (something we didn't have with our McAfee license). And, to make it even better, our jumping from McAfee was a given -- they tried to gouge us on license fees (a steep increase) so the money saved by going with FEP can be spent on other enhancements.
I'm not arguing that FEP is better than its competitors, I'm saying that in my experience it isn't substantially different (certainly no worse) and is a perfectly valid choice. That wasn't what I was saying when we switched, but experience can be persuasive.
Tim Doty* not literally all, but at least reasonably common. And the samples I've recovered of what got by FEP are not normally detected by McAfee...
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barros, Jacob Sent: Tuesday, March 12, 2013 11:55 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Microsoft antivirus I'm with Jeff on this one. Based on our technician's feedback, what we have found is that nothing works perfectly. We can spend a fortune trying to protect endpoints from zero-day vulnerabilities that might not be effective. So despite the lack of bells and whistles, we went with 'free' and have not regretted it. What it lacks in protection we can usually make up for with AD group policies, software updates, user education and a good ng firewall (for while they are here anyway). Jake Barros | Network Administrator | Office of Information Technology Grace College and Seminary | Winona Lake, IN | 574.372.5100 x6178 On Mon, Mar 11, 2013 at 7:24 PM, Jeff Kell <jeff-kell () utc edu> wrote:On 3/11/2013 7:06 PM, Jason Gates wrote: I've used FEP with SCCM and enjoy the management and reporting abilities of FEP but i'm concerned about the quality of malware protection. Through reading, testing and real world experiences with the antivirus product i've found that its malware protection is left wanting. In test cases FEP did not remove/detect all the malware, leaving malware parts still installed and functioning. Sure, it misses stuff. But they all do. We've gone from Symantec to McAfee to Forefront and there really isn't that much of a delta in terms of protection. With current zero-day "click here to infect your computer" drive-bys, nobody is going to keep you clean, but it should look like they're making an effort. In the "big picture" of things, Forefront was much less "high-maintenance" and "obnoxiously fat footprint" that the predecessors. Having updates integrated (more or less) into windows updates is a plus. I still have nighmares about EPO :) I've considered application white-listing, but not sure how many monkey wrenches that throws into the works. And how much of that is Active Directory dependent. There's no magic bullet. For no more return that you should expect from an A/V these days, FF was priced right on campus agreement. We even drank the FOPE Kool-Aid for our Exchange filtering... Jeff
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: Microsoft antivirus, (continued)
- Re: Microsoft antivirus Jim Stasik (Mar 11)
- Re: Microsoft antivirus Rick Baker (Mar 11)
- Re: Microsoft antivirus Fisher, Matthew C (Mar 11)
- Re: Microsoft antivirus Ed Zawacki (Mar 11)
- Re: Microsoft antivirus Tim Doty (Mar 11)
- Re: Microsoft antivirus Santabarbara, Angelo (Mar 11)
- Re: Microsoft antivirus Jason Gates (Mar 11)
- Re: Microsoft antivirus Jeff Kell (Mar 11)
- Re: Microsoft antivirus Barros, Jacob (Mar 12)
- Re: Microsoft antivirus Jason Gates (Mar 12)
- Re: Microsoft antivirus Tim Doty (Mar 12)
- Re: Microsoft antivirus Ed Zawacki (Mar 11)
- Re: Microsoft antivirus Jim Stasik (Mar 11)
- Re: Microsoft antivirus Santabarbara, Angelo (Mar 11)