RE: CA eTrust AV

[SMiller () unimin com]

We all wish that malware names were consistent.  But if you are switching
vendors on the premise that everyone except CA is using the same naming
convention, you are mistaken.  See the Tower of Babel section on the 10/31
SANS ISC page:
http://isc.sans.org/diary.php?date=2004-10-31
Note that there is no greater resemblance between the Trend and Symantec
nomenclature than any other two of the five listed vendors chosen at
random.  Regarding effectiveness, I believe that there is little to
consistently distinguish the principal vendors there, either.  When
av-test.org was keeping their server and client test suites up to date,
they typically had the CA at or near the top for detection, but there was
not a tremendous amount of variation.  Their basic maintenance plan tech
support does suck road-kill through bar-straws, but that is a broad
spectrum IT vendor issue, not something that is confined to CA.  I do
frequently hear criticisms of Symantec for being late on detecting a new
virus or worm, but I regard that as rumor.  I am currently using eTrust for
desktops and GP servers, Trend Scanmail on the mail server.  There is also
a smattering of Symantec through the organization.  Since we put Postini
Perimeter Manager outside our SMTP address 2 months ago, Scanmail has not
found a single infected message, so we will probably not renew it (it *did*
do a very good job while it was needed).  I will probably stick with the CA
AV product for servers and clients if only because of our investment in
configuring and supporting it.  Speaking of that investment and the
consequential vendor "lock-in", are you sure you want to increase that
inertia by buying a package that integrates spyware detection?  For my
money, that process is where virus remediation was 7 or 8 years ago, with
lots of changes and shake-outs to come.  I plan to keep those products
separate for now.  My advice is to select an established  vendor on the
basis of quality of support, ease of administration, or TCO, not some
ephemeral attribute such as names.  YMMV.

Scott A. Miller
Manager of Information Systems Support
Unimin Corporation
Unimin CANADA Ltd/Ltee


                                                                           
             "Ryan Behan"                                                  
             <RBehan@csmcorp.c                                             
             om>                                                        To 
                                       "Dan Tesch"                         
             11/09/2004 09:05          <dan.tesch () comcast net>, "Security  
             AM                        Basics"                             
                                       <security-basics@lists.securityfocu 
                                       s.com>                              
                                                                        cc 
                                                                           
                                                                    Fax to 
                                                                           
                                                                   Subject 
                                       RE: CA eTrust AV                    
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




We have 200 PCs, 30 Servers, 1 Distribution server.  We are switching to
Symantec, we have been dissatisfied with CA's AV product.  I've seen web
scans from Trendmicro and trial versions of AVG and Symantec pick up
viruses that CA either didn't deem a virus or just wasn't clever enough
to discover it.  CA is affordable though, and it does stop viruses, but
Symantec is now offering Spyware detection which is a considerable
threat/nuisance to us.  If you have a small business I would request a
Webex with them(CA) and see how you feel about it.  It's not a terrible
product but I don't completely Etrust it.  The biggest gripe I have with
CA is it's nomeclature for threats, it's never anything like Trend or
Symantec, which leaves us baffled when we're trying to investigate a
possible infection.

Ryan

-----Original Message-----
From: Dan Tesch [mailto:dan.tesch () comcast net]
Sent: Monday, November 08, 2004 4:36 PM
To: Security Basics
Subject: Re: CA eTrust AV

Yes, I use it.  I have previously used the Symantec Corporate product
which I liked and found pretty easy and intuitive to use.

I would agree that the support is dreadful, I also use CA BrightStor and
that support leaves something to be desired also.

The eTrust took a long time to get completely set up on a network of
1 distribution server, 10 servers and about 30 desktops - I'd estimate
about 50 - 60 hours to get it where I was really happy with it.

I can say now that it is working pretty much OK but I have a new machine
I just added to the network running XPSP2 and I can't get the remote
install to work and I suspect the SP2 - anyone have a fix for that?

> Do any of you use CA eTrust Antivirus 7 or 7.1 ?
>
> We have 4000 users.  Product seems effective but CA support is
dreadful.
> Cannot get simplest of answers.  I have a senior engineer teaching
> their Helpdesk about the product.
>
> Anybody have good or bad experience of this product ?
>
> Thanks in advance.





This e-mail and any attachments may contain confidential and
privileged information. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
e-mail and destroy any copies. Any dissemination or use of this
information by a person other than the intended recipient is
unauthorized and may be illegal.