Security Basics mailing list archives

RE: Different AV Prouducts

From: dave_mikesch () baxter com
Date: Wed, 13 Aug 2008 13:25:29 -0500

I deal with Symantec every day managing several thousand systems running
that very same version. (10.1.7.7000 works better...)

No version of SAV, including SEP11 detects nearly as much as most of the
competitors.

So far this year I've submitted almost 500 undetected viruses to them -
they rule about 25% of them as malware of any sort, while Sophos and AVG
pick up about 60-80%.
This is also with me having Platinum support and arguing with the reverse
engineers....

I suggest AVG, Sophos, NOD32, or Kaspersky instead.


Best Regards,
Dave Mikesch, GCIH, GREM



                                                                           
             "Andy Cuff                                                    
             (Talisker)"                                                   
             <SecurityLists@se                                          To 
             curitywizardry.co         <pthroumoulos () rochester rr com>,    
             m>                        <security-basics () securityfocus com> 
             Sent by:                                                   cc 
             listbounce@securi                                             
             tyfocus.com                                           Subject 
                                       RE: Different AV Prouducts          
                                                                           
             08/13/2008 11:06                                              
             AM                                                            
                                                                           
                                                                           
                                                                           




I would strongly suggest reconsidering your options and escalating your
issue with Symantec.  You may face the same support issues with another AV
vendor, in addition to trying to integrate a new AV into your enterprise.

I'm not advocating Symantec over Sophos or Kapersky, I'm just considering
the impact of the change.  I

Regards

Andy Cuff
Computer Network Defence Ltd
www.SecurityWizardry.com


I was wondering if anybody could provide me with any positive
information about switching from Symantec Corporate Edition
(10.1.4.4000) to any other AV products. I have looked at a
couple different solutions but am by no means a security guru
and would appreciate any feedback I could get that would help
persuade me to switch to a different solution. The two other
products that I am considering are Kaspersky or Sophos.
Reason I picked these two is that I have seen quite a few
emails bounced back and forth about the quality of both of
these products compared to Symantec. Obviously all AV
products are going to be better at certain things than others
such as detection and removal. All I am looking for is a
product that I can implement on about 180+ clients and about
30 servers that will be easily managed and not have too large
of a foot print and I do not want to have to visit every
client to remove the old AV before deploying the new solution.

One of the reasons I would like to switch from Symantec to
another product is that just recently I had to deal with
their tech support for an issue we were experiencing on our
clients. My experience with tech support has left me very
jaded as it took them almost three weeks to figure out the problem.

The issue we were experiencing was when a user would log into
their desktop explorer.exe would not load and they would only
see their wallpaper (All dell machines) The solution to the
issue was to turn of "tamper protection"

on all the clients, though this did solve the issue I am
still a little concerned about the fact that you need to turn
off any component of any AV product. I also feel like
Symantec does not do the best job at detection of other types
of malware besides viruses. Several times this year I had
several infected clients that I had to rebuild because
Symantec did not detect the issues till it was too late to do
anything. If anybody could point me in the right direction to
getting more info on a better AV solution than Symantec I
would greatly appreciate it.




The information transmitted is intended only for the person(s)or entity to which it is addressed and may contain 
confidential and/or legally privileged material. Delivery of this message to any person other than the intended 
recipient(s) is not intended in any way to waive privilege or confidentiality. Any review, retransmission, 
dissemination or other use of , or taking of any action in reliance upon, this information by entities other than the 
intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from 
any computer.

For Translation:

http://www.baxter.com/email_disclaimer

Current thread:

Different AV Prouducts pthroumoulos (Aug 13)
- Re: Different AV Prouducts Michael Painter (Aug 14)
- Re: Different AV Prouducts Isaac Perez Moncho (Aug 14)
  - RE: Different AV Prouducts Murda Mcloud (Aug 15)
- Re: Different AV Prouducts Gleb Paharenko (Aug 15)
- <Possible follow-ups>
- RE: Different AV Prouducts Andy Cuff (Talisker) (Aug 13)
  - RE: Different AV Prouducts Eddy Alexandre (Aug 13)
  - RE: Different AV Prouducts dave_mikesch (Aug 13)
    - Re: Different AV Prouducts ॐ aditya mukadam ॐ (Aug 14)
    - Message not available
    - Fwd: Different AV Prouducts John Bond (Aug 14)
    - Message not available
    - Message not available
    - RE: Different AV Products Andy Cuff (Talisker) (Aug 15)
  - RE: Different AV Prouducts Anthony Mihaljevic (Aug 14)