Re: OT: Av and Gartner...

[Paul Robertson <proberts () patriot net>]

On Wed, 30 Jul 2003, John Keeton wrote:

> Slightly OT here. 

I don't think so :)

> In corporate land, where does everyone have AV installed? Currently, we
> have desktop, NT servers, and email gateway. I am thinking that we need
> http/ftp scanning via ICAP from our proxy, but Gartner[1] says http/ftp 
> scanning is uneeded. I don't know if I agree.. -OR- Are people installing

[snip]

Disclaimer: Gartner is an investor in TruSecure, my employer and through 
our ICSA Labs division, the hoster of this list.  I do NOT speak for them, 
and I'm speaking only for myself in this message, and it's all personal 
opinion.

Most folks aren't worried about HTML/HTTP threats.  I used to actively 
resist e-mail gateway A/V scanning, but these days, I think it just makes 
sense.

Non-E-mail malcode threats that are quick are worms that do either 
overflows, or file share guessing.  Both of those really want 
desktop/server scanning to fix them.  HTTP-based threats tend to get shut 
down quickly enough (for the non-worm type) that the window is quite 
short, but if you're going to do complete protection, and want to laugh at 
the rush to update IE when someone gets one to take hold, then it's 
worthwhile looking.

> Also, anyone have any experiance with Garner regarding security items? This
> AV answer, joined with their latest magic quad. for firewalls and ids is 
> just plain scary. I don't know if I even want to put an ounce of faith in
> them anymore. 

To me, it depends on the analyst doing the work.  I've consistantly agreed 
with some of their analyses, and thought "What the heck where they 
smoking?" when I've read others that tended to parrot some particular 
marketing brochure-speak that lots of vendors were trumpeting.

> [1] At my employ Gartner is god.  

The good news, is that if this is true, it's generally because you're 
paying enough that you get the "call and beat up someone with the real 
hard questions and pick at their assumptions" option.  I've used that in a 
past life to get past recommendations that I thought sucked at other 
companies I've worked for.  The bonus is that management sees you as 
playing well with them if you line the reasons up for the call well.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards