| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Aug 10 20:15:30 2005 From: jbethune at town.kentville.ns.ca (Jason Bethune) Subject: Antivirus Thanks Axel ( love guns and roses by the way; im sure you haven't heard that one before). I have been searching around the net for some user reviews on those that you have mentioned. I am about a week into this research. It is starting to come to a head in the past couple days as RTVSCAN.exe is causing more and more computer slow downs. Not good when a batch is trying to be posted in out financial system. In the end I need a reliable product that has central management with lockout features to the user. Malware detection is tied for #1 for the product I end up choosing. My users have at least stopped opening any attachments they get that they don't know who they are form and so on. As we all know the end user is the z factor in the whole situation of choosing a good security product. Jason Bethune IT Specialist Town of Kentville 354 Main Street Kentville, NS B4N 1K6 www.town.kentville.ns.ca -----Original Message----- From: Axel Pettinger [mailto:api@...ldonline.de] Sent: Wednesday, August 10, 2005 3:45 PM To: Jason Bethune Subject: Re: [Full-disclosure] Antivirus Hi Jason, With such a small user network you should definitely have a look at the products of other anti virus vendors - not just Symantec's. In our company we used NAV CE (later SAV CE) several years till 2004, but I was never happy with it. It's bloated and its malware detection capabilities are not very good. Just as an example, do you know runtime compressors (like UPX)? Malware is very often packed with such compressors to make the file smaller and the file contents less readable. Many runtime compressors exist, but only a few av companies make sure that the format of these runtime compressors is known to their av scan engine so that the scanner is able to detect malicious code inside of these packed executables. The results are funny identifications of one and the same malware (compressed, unpacked, repackaged with another runtime compressor). Symantec's av scanner doesn't know the format of many runtime compressors and as a result it usually fails to detect known packed malware when it is unpacked or repackaged with another compressor. My favorite av scanners are those from Kaspersky (www.kaspersky.com) and McAfee because in my experience both have simply the best malware detection capabilities. Kaspersky's av scanner is also very easy to update, has small definitions, - if you want - hourly updates and knows the most runtime compressor and archive formats of all av scanners. You should definitely have a closer look at McAfee's and Kaspersky's av products. As I said before they are very good in malware detection, but in regard to performance, stability and general handling of these products it's up to you to find out whether they're suited for your environment. Regards, Axel Pettinger > Jason Bethune wrote: > > I know this is not really the place to ask this question but I need > some professional advice and well you guys know a lot. I need to get > rid of our current Antivirus solution in the small 20+ user network we > have running on SBS 2003. Currently running NAV 7.6 Corporate Edition. > Any opinions on the new version of Norton 10.0? Should I look at Trend > Micro? Both seem to priced about the same for Canadian customers. I > hope this is not too way off topic but I don't post here very often. > If you can give me some advice that would be greatly appreciated. > > Jason > > --------------------------------------------------------------- > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists