[THIN] Re: Independent tests (was Re: Virus protection)
- From: "Evan Mann" <emann@xxxxxxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Fri, 30 Jan 2004 11:17:58 -0500
I did an eval on the "big 3" of AV vendors for an AntiVirus for Exchange
product. (Symantec, Trend, McAfee, and Sybari which relies on other
engines) and I ended up with Symantec. I really had no way to quantify
which product was better, IMO they are all equally as well, it's just an
issue of when the particular manufacturer gets their virus definitions
out. My choice came down to features and UI. Feature sets are almost
identical across the products, however McAfee's GroupShield 6.0 was a
new release product and Trend/Symantec/Sybari already had their products
out for months.
The only thing I'm missing thus far in Symantec Mail Security 4.0 that
Trend and Sybari offered was the ability to check file types based on
their signatures. So if someone send me an EXE renamed to .TXT, that
attachment isn't going to get blocked since Symantec doesn't check the
signature of the file to determine it is an EXE. I'm sure this will be
something that is in a near future release because all the big AV
companies are always try to one up each other, but in due time, they all
have the same feature sets.
I liked the fact that Sybari used multiple engines, which means a higher
likelyhood to get updated virus definitions faster, but the product was
just vastly more expensive.
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Kenzig http://thethin.net
Sent: Friday, January 30, 2004 11:05 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Independent tests (was Re: Virus protection)
We have been using Trend Scanmail with Emanager(for additional
attachment blocking control) on our Exchange server at our library here
for going on 5 years. Yes it was expensive but it is worth every penny.
In that time we blocked hundreds of thousands of viruses from getting
into our system and it has never let one get through!
It is by far and above the Cadillac of Antivirus programs. BTW I was a
Virus investigator/researcher for NASA about 15 years ago when the
biggest threat was something called Stoned. I used to email back and
forth with Frisk (FProt) and all them other researchers via usenet all
the time. Thats back when there wasn't such a thing as the internet. Our
biggest worry was Sneakernet...everybody would give a floppy of their
monthly report to the division secretary, she'd get infected and in turn
infect the whole building when she gave them their disk back. Fun. ; )
Regards,
Jim Kenzig
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of DMelczer@xxxxxxxx
Sent: Friday, January 30, 2004 10:49 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Independent tests (was Re: Virus protection)
We personally go with TrendMicro...for 2 reasons...offices in
Japan and the UK allow for rapid deployment of updated virus pattern
definitions before the outbreaks occur here in the US (the UK office
normally sees the virus outbreak there 5 hours before we get hit).
Also, the overhead on our severs seems to be extremely small, even with
all inbound and outbound files being scanned under a heavy user load.
Just my $0.02. Hope it helps you.
-Dave Melczer
dmelczer@xxxxxxxx
-----Original Message-----
From: Ryan Lambert [mailto:rlambert@xxxxxxxxxxxxxxx]
Sent: Friday, January 30, 2004 9:38 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Independent tests (was Re: Virus
protection)
In my experience, I've had pretty much every brand of
antivirus I've used find something the other has not, and vice versa.
Norton, Sophos, Trend, Panda, McAfee... the list just
goes on... I try to stay away from Igotknockedup IT (InoculateIT CA),
though.
Basically, why would anyone trying to sell a product say
theirs wasn't better than a competitor? It would be selling suicide not
to. Personally I prefer either McAfee, Sophos, or Trend... I couldn't
tell you why, though. It's just what I'm comfortable with. That's
probably what it boils down to anymore. That and incident/virus
response.
-----Original Message-----
From: Euan Cooper [mailto:Euan.Cooper@xxxxxxxxxxxx]
Sent: Wednesday, January 28, 2004 3:13 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Independent tests (was Re: Virus
protection)
Just how "independent" is this test when the second line
says
Test report prepared under contract from Sophos
Anti-Virus
While I don't want to "bag" Sophos as I have not direct
knowledge of the product[1] I bet with a bit of looking I could find
similar "independent" tests showing most of the major anti virus
software vendor's products favourably against their rivals.
Reminds me of an internal MS video presentation on NT3.5
I once saw - a question was asked about how NT was going to win against
Novell. One of the key points was that any time anyone was running a
comparison of NT against any other NOS NT had to win - MS had a team
whose sole job was to make sure this happened.
I agree with Roger on this - AV software is pretty much
a Ford vs Holden[2] thing. I would go so far as to say that no AV
software in itself is not enough to completely protect your network
anyway.
-Ec
1 though I have heard good things about it
2 Localised for NZ
-----Original Message-----
From: John Carlson [mailto:johnc@xxxxxxxxxx]
Sent: Thursday, 29 January 2004 6:39 a.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Virus protection
Absolutely there is a difference. I had a client
who was running Symantec Corporate and experiencing odd behavior on his
network. I told him it sounded like a virus and he assured me his AV
software was up to date. I set him up with a 30 day demo of Sophos and
upon scanning his network drives he found viruses in the first folder it
scanned. Viruses that Symantec had missed. It was the easiest sale I
ever made.
Don't just take my word for it. Here is an
independent test comparing Sophos to the majors:
http://www.veritest.com/clients/reports/sophos/sophos_antivirus.pdf
Other related posts: