[THIN] Re: OT: Best Antivirus software
- From: "Joe Shonk" <joe.shonk@xxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 10 Apr 2008 13:40:25 -0700
Interesting. Must these guys rename container based virtualization to
feather-weight? There is enough confusing in the market as it is without
having multiple names for the same thing.
Jo
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Rick Mack
Sent: Thursday, April 10, 2008 12:49 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Best Antivirus software
Hi,
If the results of some of the AV testing are anything to go by, there is no
such thing as a really good AV package.
PC Magazine ran a large scale test last year and the best AV detection rate
was 97% (while CA got the worst at 68% ;-)).
On the common AV packages, that means at least 3-5% of all viruses worms and
trojans are not detected.
There is a russian site that will sell you source code for your own trojan
for $200. As it turns out, the frequncy of these custom trojans is so low
out in the wild that most of them aren't detected unless you use something a
bit smarter like Sophos.
If you have a look at the mode of action of the trojans, almost without
exception they depend on users being local admins. So simple stuff like a
locked down environment, application whitelists (eg Provision Networks
Manage-it, part of their enterprise product) and products like appsense
application manager may be far more effective than your average AV package.
The advent of stuff like feather-weight virtual machines
(http://www.ecsl.cs.sunysb.edu/fvm/index.html) that provide an intelligent
containment layer for applications may very well replace AV software in
future. Even without the additional functional checking, something like
running a browser via Thinstall gives you hugely more secure access to the
internet than a standard environment with nothing but the standard
AV/firewall detection.
In terms of standard AV packages, I've stuck with Trend for a long time, but
a lot of my customers have used Sophos and it's detected stuff the other AV
packages didn't see. Other comments aside, I think that Sophos may very well
be one of the best AV packages out there.
regards,
Rick
--
Ulrich Mack
Quest Software
Provision Networks Division
On 4/11/08, Berny Stapleton <berny@xxxxxxxxxxxxxxxxx> wrote:
I have had a few problems with AVG in SMB environments where I have seen
quite considerable slow down of the machines, to the extent where I see the
machines taking 5 or 6 minutes for the user to be able to use the machine
from 30 - 50 seconds (After power on). Previously I have used Trend, and
although they occasionally send out a bad pattern file which brings the
machine to it's knees (I have seen the same thing with McAfee and Symantec)
it hasn't served me too badly before.
Other related posts:
