Re: McAfee ASaP

[James Morris <jmorris () CAC WASHINGTON EDU>]

I glanced at the website for it awhile back and didn't think that much of
it.  It looked like one of those blackbox services that vendors want you to
just trust is doing the Right Thing, which is probably why it's lacking in
higher-ed adoption.

My impression was that that hardware sits off in a McAfee data center some
place, so if there's problems with connectivity, you're effectively out of
the email business til things are repaired unless you've already provided
for internal/external mail pathing.  You'd still need some other AV solution
for the internal pathing so you don't actually save that much.

I wasn't sure just how fast it reacts to new viruses either.  AVERT
typically issues an extra.dat fairly quickly but unless McAfee ASaP uses
them or a similar mechanism, you're potentially looking at hours before
you'd be protected against a new virus.  My experience is with McAfee on the
desktop and Sophos (via PureMessage) on our mail relays.  During the first
couple weeks of Netsky/Bagle for example, McAfee would have a new extra.dat
within 30-45 minutes or so, but a full DAT was lagging by hours or days.
Sophos would have an IDE (their equivalent of a DAT though they're much
smaller) out in ~4 hours and they're working on improving that.

It doesn't provide any help on the spam front, so you're still having to run
something for that and there's lots of integrated products that provide both
AV and Spam, most of which also provide other features/functionality.

--James Morris-----------------------Systems Engineer----------------
University of Washington             C&C IT Infrastructure
4545 15 AV NE, Seattle, WA 98105     Campus Box: 354841
E-mail: jmorris () cac washington edu               voice (206) 221-3848
---------------------------------------------------------------------

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Cameron Byrne
Sent: Wednesday, March 24, 2004 08:32
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] McAfee ASaP

We have been evaluating McAfee ASaP anti-virus service and we have been
impressed with the TCO, definition update process, and performance.  Our
main hesitation with moving forward is that we have not seen the ASaP
service used by any academic institutions.  Is anyone using ASaP, and if
so, is it working well?


--
Regards,

--------------------------------------------
Cameron Byrne                   UNM CIRT
CISSP CCNP CCDP SCSA LPIC       505-277-1244
---------------------------------------------

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.