Educause Security Discussion mailing list archives
Re: McAfee ASaP
From: James Morris <jmorris () CAC WASHINGTON EDU>
Date: Wed, 24 Mar 2004 15:12:44 -0800
I glanced at the website for it awhile back and didn't think that much of it. It looked like one of those blackbox services that vendors want you to just trust is doing the Right Thing, which is probably why it's lacking in higher-ed adoption. My impression was that that hardware sits off in a McAfee data center some place, so if there's problems with connectivity, you're effectively out of the email business til things are repaired unless you've already provided for internal/external mail pathing. You'd still need some other AV solution for the internal pathing so you don't actually save that much. I wasn't sure just how fast it reacts to new viruses either. AVERT typically issues an extra.dat fairly quickly but unless McAfee ASaP uses them or a similar mechanism, you're potentially looking at hours before you'd be protected against a new virus. My experience is with McAfee on the desktop and Sophos (via PureMessage) on our mail relays. During the first couple weeks of Netsky/Bagle for example, McAfee would have a new extra.dat within 30-45 minutes or so, but a full DAT was lagging by hours or days. Sophos would have an IDE (their equivalent of a DAT though they're much smaller) out in ~4 hours and they're working on improving that. It doesn't provide any help on the spam front, so you're still having to run something for that and there's lots of integrated products that provide both AV and Spam, most of which also provide other features/functionality. --James Morris-----------------------Systems Engineer---------------- University of Washington C&C IT Infrastructure 4545 15 AV NE, Seattle, WA 98105 Campus Box: 354841 E-mail: jmorris () cac washington edu voice (206) 221-3848 --------------------------------------------------------------------- -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Cameron Byrne Sent: Wednesday, March 24, 2004 08:32 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] McAfee ASaP We have been evaluating McAfee ASaP anti-virus service and we have been impressed with the TCO, definition update process, and performance. Our main hesitation with moving forward is that we have not seen the ASaP service used by any academic institutions. Is anyone using ASaP, and if so, is it working well? -- Regards, -------------------------------------------- Cameron Byrne UNM CIRT CISSP CCNP CCDP SCSA LPIC 505-277-1244 --------------------------------------------- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- McAfee ASaP Cameron Byrne (Mar 24)
- <Possible follow-ups>
- Re: McAfee ASaP James Morris (Mar 24)