Educause Security Discussion mailing list archives

Re: Microsoft antivirus

From: "Barros, Jacob" <jkbarros () GRACE EDU>
Date: Tue, 12 Mar 2013 11:55:14 -0400

I'm with Jeff on this one.  Based on our technician's feedback, what
we have found is that nothing works perfectly.  We can spend a fortune
trying to protect endpoints from zero-day vulnerabilities that might
not be effective.  So despite the lack of bells and whistles, we went
with 'free' and have not regretted it.  What it lacks in protection we
can usually make up for with AD group policies, software updates, user
education and a good ng firewall (for while they are here anyway).



Jake Barros  |  Network Administrator  |  Office of Information Technology
Grace College and Seminary  |  Winona Lake, IN  |  574.372.5100 x6178


On Mon, Mar 11, 2013 at 7:24 PM, Jeff Kell <jeff-kell () utc edu> wrote:

On 3/11/2013 7:06 PM, Jason Gates wrote:

I've used FEP with SCCM and enjoy the management and reporting abilities of
FEP but i'm concerned about the quality of malware protection. Through
reading, testing and real world experiences with the antivirus product i've
found that its malware protection is left wanting. In test cases FEP did not
remove/detect all the malware, leaving malware parts still installed and
functioning.


Sure, it misses stuff.  But they all do.  We've gone from Symantec to McAfee
to Forefront and there really isn't that much of a delta in terms of
protection.  With current zero-day "click here to infect your computer"
drive-bys, nobody is going to keep you clean, but it should look like
they're making an effort.

In the "big picture" of things, Forefront was much less "high-maintenance"
and "obnoxiously fat footprint" that the predecessors.  Having updates
integrated (more or less) into windows updates is a plus.  I still have
nighmares about EPO :)

I've considered application white-listing, but not sure how many monkey
wrenches that throws into the works.  And how much of that is Active
Directory dependent.

There's no magic bullet.  For no more return that you should expect from an
A/V these days, FF was priced right on campus agreement.  We even drank the
FOPE Kool-Aid for our Exchange filtering...

Jeff

Current thread:

Re: Microsoft antivirus, (continued)
- - - Re: Microsoft antivirus Dexter Caldwell (Mar 11)
- Re: Microsoft antivirus David Opitz (Mar 11)
- Re: Microsoft antivirus Jim Stasik (Mar 11)
  - Re: Microsoft antivirus Rick Baker (Mar 11)
- Re: Microsoft antivirus Fisher, Matthew C (Mar 11)
  - Re: Microsoft antivirus Ed Zawacki (Mar 11)
    - Re: Microsoft antivirus Tim Doty (Mar 11)
    - Re: Microsoft antivirus Santabarbara, Angelo (Mar 11)
    - Re: Microsoft antivirus Jason Gates (Mar 11)
    - Re: Microsoft antivirus Jeff Kell (Mar 11)
    - Re: Microsoft antivirus Barros, Jacob (Mar 12)
    - Re: Microsoft antivirus Jason Gates (Mar 12)
    - Re: Microsoft antivirus Tim Doty (Mar 12)
    - Re: Microsoft antivirus Santabarbara, Angelo (Mar 11)
- Re: Microsoft antivirus Rick Baker (Mar 11)