Educause Security Discussion mailing list archives
Re: Microsoft antivirus
From: Jason Gates <jasongates () SOUTHERN EDU>
Date: Tue, 12 Mar 2013 17:00:22 +0000
Accepted risks and environments differ between institutions, but for our environment I expect that security layers will inevitably fail and if some do, I'll sleep better knowing we would have a better than basic chance at preventing a compromise. Agreed, there is no magic bullet, but a fence is as strong as its weakest link. -jason -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barros, Jacob Sent: Tuesday, March 12, 2013 11:55 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Microsoft antivirus I'm with Jeff on this one. Based on our technician's feedback, what we have found is that nothing works perfectly. We can spend a fortune trying to protect endpoints from zero-day vulnerabilities that might not be effective. So despite the lack of bells and whistles, we went with 'free' and have not regretted it. What it lacks in protection we can usually make up for with AD group policies, software updates, user education and a good ng firewall (for while they are here anyway). Jake Barros | Network Administrator | Office of Information Technology Grace College and Seminary | Winona Lake, IN | 574.372.5100 x6178 On Mon, Mar 11, 2013 at 7:24 PM, Jeff Kell <jeff-kell () utc edu> wrote:
On 3/11/2013 7:06 PM, Jason Gates wrote: I've used FEP with SCCM and enjoy the management and reporting abilities of FEP but i'm concerned about the quality of malware protection. Through reading, testing and real world experiences with the antivirus product i've found that its malware protection is left wanting. In test cases FEP did not remove/detect all the malware, leaving malware parts still installed and functioning. Sure, it misses stuff. But they all do. We've gone from Symantec to McAfee to Forefront and there really isn't that much of a delta in terms of protection. With current zero-day "click here to infect your computer" drive-bys, nobody is going to keep you clean, but it should look like they're making an effort. In the "big picture" of things, Forefront was much less "high-maintenance" and "obnoxiously fat footprint" that the predecessors. Having updates integrated (more or less) into windows updates is a plus. I still have nighmares about EPO :) I've considered application white-listing, but not sure how many monkey wrenches that throws into the works. And how much of that is Active Directory dependent. There's no magic bullet. For no more return that you should expect from an A/V these days, FF was priced right on campus agreement. We even drank the FOPE Kool-Aid for our Exchange filtering... Jeff
Current thread:
- Re: Microsoft antivirus, (continued)
- Re: Microsoft antivirus David Opitz (Mar 11)
- Re: Microsoft antivirus Jim Stasik (Mar 11)
- Re: Microsoft antivirus Rick Baker (Mar 11)
- Re: Microsoft antivirus Fisher, Matthew C (Mar 11)
- Re: Microsoft antivirus Ed Zawacki (Mar 11)
- Re: Microsoft antivirus Tim Doty (Mar 11)
- Re: Microsoft antivirus Santabarbara, Angelo (Mar 11)
- Re: Microsoft antivirus Jason Gates (Mar 11)
- Re: Microsoft antivirus Jeff Kell (Mar 11)
- Re: Microsoft antivirus Barros, Jacob (Mar 12)
- Re: Microsoft antivirus Jason Gates (Mar 12)
- Re: Microsoft antivirus Tim Doty (Mar 12)
- Re: Microsoft antivirus Ed Zawacki (Mar 11)
- Re: Microsoft antivirus Santabarbara, Angelo (Mar 11)