Antivirus: November 2007 Archives

Information Security Mag has an article by Ed Skoudis and Matt Carpenter in which they do a bake off between several endpoint protection products.

http://searchsecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1280028_idx1,00.html
(not sure if non-subscribers can view that or not. Its free to sign up or try bugmenot).

This will make all the Symantec bashers angry, but it actually comes out rather well. Looks like it will be worth it to learn the new platform that is SEP and upgrade.

Points of interest to me

• ISS not doing so well. They dont have their own AV so the AV piece and the rest seem cobbled together


• Third Brigade not yet well integrated with Trend


• McAfee surprisingly not doing well. I would have expected McAfee HIPS (Entercept) to have crushed the malware tests. It seemed that only the buffer overflow protection was tested. Was HIPS not on by default? I'm pretty sure it is part of Total Protection Enterprise


• Symantec doing rather well.


• Sophos scanning on read only by default

The article writers feel that Endpoint Protection suites are still new and have some maturing to do.

Last week, I received an email from Trend Micro bashing Symantec Endpoint Protection 11. This seemed like kind of a desperate move. If Trend is truly a top tier AV company why do they need to take shots at Symantec?

There’s something you need to know about Symantec Endpoint Security. Going to version 11.0 requires at least one reboot, frequently two. If you are on version 9.0 or older, Symantec recommends a full rip and replace. Now that's a cumbersome migration!

I guess Trend feels that Symantec AV admins are rather frustrated with the product and they are trying to tap into that.

Here's a link to a Symantec Product Manager's take on the Trend email.