[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    re: Virus Scan Software
From:       harley () icrf ! icnet ! uk
Date:       1997-01-03 15:20:35
[Download RAW message or body]

> Note sure if this is a proper question for this group, but here goes.

It probably isn't, except in so far as it's always worth reiterating
that there's more security mileage in protecting the desktop -at-
the desktop than in relying solely on viruswalls and firewalls which 
attempt to include filtering for viruses. ;-)

I'm enclosing some info, and I'm always happy to discuss further by
e-mail. 
> 
> We are evaluating virus scan software to be installed on individual 
> PC's and would welcome recommendations.  

Asking a firewalls list for recommendations in this case is asking
your butcher's advice on buying fish. He -may- be well-qualified to
advise you: OTOH he may know nothing about fish, he may regard fish
as beneath him, and he may feel compelled as a catering professional
to pretend he knows more about fish than he really does. B-)

Not everyone on this list is a firewalls expert or security guru:
those who do fall into one of these categories aren't necessarily
up to speed on PCs or viruses. In fact, virus mythology is as rife
among security professionals as it is everywhere else. You may get
responses that reflect what's in use at sites with representatives
here, but that's not the same as recommendations for best practice.

> We have folks that like 
> Mcfee and Norton but have no solid way to compare.  

As you obviously appreciate, liking the interface of a particular
product is a poor basis for virus control. In this area, a nice
interface may come a long way behind other criteria such as detection
rate, tendency to false alarm, ease of distribution and administration,
and other issues of which this isn't the best forum for discussion.
McAfee has most of the market share and Symantec/Norton have a great
deal of what's left, but neither package is necessarily the highest-
rated among professionals.

> Any help would be 
> appreciated.
> 

Some pointers from the alt.comp.virus FAQ are included below.

--------------------include---------------------

There used to be a comprehensive set of product reviews at:

        http://www.first.org/virus/virrevws/

but the page is being reorganized and it may have disappeared 
altogether.

A number of reputable vendors include comparative reviews,
papers on testing etc. on their WWW/FTP servers: try 

	http://www.datafellows.com/
	http://www.drsolomon.com/

among others.

Virus Bulletin comparative reviews are available from

        http://www.virusbtn.com/Comparatives/

and information is also available on their testing protocols.

Product reviews and other kewl stuff from Robert Slade:

        telnet://freenet.victoria.bc.ca
        login as guest, give the command "go virus"

For a list of scanners that have received the "NCSA Approved" rating
of the National Computer Security Association in the U.S.A. see

  http://www.ncsa.com/avpdcert.html

The page also explains the certification procedure. 

----------------------outclude--------------------------

NCSA certification for AV products isn't a bad idea in principle,
but hasn't always been well-implemented, and is subject to some
of the same misgivings voiced here about firewall certification.
However, it's probably more use than asking your neighbour what he
uses. B-)

Secure Computing have an alternative certification scheme in 
progress, and the January issue includes a 'bumper Anti-Virus
review'. (US/Canada subscriptions 100016.2432@compuserve.com).

Possibly the best reviews are those done by Virus Bulletin, though.
(www.virusbtn.com). You might also like to check out the Virus Research
Unit site at Tampere:

	http://www.uta.fi/laitokset/virus/

The alt.comp.virus FAQ and some other relevant documents (including
the Virus-L FAQ) are available from the web page in my signature.

-- 
David Harley                     \   |   /                 alt.comp.virus FAQ
D.Harley@icrf.icnet.uk            \  |  /               & Anti-Virus Web Page
Support & Security Analyst         \ | /         Folk London On-Line gig-list
Imperial Cancer Research Fund   ____\|/____   http://webworlds.co.uk/dharley/

[prev in list] [next in list] [prev in thread] [next in thread]