>>> if you set up a server for a select job, lock it down.... only serve up static pages.. why 'does' it need to be covered by A/V was the topic >>>
Maybe because if your server can "serve" anything, it can be "served" in return. Where I come from, we call it the "scratch my back, I scratch your back" factor :) With the prevalence of network-burrowing, SMB-crawling worms and trojans, the fact that you are serving static files is no protection at all. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Wed 10/5/2005 10:28 AM To: [email protected] Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment I came <<this close>> to ripping out Trend in my office due to the BSOD, false positives and the infamous Friday incident. They are on probation right now. The ones bantered around in our A/V wars discussions: Symantec [not yellow box but corp] Sophos CA I have a fellow SBSer in AU who LOVES Nod32. Pick one... they are in reality ALL reactionary. Real geeks don't use A/V anyway. [you should have seen the thread on whether to stick a/v on a web server on the focus on ms listserve... if you set up a server for a select job, lock it down.... only serve up static pages.. why 'does' it need to be covered by A/V was the topic] Tim Vander Kooi wrote: >I've only been on the list a short time, but I must have missed the >mandatory Trend Micro brainwashing. :-) >So far from what I have noticed there seems to be a set answer to all AV >questions. >Question: I'm curious about the capabilities of NOD32. >Answers (en mass): You should use Trend Micro. >Question: Is anyone using Symantec? >Answer (again en mass): You should buy Trend Micro. > >Not that there is anything wrong with Trend Micro's product, it's great >in my opinion, but these responses don't seem to be very helpful with >regard to the questions being asked. > >My apologies to the list "gods" if TM is the list sponsor. :-) >Tim > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Glen Miller >Sent: Wednesday, October 05, 2005 11:55 AM >To: '[email protected]' >Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment > >Look into a product called Office Scan, by a company called Trend Micro. >I have been using this product happily since 1998. It saved me from the >"I love you" bug and a few rather nasty ones since. > >"I want my two dollars!" > > >And Joe! Petitioning Webster's to include Joe-isms as an actual word. > > > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Ahmed Al Awah >Sent: Tuesday, October 04, 2005 12:35 PM >To: '[email protected]' >Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment > >Since we're on topic..is anyone using Symantec AntiVirus 10 corp edition >for A/V protection in a domain environment? > >-----Original Message----- >From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] >[mailto:[EMAIL PROTECTED] >Sent: October 4, 2005 11:07 AM >To: [email protected] >Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment > > >My 1 cent. > >I should go back to lurking...but... when choosing your a/v solution >there's something to check on... some of the a/v vendors have >historically needed admin rights to update or have had vulnerabilities >themselves. > >Might be something to investigate and consider when chosing an a/v >...especially on a DC. > >In my own historical issues with Trend, the OfficeProtect dat file >upgrade to XP sp2 wasn't properly 'vetted" and flatlined my workstations > >and last I heard cost Trend $8 mil in lost sales. They've also had a >security vulnerability patched somewhat recently. > >Epo's had their issues as well.... > >http://xforce.iss.net/xforce/xfdb/21839 > >ISS X-Force Database: epolicy-msde-obtain-password(12787): ePolicy >Orchestrator could allow an attacker to obtain MSDE SA password: >http://xforce.iss.net/xforce/xfdb/12787 > >ISS X-Force Database: epolicy-execute-commands(14166): ePolicy >Orchestrator command execution: http://xforce.iss.net/xforce/xfdb/14166 > > > >Al Garrett wrote: > > > >>My 2 cents... >>EpO has worked outstanding for us. >>Does inventory reports, finds "rogues", demonstrates to pointy-haired >>bosses how many infections are avoided and how dangerous it is "out >>there." >>Combined with CommTouch Anti-Spam solution. >> >> -----Original Message----- >> *From:* [EMAIL PROTECTED] >> >> >[mailto:[EMAIL PROTECTED] > > >> *Sent:* Tuesday, October 04, 2005 8:36 AM >> *To:* [email protected] >> *Subject:* RE: [ActiveDir] Anti-virus protection in domain >>enviroment >> >> Just to add a little to what Phil says: >> >> When I last used ePO I found that possibly the most useful feature >> was the reporting aspect. This allows you (amongst others) to >> assess which viruses were found in the environment and therefore >> what action if any needs to be taken to prevent further infection. >> >> Most organisations don't have any idea how many infections they >> suffer from or how regularly the infections occur. A tool such as >> ePO can help in this area quite significantly. [it's also a handy >> management tool which helps justify the ongoing AV costs :) ] >> >> neil >> >> >> *___________________________* >> *Neil Ruston* >> Global Technology Infrastructure >> Nomura International plc >> >> >> >> >> >------------------------------------------------------------------------ > > >> *From:* [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] *On Behalf Of *Phil >> >> >Renouf > > >> *Sent:* 04 October 2005 16:10 >> *To:* [email protected] >> *Subject:* Re: [ActiveDir] Anti-virus protection in domain >>enviroment >> >> Take a look at this article, it should give you the information >> you need to configure Antivirus on your DC's: >> >> http://support.microsoft.com/default.aspx/kb/822158 >> >> I don't have any experience running NOD32 on anything :) >> >> As for clients, most environments I have been in use a product >> similar to McAfee's EPO to centrally manage all the AV agents on >> the desktop to make sure they are configured to the corporate >> standard and that they have up to date scan engines and DAT files. >> >> Phil >> >> >> On 10/4/05, *Boris Demirov* <[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>> wrote: >> >> Hello everybody, >> I got some questions about the anti-virus protection of a >> domain controller >> and the domain environment: >> >> In my opinion the best AV program for the moment is NOD32 - I >> am using it >> successfully on many workstations, but I am not quite sure how >> it will act on >> a DC. What kind of protection do you use on your DCs and have >> somebody got a >> closer look on the NOD32 installed on a DC? >> And something else to ask: what kind of AV protect your >> workstations in >> domain, do you use a single copy of a normal AV or some >> enterprise edition? >> >> All advises on the topic of antivirus protection in domain >> controller and the >> stations in the domain are welcome. >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> <http://www.activedir.org/ListFAQ.aspx> >> List archive: >> http://www.mail-archive.com/activedir%40mail.activedir.org/ >> >> >> PLEASE READ: The information contained in this email is >> confidential and >> intended for the named recipient(s) only. If you are not an >> >> >intended > > >> recipient of this email please notify the sender immediately and >> delete your >> copy from your system. You must not copy, distribute or take any >> further >> action in reliance on it. Email is not a secure method of >> communication and >> Nomura International plc ('NIplc') will not, to the extent >> permitted by law, >> accept responsibility or liability for (a) the accuracy or >> completeness of, >> or (b) the presence of any virus, worm or similar malicious or >> disabling >> code in, this message or any attachment(s) to it. If verification >> of this >> email is sought then please request a hard copy. Unless otherwise >> stated >> this email: (1) is not, and should not be treated or relied upon >> >> >as, > > >> investment research; (2) contains views or opinions that are >> solely those of >> the author and do not necessarily represent those of NIplc; (3) is >> intended >> for informational purposes only and is not a recommendation, >> solicitation or >> offer to buy or sell securities or related financial instruments. >> NIplc >> does not provide investment services to private customers. >> Authorised and >> regulated by the Financial Services Authority. Registered in >> >> >England > > >> no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St >> Martin's-le-Grand, >> London, EC1A 4NP. A member of the Nomura group of companies. >> >> >> > > > -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
