I think WhiteListing is "the future of A/V".
There is simply too much to guard AGAINST now. (I say "the future" because I still think whitelists are too hard to build. IMO. YMMV.) Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: James Rankin [mailto:[email protected]] Sent: Thursday, January 29, 2009 4:32 PM To: Active Directory Admin Issues Subject: Re: OT: Was Tips 'n' Tricks Now it's Symantec Bashing I am always wondering these days if AV is strictly necessary. AppSense won't execute anything that isn't whitelisted and/or isn't owned by an Administrator, and neither can network drives run executable content by default. Coupled with WebSense, the use of mandatory profiles and a pretty rapid patching strategy, I am left wondering how much mitigation AV actually gives us on top. It certainly has only caught about three virii recently (and guess what? They were on my boss's workstation, which means all the products I mentioned above, he has removed himself from) 2009/1/29 Jake Gardner <[email protected]> I'm a little past halfway through the company wide removal of symantec and installing AVG. yippie!! I love when the end users always ask me about why I don't like Symantec, or they tell me how happy they are with Mcafee. ugh. I ask them if they've had viruses or malware and they ALWAYS answer yes. Thanks, Jake Gardner TTC Network Administrator Ext. 246 _____ From: James Rankin [mailto:[email protected]] Sent: Thursday, January 29, 2009 4:19 PM To: Active Directory Admin Issues Subject: Re: Tips 'n' Tricks Hey guys, you're preaching to the choir here. My boss bought it, and he likes to take down Exchange servers in the middle of the morning just to fix some cosmetic issue. I hate Symantec with a passion that appears to be quite common. 2009/1/29 Ziots, Edward <[email protected]> Symantec Sucks.. Period.. Z Edward E. Ziots Network Engineer Lifespan Organization Email: [email protected] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + _____ From: Jake Gardner [mailto:[email protected]] Sent: Thursday, January 29, 2009 4:15 PM To: Active Directory Admin Issues Subject: RE: Tips 'n' Tricks Call Symantec support right away and ask for their cleanwipe tool. That will solve ALL of your Symantec problems forever. ;) Thanks, Jake Gardner TTC Network Administrator Ext. 246 _____ From: Tim Vander Kooi [mailto:[email protected]] Sent: Thursday, January 29, 2009 4:14 PM To: Active Directory Admin Issues Subject: RE: Tips 'n' Tricks As long as Symantec is on the network there should always be something to have to fix. ;-) From: James Rankin [mailto:[email protected]] Sent: Thursday, January 29, 2009 3:11 PM To: Active Directory Admin Issues Subject: Re: Tips 'n' Tricks Oh how I long to be back in a big environment...the heady days of when the backbone security team "leased" admin access to support teams for specific tasks and timeframes...when you couldn't get a service account with any more access than it absolutely needed...when patches were tested at four different levels before arriving in production :-) Now there's just me, WebSense, AppSense and Symantec Antivirus between the infrastructure and anarchy. Enuff reminiscing.....back to fixing stuff 2009/1/29 Ziots, Edward <[email protected]> I hear you, can't tolerate that stuff here, of course scheduling of 700 servers to be patched across 2 week timeline with a lockout on changes from 7am-5pm posed by executive management doesn't make for happy campers. Z Edward E. Ziots Network Engineer Lifespan Organization Email: [email protected] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + _____ From: James Rankin [mailto:[email protected]] Sent: Thursday, January 29, 2009 4:03 PM To: Active Directory Admin Issues Subject: Re: Tips 'n' Tricks ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. ******************************************************************* ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. ******************************************************************* ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
