RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-18 Thread Melvin Backus 
While I don’t know enough about Finland to argue the point, by this logic, 
Miami is close enough to Havana to say the entire US falls under the same 
classification.  As I said, not debate the state of the state, only the flaw in 
the logic.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Friday, September 15, 2017 11:10 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

Finland and Russia are side by side. Russia’s #2 city (Saint Petersburg) is 
only about 75 miles from the Finland border.  There are probably as many FSB 
(KGB) agents at F-Secure as there are at Kaspersky. ☺

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of geoff_taylor geoff_taylor
Sent: Friday, September 15, 2017 9:05 AM
To: ntsysadm
Subject: Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?


I like the offerings of F-Secure.  They are Finnish so somewhat removed from 
the Kremlin.  Full disclosure, in other lives I sold both McAfee and F-Secure 
products, and I have used a myriad of others, principally Symantec.

gt
-- Original Message --
From: Eric Wittersheim 
<eric.wittersh...@gmail.com<mailto:eric.wittersh...@gmail.com>>
Date: September 15, 2017 at 8:02 AM
We went from ESET to Sophos. The product is good but their support is not. I 
have had a lot better luck with the Win clients than my Mac clients as well. If 
they could get support fully staffed and trained I would have no problems with 
them.

On Fri, Sep 15, 2017 at 6:47 AM, James M. Pulver < 
jmp...@cornell.edu<mailto:jmp...@cornell.edu>> wrote:
I've always liked ESET, and when we dropped Symantec, ESET was quoted to be the 
least expensive of a bunch we looked at. The ERA appliance is great, but a self 
install on Linux was buggy as hell. Glad I moved to the Virtual Appliance. 
Their tech support is B+ in my opinion. Upgraded to an A- as they don't run 
screaming from Linux. Some of the best I've dealt with, the main failing is no 
real route back to devs if there's a bug, but in terms of using what's there 
and being aware of work-arounds - they're among the best I've ever interacted 
with.

They seem to be pretty effective, but then so was Symantec in our environment - 
we don't give out admin, and seem to have enough e-mail screening via Office 
365 and central IT to really limit ransomware, followed by decent user culture 
of asking before clicking so there's not a lot of chances for it to step in. It 
does kill a few "driveby" unwanted applications for us, but we haven't (knock 
on wood) seen much real malware anyway.

So if you have to tick the box for AV, like we do, ESET is a pretty good choice 
IMO. The other obvious "tick the box" one would be Windows Defender if you 
don't have to be cross platform. However, I think ESET is more effective - but 
as others said, that's not a high bar.

I should point out, even the "traditional AV" isn't traditional AV anymore - 
ESET isn't just scanning against signatures. They have HIPS as well as behavior 
analysis and the like.

James Pulver
CLASSE Computer Group
Cornell University

On 09/14/2017 12:31 PM, Michael Leone wrote:
We use Kaspersky for our AV needs, and to be honest, it's worked out
well for us. It's certainly caught things that McAfee, our previous AV
solution, didn't. However, they have this slight problem with being a
covert arm of the Russian government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org<http://av-test.org>, that we are 
looking
at. But tell me, who do you have? And - more importantly - if you had
your say in the matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch
of laptops issued to remote users. So far, all Win 7 for workstations,
but obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized
console, to push out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We
have Checkpoint firewalls for managing that sort of traffic.

Thoughts? I know I've heard good things about ESET and Sophos, among
others. Just soliciting some real world opinions, along with our own
research.

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread john.matteson 
It’s ten p.m. Do you really know what your child processes are doing, and, who 
they are talking to?

 

 

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Micheal Espinola Jr
Sent: Friday, September 15, 2017 4:58 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

 

"Playing with my money^h^h^h^h^hopinion is like playing with my emotions, 
Smokey."

 

 

On Sep 15, 2017 8:02 AM, "Erik Goldoff" <egold...@gmail.com 
<mailto:egold...@gmail.com> > wrote:

Disclaimer, I'm biased because I work for Symantec now (NOT in sales), and know 
many of you love to hate  but

 

I was not a fan of early Symantec AV, and would not have come to work for them 
in the SAV days.

I'd give SEP 14 another look, many advanced features, including some exploit 
protection.

 

Couldn't hurt to download a trialware and test for yourself, and if you still 
don't like it, you'll have fact based decisions and not opinions and emotions

 

On Fri, Sep 15, 2017 at 10:34 AM, Michael Leone <oozerd...@gmail.com 
<mailto:oozerd...@gmail.com> > wrote:

On Thu, Sep 14, 2017 at 2:33 PM, Kurt Buff <kurt.b...@gmail.com 
<mailto:kurt.b...@gmail.com> > wrote:
> On Thu, Sep 14, 2017 at 9:31 AM, Michael Leone <oozerd...@gmail.com 
> <mailto:oozerd...@gmail.com> > wrote:
>>
>> We use Kaspersky for our AV needs, and to be honest, it's worked out
>> well for us. It's certainly caught things that McAfee, our previous AV
>> solution, didn't. However, they have this slight problem with being a
>> covert arm of the Russian government, apparently ..
>
> Citation needed. I have not seen anything that supports the idea that
> Kaspersky is an arm of the Russian government.

Tell that to the US government .. LOL

>> So we need to drop them, as the federal agencies are doing.
>
> Is this a requirement by law/regulation for your departement? If not,
> don't drop them, at least not for the reason stated above.

My boss says it's not meeting our needs, and it will be replaced, so
the requirement is for me to obey orders and keep my job. LOL

Listen, I'm happy with Kaspersky, and I would recommend keeping it.
But I have an idea that this is a mandate from farther high up.
Especially seeing as to how we are a state agency, I guess my CIO
doesn't want to spend time explaining to our board of commissioners
why the feds are wrong, and we're keeping Kaspersky when they aren't
...

> We have Eset, and I'd drop them in a heartbeat, if I could. Not
> because it's a bad product of its kind - far from it. It's been fairly
> good.
>
> Instead, I'd go with Applocker, and removing admin privileges - we
> already do patching fairly well.

The order was for AV, since we need to do local workstations and
remote devices. So we will.

Also, no one here (including me) knows Applocker, and there's not a
lot of support here, besides me, for anything OS or AD related ..

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread Raymond Peng 
We currently use Symantec as well as Cylance


Thank you,

Ray

[cid:9FE8CE67-4431-44CD-970D-6A632819929E]
Raymond Peng
Systems Engineer / IT Operations
Direct: 650-577-5399
Email: raymond.p...@wageworks.com<mailto:raymond.p...@wageworks.com>

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Micheal Espinola Jr
Sent: Friday, September 15, 2017 1:58 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

"Playing with my money^h^h^h^h^hopinion is like playing with my emotions, 
Smokey."


On Sep 15, 2017 8:02 AM, "Erik Goldoff" 
<egold...@gmail.com<mailto:egold...@gmail.com>> wrote:
Disclaimer, I'm biased because I work for Symantec now (NOT in sales), and know 
many of you love to hate  but

I was not a fan of early Symantec AV, and would not have come to work for them 
in the SAV days.
I'd give SEP 14 another look, many advanced features, including some exploit 
protection.

Couldn't hurt to download a trialware and test for yourself, and if you still 
don't like it, you'll have fact based decisions and not opinions and emotions

On Fri, Sep 15, 2017 at 10:34 AM, Michael Leone 
<oozerd...@gmail.com<mailto:oozerd...@gmail.com>> wrote:
On Thu, Sep 14, 2017 at 2:33 PM, Kurt Buff 
<kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>> wrote:
> On Thu, Sep 14, 2017 at 9:31 AM, Michael Leone 
> <oozerd...@gmail.com<mailto:oozerd...@gmail.com>> wrote:
>>
>> We use Kaspersky for our AV needs, and to be honest, it's worked out
>> well for us. It's certainly caught things that McAfee, our previous AV
>> solution, didn't. However, they have this slight problem with being a
>> covert arm of the Russian government, apparently ..
>
> Citation needed. I have not seen anything that supports the idea that
> Kaspersky is an arm of the Russian government.

Tell that to the US government .. LOL

>> So we need to drop them, as the federal agencies are doing.
>
> Is this a requirement by law/regulation for your departement? If not,
> don't drop them, at least not for the reason stated above.

My boss says it's not meeting our needs, and it will be replaced, so
the requirement is for me to obey orders and keep my job. LOL

Listen, I'm happy with Kaspersky, and I would recommend keeping it.
But I have an idea that this is a mandate from farther high up.
Especially seeing as to how we are a state agency, I guess my CIO
doesn't want to spend time explaining to our board of commissioners
why the feds are wrong, and we're keeping Kaspersky when they aren't
...

> We have Eset, and I'd drop them in a heartbeat, if I could. Not
> because it's a bad product of its kind - far from it. It's been fairly
> good.
>
> Instead, I'd go with Applocker, and removing admin privileges - we
> already do patching fairly well.

The order was for AV, since we need to do local workstations and
remote devices. So we will.

Also, no one here (including me) knows Applocker, and there's not a
lot of support here, besides me, for anything OS or AD related ..

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread Micheal Espinola Jr 
"Playing with my money^h^h^h^h^hopinion is like playing with my emotions,
Smokey."


On Sep 15, 2017 8:02 AM, "Erik Goldoff"  wrote:

> Disclaimer, I'm biased because I work for Symantec now (NOT in sales), and
> know many of you love to hate  but
>
> I was not a fan of early Symantec AV, and would not have come to work for
> them in the SAV days.
> I'd give SEP 14 another look, many advanced features, including some
> exploit protection.
>
> Couldn't hurt to download a trialware and test for yourself, and if you
> still don't like it, you'll have fact based decisions and not opinions and
> emotions
>
> On Fri, Sep 15, 2017 at 10:34 AM, Michael Leone 
> wrote:
>
>> On Thu, Sep 14, 2017 at 2:33 PM, Kurt Buff  wrote:
>> > On Thu, Sep 14, 2017 at 9:31 AM, Michael Leone 
>> wrote:
>> >>
>> >> We use Kaspersky for our AV needs, and to be honest, it's worked out
>> >> well for us. It's certainly caught things that McAfee, our previous AV
>> >> solution, didn't. However, they have this slight problem with being a
>> >> covert arm of the Russian government, apparently ..
>> >
>> > Citation needed. I have not seen anything that supports the idea that
>> > Kaspersky is an arm of the Russian government.
>>
>> Tell that to the US government .. LOL
>>
>> >> So we need to drop them, as the federal agencies are doing.
>> >
>> > Is this a requirement by law/regulation for your departement? If not,
>> > don't drop them, at least not for the reason stated above.
>>
>> My boss says it's not meeting our needs, and it will be replaced, so
>> the requirement is for me to obey orders and keep my job. LOL
>>
>> Listen, I'm happy with Kaspersky, and I would recommend keeping it.
>> But I have an idea that this is a mandate from farther high up.
>> Especially seeing as to how we are a state agency, I guess my CIO
>> doesn't want to spend time explaining to our board of commissioners
>> why the feds are wrong, and we're keeping Kaspersky when they aren't
>> ...
>>
>> > We have Eset, and I'd drop them in a heartbeat, if I could. Not
>> > because it's a bad product of its kind - far from it. It's been fairly
>> > good.
>> >
>> > Instead, I'd go with Applocker, and removing admin privileges - we
>> > already do patching fairly well.
>>
>> The order was for AV, since we need to do local workstations and
>> remote devices. So we will.
>>
>> Also, no one here (including me) knows Applocker, and there's not a
>> lot of support here, besides me, for anything OS or AD related ..
>>
>>
>>
>

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread Andrew S. Baker 
Take a look at Cylance and WebRoot.

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker *

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Thu, Sep 14, 2017 at 12:31 PM, Michael Leone  wrote:

> We use Kaspersky for our AV needs, and to be honest, it's worked out
> well for us. It's certainly caught things that McAfee, our previous AV
> solution, didn't. However, they have this slight problem with being a
> covert arm of the Russian government, apparently ..
>
> So we need to drop them, as the federal agencies are doing.
>
> There are lots of reviews, such as av-test.org, that we are looking
> at. But tell me, who do you have? And - more importantly - if you had
> your say in the matter, would you keep them?
>
> We're an sort of enterprise level organization, maybe 1K users, bunch
> of laptops issued to remote users. So far, all Win 7 for workstations,
> but obviously that will change in the future. Servers are all Win
> 2008/2012 R2 (so far). So we need something with a centralized
> console, to push out rules, updates, etc.
>
> We use Proofpoint as an email gateway, so it does mail scanning. We
> have Checkpoint firewalls for managing that sort of traffic.
>
> Thoughts?  I know I've heard good things about ESET and Sophos, among
> others. Just soliciting some real world opinions, along with our own
> research.
>
>
>

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread Andrew S. Baker 
Hehe...

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker <https://about.me/Andrew.S.Baker>*

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Fri, Sep 15, 2017 at 11:09 AM, Michael B. Smith <mich...@smithcons.com>
wrote:

> Finland and Russia are side by side. Russia’s #2 city (Saint Petersburg)
> is only about 75 miles from the Finland border.  There are probably as many
> FSB (KGB) agents at F-Secure as there are at Kaspersky. J
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *geoff_taylor geoff_taylor
> *Sent:* Friday, September 15, 2017 9:05 AM
> *To:* ntsysadm
> *Subject:* Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?
>
>
>
> I like the offerings of F-Secure.  They are Finnish so somewhat removed
> from the Kremlin.  Full disclosure, in other lives I sold both McAfee and
> F-Secure products, and I have used a myriad of others, principally Symantec.
>
> gt
>
> -- Original Message --
> From: Eric Wittersheim <eric.wittersh...@gmail.com>
> Date: September 15, 2017 at 8:02 AM
>
> We went from ESET to Sophos. The product is good but their support is not.
> I have had a lot better luck with the Win clients than my Mac clients as
> well. If they could get support fully staffed and trained I would have no
> problems with them.
>
>
>
> On Fri, Sep 15, 2017 at 6:47 AM, James M. Pulver < jmp...@cornell.edu>
> wrote:
>
> I've always liked ESET, and when we dropped Symantec, ESET was quoted to
> be the least expensive of a bunch we looked at. The ERA appliance is great,
> but a self install on Linux was buggy as hell. Glad I moved to the Virtual
> Appliance. Their tech support is B+ in my opinion. Upgraded to an A- as
> they don't run screaming from Linux. Some of the best I've dealt with, the
> main failing is no real route back to devs if there's a bug, but in terms
> of using what's there and being aware of work-arounds - they're among the
> best I've ever interacted with.
>
> They seem to be pretty effective, but then so was Symantec in our
> environment - we don't give out admin, and seem to have enough e-mail
> screening via Office 365 and central IT to really limit ransomware,
> followed by decent user culture of asking before clicking so there's not a
> lot of chances for it to step in. It does kill a few "driveby" unwanted
> applications for us, but we haven't (knock on wood) seen much real malware
> anyway.
>
> So if you have to tick the box for AV, like we do, ESET is a pretty good
> choice IMO. The other obvious "tick the box" one would be Windows Defender
> if you don't have to be cross platform. However, I think ESET is more
> effective - but as others said, that's not a high bar.
>
> I should point out, even the "traditional AV" isn't traditional AV anymore
> - ESET isn't just scanning against signatures. They have HIPS as well as
> behavior analysis and the like.
>
> James Pulver
> CLASSE Computer Group
> Cornell University
>
> On 09/14/2017 12:31 PM, Michael Leone wrote:
>
> We use Kaspersky for our AV needs, and to be honest, it's worked out
> well for us. It's certainly caught things that McAfee, our previous AV
> solution, didn't. However, they have this slight problem with being a
> covert arm of the Russian government, apparently ..
>
> So we need to drop them, as the federal agencies are doing.
>
> There are lots of reviews, such as av-test.org, that we are looking
> at. But tell me, who do you have? And - more importantly - if you had
> your say in the matter, would you keep them?
>
> We're an sort of enterprise level organization, maybe 1K users, bunch
> of laptops issued to remote users. So far, all Win 7 for workstations,
> but obviously that will change in the future. Servers are all Win
> 2008/2012 R2 (so far). So we need something with a centralized
> console, to push out rules, updates, etc.
>
> We use Proofpoint as an email gateway, so it does mail scanning. We
> have Checkpoint firewalls for managing that sort of traffic.
>
> Thoughts? I know I've heard good things about ESET and Sophos, among
> others. Just soliciting some real world opinions, along with our own
> research.
>
>
>
>
>
>
>
>

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread Michael B. Smith 
Finland and Russia are side by side. Russia’s #2 city (Saint Petersburg) is 
only about 75 miles from the Finland border.  There are probably as many FSB 
(KGB) agents at F-Secure as there are at Kaspersky. ☺

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of geoff_taylor geoff_taylor
Sent: Friday, September 15, 2017 9:05 AM
To: ntsysadm
Subject: Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?


I like the offerings of F-Secure.  They are Finnish so somewhat removed from 
the Kremlin.  Full disclosure, in other lives I sold both McAfee and F-Secure 
products, and I have used a myriad of others, principally Symantec.

gt
-- Original Message --
From: Eric Wittersheim 
<eric.wittersh...@gmail.com<mailto:eric.wittersh...@gmail.com>>
Date: September 15, 2017 at 8:02 AM
We went from ESET to Sophos. The product is good but their support is not. I 
have had a lot better luck with the Win clients than my Mac clients as well. If 
they could get support fully staffed and trained I would have no problems with 
them.

On Fri, Sep 15, 2017 at 6:47 AM, James M. Pulver < 
jmp...@cornell.edu<mailto:jmp...@cornell.edu>> wrote:
I've always liked ESET, and when we dropped Symantec, ESET was quoted to be the 
least expensive of a bunch we looked at. The ERA appliance is great, but a self 
install on Linux was buggy as hell. Glad I moved to the Virtual Appliance. 
Their tech support is B+ in my opinion. Upgraded to an A- as they don't run 
screaming from Linux. Some of the best I've dealt with, the main failing is no 
real route back to devs if there's a bug, but in terms of using what's there 
and being aware of work-arounds - they're among the best I've ever interacted 
with.

They seem to be pretty effective, but then so was Symantec in our environment - 
we don't give out admin, and seem to have enough e-mail screening via Office 
365 and central IT to really limit ransomware, followed by decent user culture 
of asking before clicking so there's not a lot of chances for it to step in. It 
does kill a few "driveby" unwanted applications for us, but we haven't (knock 
on wood) seen much real malware anyway.

So if you have to tick the box for AV, like we do, ESET is a pretty good choice 
IMO. The other obvious "tick the box" one would be Windows Defender if you 
don't have to be cross platform. However, I think ESET is more effective - but 
as others said, that's not a high bar.

I should point out, even the "traditional AV" isn't traditional AV anymore - 
ESET isn't just scanning against signatures. They have HIPS as well as behavior 
analysis and the like.

James Pulver
CLASSE Computer Group
Cornell University

On 09/14/2017 12:31 PM, Michael Leone wrote:
We use Kaspersky for our AV needs, and to be honest, it's worked out
well for us. It's certainly caught things that McAfee, our previous AV
solution, didn't. However, they have this slight problem with being a
covert arm of the Russian government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org<http://av-test.org>, that we are 
looking
at. But tell me, who do you have? And - more importantly - if you had
your say in the matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch
of laptops issued to remote users. So far, all Win 7 for workstations,
but obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized
console, to push out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We
have Checkpoint firewalls for managing that sort of traffic.

Thoughts? I know I've heard good things about ESET and Sophos, among
others. Just soliciting some real world opinions, along with our own
research.

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread Heaton, Joseph@Wildlife 
S many political fire-fanning statements could be made here, but I will 
refrain.

Things in the world are getting waaay out of hand these days.

Make business decisions based on business needs, not political brouhaha going 
on.

We use System Center Endpoint Protection here (and now Windows Defender, with 
Server 16 and Win 10).  We use it because it is free, and managed with SCCM.  
It catches stuff, and I'm sure it lets other stuff through.  If I had more 
people and/or more time, I'd most likely look into tightening application 
controls, etc, as has already been recommended here.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, September 14, 2017 11:35 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

But he doesn't say anything is wrong.

It's just another step in the increasing tension between Russia and the USA as 
far as I can see.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: Thursday, September 14, 2017 2:26 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

Looks like the WH's cybersecurity dude announced it.

http://www.businessinsider.com/kaspersky-is-being-banned-across-the-us-government-by-trump-2017-9


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, September 14, 2017 2:18 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

As I've recommended Kaspersky for about a decade now, I'm interested in knowing 
your source. :-)

I know that the USA is less and less happy with Russia... But I've not found 
anything that even seems official...

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Thursday, September 14, 2017 12:32 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

We use Kaspersky for our AV needs, and to be honest, it's worked out well for 
us. It's certainly caught things that McAfee, our previous AV solution, didn't. 
However, they have this slight problem with being a covert arm of the Russian 
government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking at. But 
tell me, who do you have? And - more importantly - if you had your say in the 
matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch of 
laptops issued to remote users. So far, all Win 7 for workstations, but 
obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized console, to push 
out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We have 
Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among others. 
Just soliciting some real world opinions, along with our own research.

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread Erik Goldoff 
Disclaimer, I'm biased because I work for Symantec now (NOT in sales), and
know many of you love to hate  but

I was not a fan of early Symantec AV, and would not have come to work for
them in the SAV days.
I'd give SEP 14 another look, many advanced features, including some
exploit protection.

Couldn't hurt to download a trialware and test for yourself, and if you
still don't like it, you'll have fact based decisions and not opinions and
emotions

On Fri, Sep 15, 2017 at 10:34 AM, Michael Leone  wrote:

> On Thu, Sep 14, 2017 at 2:33 PM, Kurt Buff  wrote:
> > On Thu, Sep 14, 2017 at 9:31 AM, Michael Leone 
> wrote:
> >>
> >> We use Kaspersky for our AV needs, and to be honest, it's worked out
> >> well for us. It's certainly caught things that McAfee, our previous AV
> >> solution, didn't. However, they have this slight problem with being a
> >> covert arm of the Russian government, apparently ..
> >
> > Citation needed. I have not seen anything that supports the idea that
> > Kaspersky is an arm of the Russian government.
>
> Tell that to the US government .. LOL
>
> >> So we need to drop them, as the federal agencies are doing.
> >
> > Is this a requirement by law/regulation for your departement? If not,
> > don't drop them, at least not for the reason stated above.
>
> My boss says it's not meeting our needs, and it will be replaced, so
> the requirement is for me to obey orders and keep my job. LOL
>
> Listen, I'm happy with Kaspersky, and I would recommend keeping it.
> But I have an idea that this is a mandate from farther high up.
> Especially seeing as to how we are a state agency, I guess my CIO
> doesn't want to spend time explaining to our board of commissioners
> why the feds are wrong, and we're keeping Kaspersky when they aren't
> ...
>
> > We have Eset, and I'd drop them in a heartbeat, if I could. Not
> > because it's a bad product of its kind - far from it. It's been fairly
> > good.
> >
> > Instead, I'd go with Applocker, and removing admin privileges - we
> > already do patching fairly well.
>
> The order was for AV, since we need to do local workstations and
> remote devices. So we will.
>
> Also, no one here (including me) knows Applocker, and there's not a
> lot of support here, besides me, for anything OS or AD related ..
>
>
>

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread Kennedy, Jim 
" My boss says it's not meeting our needs"

I respectfully suggest that a well run Applocker policy and no local admin 
rights will meet his needs better than any AV ever will. Haven't had AV here 
for 15 years, other than Defender which I only leave on because it is easier 
than turning it off.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Friday, September 15, 2017 10:34 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

On Thu, Sep 14, 2017 at 2:33 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
> On Thu, Sep 14, 2017 at 9:31 AM, Michael Leone <oozerd...@gmail.com> wrote:
>>
>> We use Kaspersky for our AV needs, and to be honest, it's worked out 
>> well for us. It's certainly caught things that McAfee, our previous 
>> AV solution, didn't. However, they have this slight problem with 
>> being a covert arm of the Russian government, apparently ..
>
> Citation needed. I have not seen anything that supports the idea that 
> Kaspersky is an arm of the Russian government.

Tell that to the US government .. LOL

>> So we need to drop them, as the federal agencies are doing.
>
> Is this a requirement by law/regulation for your departement? If not, 
> don't drop them, at least not for the reason stated above.

My boss says it's not meeting our needs, and it will be replaced, so the 
requirement is for me to obey orders and keep my job. LOL

Listen, I'm happy with Kaspersky, and I would recommend keeping it.
But I have an idea that this is a mandate from farther high up.
Especially seeing as to how we are a state agency, I guess my CIO doesn't want 
to spend time explaining to our board of commissioners why the feds are wrong, 
and we're keeping Kaspersky when they aren't ...

> We have Eset, and I'd drop them in a heartbeat, if I could. Not 
> because it's a bad product of its kind - far from it. It's been fairly 
> good.
>
> Instead, I'd go with Applocker, and removing admin privileges - we 
> already do patching fairly well.

The order was for AV, since we need to do local workstations and remote 
devices. So we will.

Also, no one here (including me) knows Applocker, and there's not a lot of 
support here, besides me, for anything OS or AD related ..

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread Michael Leone 
On Thu, Sep 14, 2017 at 2:33 PM, Kurt Buff  wrote:
> On Thu, Sep 14, 2017 at 9:31 AM, Michael Leone  wrote:
>>
>> We use Kaspersky for our AV needs, and to be honest, it's worked out
>> well for us. It's certainly caught things that McAfee, our previous AV
>> solution, didn't. However, they have this slight problem with being a
>> covert arm of the Russian government, apparently ..
>
> Citation needed. I have not seen anything that supports the idea that
> Kaspersky is an arm of the Russian government.

Tell that to the US government .. LOL

>> So we need to drop them, as the federal agencies are doing.
>
> Is this a requirement by law/regulation for your departement? If not,
> don't drop them, at least not for the reason stated above.

My boss says it's not meeting our needs, and it will be replaced, so
the requirement is for me to obey orders and keep my job. LOL

Listen, I'm happy with Kaspersky, and I would recommend keeping it.
But I have an idea that this is a mandate from farther high up.
Especially seeing as to how we are a state agency, I guess my CIO
doesn't want to spend time explaining to our board of commissioners
why the feds are wrong, and we're keeping Kaspersky when they aren't
...

> We have Eset, and I'd drop them in a heartbeat, if I could. Not
> because it's a bad product of its kind - far from it. It's been fairly
> good.
>
> Instead, I'd go with Applocker, and removing admin privileges - we
> already do patching fairly well.

The order was for AV, since we need to do local workstations and
remote devices. So we will.

Also, no one here (including me) knows Applocker, and there's not a
lot of support here, besides me, for anything OS or AD related ..

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread Micheal Espinola Jr 
+1 for a lateral move of Kaspersky to ESET.  I'm not advocating a switch,
but if forced to, that's what I would do based on personal malware cleanup
experiences.

--
Espi


On Fri, Sep 15, 2017 at 4:47 AM, James M. Pulver  wrote:

> I've always liked ESET, and when we dropped Symantec, ESET was quoted to
> be the least expensive of a bunch we looked at. The ERA appliance is great,
> but a self install on Linux was buggy as hell. Glad I moved to the Virtual
> Appliance. Their tech support is B+ in my opinion. Upgraded to an A- as
> they don't run screaming from Linux. Some of the best I've dealt with, the
> main failing is no real route back to devs if there's a bug, but  in terms
> of using what's there and being aware of work-arounds - they're among the
> best I've ever interacted with.
>
> They seem to be pretty effective, but then so was Symantec in our
> environment - we don't give out admin, and seem to have enough e-mail
> screening via Office 365 and central IT to really limit ransomware,
> followed by decent user culture of asking before clicking so there's not a
> lot of chances for it to step in. It does kill a few "driveby" unwanted
> applications for us, but we haven't (knock on wood) seen much real malware
> anyway.
>
> So if you have to tick the box for AV, like we do, ESET is a pretty good
> choice IMO. The other obvious "tick the box" one would be Windows Defender
> if you don't have to be cross platform. However, I think ESET is more
> effective - but as others said, that's not a high bar.
>
> I should point out, even the "traditional AV" isn't traditional AV anymore
> - ESET isn't just scanning against signatures. They have HIPS as well as
> behavior analysis and the like.
>
> James Pulver
> CLASSE Computer Group
> Cornell University
>
>
> On 09/14/2017 12:31 PM, Michael Leone wrote:
>
>> We use Kaspersky for our AV needs, and to be honest, it's worked out
>> well for us. It's certainly caught things that McAfee, our previous AV
>> solution, didn't. However, they have this slight problem with being a
>> covert arm of the Russian government, apparently ..
>>
>> So we need to drop them, as the federal agencies are doing.
>>
>> There are lots of reviews, such as av-test.org, that we are looking
>> at. But tell me, who do you have? And - more importantly - if you had
>> your say in the matter, would you keep them?
>>
>> We're an sort of enterprise level organization, maybe 1K users, bunch
>> of laptops issued to remote users. So far, all Win 7 for workstations,
>> but obviously that will change in the future. Servers are all Win
>> 2008/2012 R2 (so far). So we need something with a centralized
>> console, to push out rules, updates, etc.
>>
>> We use Proofpoint as an email gateway, so it does mail scanning. We
>> have Checkpoint firewalls for managing that sort of traffic.
>>
>> Thoughts?  I know I've heard good things about ESET and Sophos, among
>> others. Just soliciting some real world opinions, along with our own
>> research.
>>
>>
>>
>
>

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread geoff_taylor geoff_taylor 

 
  I like the offerings of F-Secure.  They are Finnish so somewhat removed from the Kremlin.  Full disclosure, in other lives I sold both McAfee and F-Secure products, and I have used a myriad of others, principally Symantec.
  gt
  
   -- Original Message --
   From: Eric Wittersheim 
   Date: September 15, 2017 at 8:02 AM
   
   
   
We went from ESET to Sophos. The product is good but their support is not. I have had a lot better luck with the Win clients than my Mac clients as well. If they could get support fully staffed and trained I would have no problems with them.
   
   


 On Fri, Sep 15, 2017 at 6:47 AM, James M. Pulver <
 jmp...@cornell.edu> wrote:
 
 
  I've always liked ESET, and when we dropped Symantec, ESET was quoted to be the least expensive of a bunch we looked at. The ERA appliance is great, but a self install on Linux was buggy as hell. Glad I moved to the Virtual Appliance. Their tech support is B+ in my opinion. Upgraded to an A- as they don't run screaming from Linux. Some of the best I've dealt with, the main failing is no real route back to devs if there's a bug, but in terms of using what's there and being aware of work-arounds - they're among the best I've ever interacted with.
   
   They seem to be pretty effective, but then so was Symantec in our environment - we don't give out admin, and seem to have enough e-mail screening via Office 365 and central IT to really limit ransomware, followed by decent user culture of asking before clicking so there's not a lot of chances for it to step in. It does kill a few "driveby" unwanted applications for us, but we haven't (knock on wood) seen much real malware anyway.
   
   So if you have to tick the box for AV, like we do, ESET is a pretty good choice IMO. The other obvious "tick the box" one would be Windows Defender if you don't have to be cross platform. However, I think ESET is more effective - but as others said, that's not a high bar.
   
   I should point out, even the "traditional AV" isn't traditional AV anymore - ESET isn't just scanning against signatures. They have HIPS as well as behavior analysis and the like.
   
   James Pulver
   CLASSE Computer Group
   Cornell University
   
   On 09/14/2017 12:31 PM, Michael Leone wrote:
  
  
   We use Kaspersky for our AV needs, and to be honest, it's worked out
well for us. It's certainly caught things that McAfee, our previous AV
solution, didn't. However, they have this slight problem with being a
covert arm of the Russian government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as 
   av-test.org, that we are looking
at. But tell me, who do you have? And - more importantly - if you had
your say in the matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch
of laptops issued to remote users. So far, all Win 7 for workstations,
but obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized
console, to push out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We
have Checkpoint firewalls for managing that sort of traffic.

Thoughts? I know I've heard good things about ESET and Sophos, among
others. Just soliciting some real world opinions, along with our own
research.


   
  
   
  
 


   
  
   

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread Eric Wittersheim 
We went from ESET to Sophos.  The product is good but their support is
not.  I have had a lot better luck with the Win clients than my Mac clients
as well.  If they could get support fully staffed and trained I would have
no problems with them.

On Fri, Sep 15, 2017 at 6:47 AM, James M. Pulver  wrote:

> I've always liked ESET, and when we dropped Symantec, ESET was quoted to
> be the least expensive of a bunch we looked at. The ERA appliance is great,
> but a self install on Linux was buggy as hell. Glad I moved to the Virtual
> Appliance. Their tech support is B+ in my opinion. Upgraded to an A- as
> they don't run screaming from Linux. Some of the best I've dealt with, the
> main failing is no real route back to devs if there's a bug, but  in terms
> of using what's there and being aware of work-arounds - they're among the
> best I've ever interacted with.
>
> They seem to be pretty effective, but then so was Symantec in our
> environment - we don't give out admin, and seem to have enough e-mail
> screening via Office 365 and central IT to really limit ransomware,
> followed by decent user culture of asking before clicking so there's not a
> lot of chances for it to step in. It does kill a few "driveby" unwanted
> applications for us, but we haven't (knock on wood) seen much real malware
> anyway.
>
> So if you have to tick the box for AV, like we do, ESET is a pretty good
> choice IMO. The other obvious "tick the box" one would be Windows Defender
> if you don't have to be cross platform. However, I think ESET is more
> effective - but as others said, that's not a high bar.
>
> I should point out, even the "traditional AV" isn't traditional AV anymore
> - ESET isn't just scanning against signatures. They have HIPS as well as
> behavior analysis and the like.
>
> James Pulver
> CLASSE Computer Group
> Cornell University
>
> On 09/14/2017 12:31 PM, Michael Leone wrote:
>
>> We use Kaspersky for our AV needs, and to be honest, it's worked out
>> well for us. It's certainly caught things that McAfee, our previous AV
>> solution, didn't. However, they have this slight problem with being a
>> covert arm of the Russian government, apparently ..
>>
>> So we need to drop them, as the federal agencies are doing.
>>
>> There are lots of reviews, such as av-test.org, that we are looking
>> at. But tell me, who do you have? And - more importantly - if you had
>> your say in the matter, would you keep them?
>>
>> We're an sort of enterprise level organization, maybe 1K users, bunch
>> of laptops issued to remote users. So far, all Win 7 for workstations,
>> but obviously that will change in the future. Servers are all Win
>> 2008/2012 R2 (so far). So we need something with a centralized
>> console, to push out rules, updates, etc.
>>
>> We use Proofpoint as an email gateway, so it does mail scanning. We
>> have Checkpoint firewalls for managing that sort of traffic.
>>
>> Thoughts?  I know I've heard good things about ESET and Sophos, among
>> others. Just soliciting some real world opinions, along with our own
>> research.
>>
>>
>>
>
>

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-15 Thread James M. Pulver 
I've always liked ESET, and when we dropped Symantec, ESET was quoted to 
be the least expensive of a bunch we looked at. The ERA appliance is 
great, but a self install on Linux was buggy as hell. Glad I moved to 
the Virtual Appliance. Their tech support is B+ in my opinion. Upgraded 
to an A- as they don't run screaming from Linux. Some of the best I've 
dealt with, the main failing is no real route back to devs if there's a 
bug, but  in terms of using what's there and being aware of work-arounds 
- they're among the best I've ever interacted with.


They seem to be pretty effective, but then so was Symantec in our 
environment - we don't give out admin, and seem to have enough e-mail 
screening via Office 365 and central IT to really limit ransomware, 
followed by decent user culture of asking before clicking so there's not 
a lot of chances for it to step in. It does kill a few "driveby" 
unwanted applications for us, but we haven't (knock on wood) seen much 
real malware anyway.


So if you have to tick the box for AV, like we do, ESET is a pretty good 
choice IMO. The other obvious "tick the box" one would be Windows 
Defender if you don't have to be cross platform. However, I think ESET 
is more effective - but as others said, that's not a high bar.


I should point out, even the "traditional AV" isn't traditional AV 
anymore - ESET isn't just scanning against signatures. They have HIPS as 
well as behavior analysis and the like.


James Pulver
CLASSE Computer Group
Cornell University

On 09/14/2017 12:31 PM, Michael Leone wrote:

We use Kaspersky for our AV needs, and to be honest, it's worked out
well for us. It's certainly caught things that McAfee, our previous AV
solution, didn't. However, they have this slight problem with being a
covert arm of the Russian government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking
at. But tell me, who do you have? And - more importantly - if you had
your say in the matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch
of laptops issued to remote users. So far, all Win 7 for workstations,
but obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized
console, to push out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We
have Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among
others. Just soliciting some real world opinions, along with our own
research.

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-14 Thread Sean Chapman 
I have no issues with Kaspersky and would have no problem keeping it in my 
environment.

That said, I currently use Webroot in ours, which is about 1k users with some 
laptops around the country and world like yours and its ok.  I dont like the 
management of it and its a little buggy at times but I cant argue with MDR.

What im going to be implementing is Carbon Black defense.  Combining AV with 
EDR is really cool and the streaming tech they have to catch non-malware 
breaches is pretty cool.



From: listsad...@lists.myitforum.com  on behalf 
of Michael Leone 
Sent: Thursday, September 14, 2017 11:31 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

We use Kaspersky for our AV needs, and to be honest, it's worked out
well for us. It's certainly caught things that McAfee, our previous AV
solution, didn't. However, they have this slight problem with being a
covert arm of the Russian government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking
at. But tell me, who do you have? And - more importantly - if you had
your say in the matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch
of laptops issued to remote users. So far, all Win 7 for workstations,
but obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized
console, to push out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We
have Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among
others. Just soliciting some real world opinions, along with our own
research.










The information contained in this communication and all accompanying documents 
from Coilcraft may be confidential and/or legally privileged, and is intended 
only for the use of the recipient(s) named above. If you are not the intended 
recipient you are hereby notified that any review, disclosure, copying, 
distribution or the taking of any action in reliance on the contents of this 
transmitted information is strictly prohibited. If you have received this 
communication in error, please return it to the sender immediately and destroy 
the original message or accompanying materials and any copy thereof. If you 
have any questions concerning this message, please contact the sender.

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-14 Thread Webster 
That's because no one has figured how to say "I love you" in Russian. 


Webster

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, September 14, 2017 1:35 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

But he doesn't say anything is wrong.

It's just another step in the increasing tension between Russia and the USA as 
far as I can see.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: Thursday, September 14, 2017 2:26 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

Looks like the WH's cybersecurity dude announced it.

http://www.businessinsider.com/kaspersky-is-being-banned-across-the-us-government-by-trump-2017-9


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, September 14, 2017 2:18 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

As I've recommended Kaspersky for about a decade now, I'm interested in knowing 
your source. :-)

I know that the USA is less and less happy with Russia... But I've not found 
anything that even seems official...

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Thursday, September 14, 2017 12:32 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

We use Kaspersky for our AV needs, and to be honest, it's worked out well for 
us. It's certainly caught things that McAfee, our previous AV solution, didn't. 
However, they have this slight problem with being a covert arm of the Russian 
government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking at. But 
tell me, who do you have? And - more importantly - if you had your say in the 
matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch of 
laptops issued to remote users. So far, all Win 7 for workstations, but 
obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized console, to push 
out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We have 
Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among others. 
Just soliciting some real world opinions, along with our own research.

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-14 Thread Kennedy, Jim 
Ohoh.

Yea, I totally agree with that. The concern seems to be 'a relationship between 
Kaspersky and the Russia Gov.'.

The same of which could be said of many US Tech firms.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, September 14, 2017 2:35 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

But he doesn't say anything is wrong.

It's just another step in the increasing tension between Russia and the USA as 
far as I can see.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: Thursday, September 14, 2017 2:26 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

Looks like the WH's cybersecurity dude announced it.

http://www.businessinsider.com/kaspersky-is-being-banned-across-the-us-government-by-trump-2017-9


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, September 14, 2017 2:18 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

As I've recommended Kaspersky for about a decade now, I'm interested in knowing 
your source. :-)

I know that the USA is less and less happy with Russia... But I've not found 
anything that even seems official...

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Thursday, September 14, 2017 12:32 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

We use Kaspersky for our AV needs, and to be honest, it's worked out well for 
us. It's certainly caught things that McAfee, our previous AV solution, didn't. 
However, they have this slight problem with being a covert arm of the Russian 
government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking at. But 
tell me, who do you have? And - more importantly - if you had your say in the 
matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch of 
laptops issued to remote users. So far, all Win 7 for workstations, but 
obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized console, to push 
out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We have 
Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among others. 
Just soliciting some real world opinions, along with our own research.

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-14 Thread Michael B. Smith 
So we are taking a page from the Russian playbook. As Eugene Kaspersky tweeted 
in response to the DHS directive. “I guess this explains it all “Guilty ‘til 
proven innocent, jailed ‘til you clear your name” Welcome to 21st century.”
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of D R
Sent: Thursday, September 14, 2017 2:30 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

http://www.foxnews.com/tech/2017/09/14/dhs-vs-kaspersky-lab-why-us-government-is-ditching-russian-software-giant.html

On Thu, Sep 14, 2017 at 1:18 PM, Michael B. Smith 
<mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote:
As I've recommended Kaspersky for about a decade now, I'm interested in knowing 
your source. :-)

I know that the USA is less and less happy with Russia... But I've not found 
anything that even seems official...

-Original Message-
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Michael Leone
Sent: Thursday, September 14, 2017 12:32 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

We use Kaspersky for our AV needs, and to be honest, it's worked out well for 
us. It's certainly caught things that McAfee, our previous AV solution, didn't. 
However, they have this slight problem with being a covert arm of the Russian 
government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org<http://av-test.org>, that we are 
looking at. But tell me, who do you have? And - more importantly - if you had 
your say in the matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch of 
laptops issued to remote users. So far, all Win 7 for workstations, but 
obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized console, to push 
out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We have 
Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among others. 
Just soliciting some real world opinions, along with our own research.




--
Daniel Rodriguez
drod...@gmail.com<mailto:drod...@gmail.com>

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-14 Thread Michael B. Smith 
But he doesn't say anything is wrong.

It's just another step in the increasing tension between Russia and the USA as 
far as I can see.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: Thursday, September 14, 2017 2:26 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

Looks like the WH's cybersecurity dude announced it.

http://www.businessinsider.com/kaspersky-is-being-banned-across-the-us-government-by-trump-2017-9


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, September 14, 2017 2:18 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

As I've recommended Kaspersky for about a decade now, I'm interested in knowing 
your source. :-)

I know that the USA is less and less happy with Russia... But I've not found 
anything that even seems official...

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Thursday, September 14, 2017 12:32 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

We use Kaspersky for our AV needs, and to be honest, it's worked out well for 
us. It's certainly caught things that McAfee, our previous AV solution, didn't. 
However, they have this slight problem with being a covert arm of the Russian 
government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking at. But 
tell me, who do you have? And - more importantly - if you had your say in the 
matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch of 
laptops issued to remote users. So far, all Win 7 for workstations, but 
obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized console, to push 
out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We have 
Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among others. 
Just soliciting some real world opinions, along with our own research.

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-14 Thread Kurt Buff 
I believe that's a political decision, not backed by any technical detail.

Kurt

On Thu, Sep 14, 2017 at 11:26 AM, Kennedy, Jim
<kennedy...@elyriaschools.org> wrote:
> Looks like the WH's cybersecurity dude announced it.
>
> http://www.businessinsider.com/kaspersky-is-being-banned-across-the-us-government-by-trump-2017-9
>
>
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Michael B. Smith
> Sent: Thursday, September 14, 2017 2:18 PM
> To: ntsysadm@lists.myitforum.com
> Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?
>
> As I've recommended Kaspersky for about a decade now, I'm interested in 
> knowing your source. :-)
>
> I know that the USA is less and less happy with Russia... But I've not found 
> anything that even seems official...
>
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Michael Leone
> Sent: Thursday, September 14, 2017 12:32 PM
> To: ntsysadm@lists.myitforum.com
> Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?
>
> We use Kaspersky for our AV needs, and to be honest, it's worked out well for 
> us. It's certainly caught things that McAfee, our previous AV solution, 
> didn't. However, they have this slight problem with being a covert arm of the 
> Russian government, apparently ..
>
> So we need to drop them, as the federal agencies are doing.
>
> There are lots of reviews, such as av-test.org, that we are looking at. But 
> tell me, who do you have? And - more importantly - if you had your say in the 
> matter, would you keep them?
>
> We're an sort of enterprise level organization, maybe 1K users, bunch of 
> laptops issued to remote users. So far, all Win 7 for workstations, but 
> obviously that will change in the future. Servers are all Win
> 2008/2012 R2 (so far). So we need something with a centralized console, to 
> push out rules, updates, etc.
>
> We use Proofpoint as an email gateway, so it does mail scanning. We have 
> Checkpoint firewalls for managing that sort of traffic.
>
> Thoughts?  I know I've heard good things about ESET and Sophos, among others. 
> Just soliciting some real world opinions, along with our own research.
>
>

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-14 Thread Kennedy, Jim 
Here we go, DHS announcement.

https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01


-Original Message-
From: Kennedy, Jim 
Sent: Thursday, September 14, 2017 2:26 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

Looks like the WH's cybersecurity dude announced it.

http://www.businessinsider.com/kaspersky-is-being-banned-across-the-us-government-by-trump-2017-9


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, September 14, 2017 2:18 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

As I've recommended Kaspersky for about a decade now, I'm interested in knowing 
your source. :-)

I know that the USA is less and less happy with Russia... But I've not found 
anything that even seems official...

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Thursday, September 14, 2017 12:32 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

We use Kaspersky for our AV needs, and to be honest, it's worked out well for 
us. It's certainly caught things that McAfee, our previous AV solution, didn't. 
However, they have this slight problem with being a covert arm of the Russian 
government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking at. But 
tell me, who do you have? And - more importantly - if you had your say in the 
matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch of 
laptops issued to remote users. So far, all Win 7 for workstations, but 
obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized console, to push 
out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We have 
Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among others. 
Just soliciting some real world opinions, along with our own research.

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-14 Thread Kennedy, Jim 
Looks like the WH's cybersecurity dude announced it.

http://www.businessinsider.com/kaspersky-is-being-banned-across-the-us-government-by-trump-2017-9


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, September 14, 2017 2:18 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

As I've recommended Kaspersky for about a decade now, I'm interested in knowing 
your source. :-)

I know that the USA is less and less happy with Russia... But I've not found 
anything that even seems official...

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Thursday, September 14, 2017 12:32 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

We use Kaspersky for our AV needs, and to be honest, it's worked out well for 
us. It's certainly caught things that McAfee, our previous AV solution, didn't. 
However, they have this slight problem with being a covert arm of the Russian 
government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking at. But 
tell me, who do you have? And - more importantly - if you had your say in the 
matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch of 
laptops issued to remote users. So far, all Win 7 for workstations, but 
obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized console, to push 
out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We have 
Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among others. 
Just soliciting some real world opinions, along with our own research.

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-14 Thread Jon Harris 
Years ago I stopped using Symantec and MacAfee because both were resource hogs, 
missed stuff, and put all kind of shims into the OS making it a rebuild every 
time I had to upgrade them.  Both were pains.  I was happier with ESET but cost 
got too high for management and they wanted to go back to either Symantec or 
MacAfee.  Glad my new job does not require I have to deal with this stuff 
anymore.

Jon

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Gantry Zettler
Sent: Thursday, September 14, 2017 1:34 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

Yep they all suck and they will all disappoint you.  I use Symantec Cloud 
because it's cheap and stays out of the way, catches the random thing but 
nothing to write home about.  


Sophos' Intercept anti-Ransomware tech seems interesting, have a client using 
it but haven't gone in depth.  


On Thu, Sep 14, 2017 at 11:43 AM, James Rankin <ja...@htguk.com> wrote:


Just playing devil's advocate here - are you required by regulation to 
actually use AV?

Because I think it's had its day. App management and other tech are 
arguably so much better, and have much less of a resource footprint.


-Original Message-
From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Michael Leone
Sent: 14 September 2017 17:32
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

We use Kaspersky for our AV needs, and to be honest, it's worked out 
well for us. It's certainly caught things that McAfee, our previous AV 
solution, didn't. However, they have this slight problem with being a covert 
arm of the Russian government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking at. 
But tell me, who do you have? And - more importantly - if you had your say in 
the matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch 
of laptops issued to remote users. So far, all Win 7 for workstations, but 
obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized console, 
to push out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We 
have Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among 
others. Just soliciting some real world opinions, along with our own research.

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-14 Thread Michael B. Smith 
As I've recommended Kaspersky for about a decade now, I'm interested in knowing 
your source. :-)

I know that the USA is less and less happy with Russia... But I've not found 
anything that even seems official...

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Thursday, September 14, 2017 12:32 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

We use Kaspersky for our AV needs, and to be honest, it's worked out well for 
us. It's certainly caught things that McAfee, our previous AV solution, didn't. 
However, they have this slight problem with being a covert arm of the Russian 
government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking at. But 
tell me, who do you have? And - more importantly - if you had your say in the 
matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch of 
laptops issued to remote users. So far, all Win 7 for workstations, but 
obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized console, to push 
out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We have 
Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among others. 
Just soliciting some real world opinions, along with our own research.

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-14 Thread Gantry Zettler 
Yep they all suck and they will all disappoint you.  I use Symantec Cloud
because it's cheap and stays out of the way, catches the random thing but
nothing to write home about.

Sophos' Intercept anti-Ransomware tech seems interesting, have a client
using it but haven't gone in depth.

On Thu, Sep 14, 2017 at 11:43 AM, James Rankin  wrote:

> Just playing devil's advocate here - are you required by regulation to
> actually use AV?
>
> Because I think it's had its day. App management and other tech are
> arguably so much better, and have much less of a resource footprint.
>
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of Michael Leone
> Sent: 14 September 2017 17:32
> To: ntsysadm@lists.myitforum.com
> Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?
>
> We use Kaspersky for our AV needs, and to be honest, it's worked out well
> for us. It's certainly caught things that McAfee, our previous AV solution,
> didn't. However, they have this slight problem with being a covert arm of
> the Russian government, apparently ..
>
> So we need to drop them, as the federal agencies are doing.
>
> There are lots of reviews, such as av-test.org, that we are looking at.
> But tell me, who do you have? And - more importantly - if you had your say
> in the matter, would you keep them?
>
> We're an sort of enterprise level organization, maybe 1K users, bunch of
> laptops issued to remote users. So far, all Win 7 for workstations, but
> obviously that will change in the future. Servers are all Win
> 2008/2012 R2 (so far). So we need something with a centralized console, to
> push out rules, updates, etc.
>
> We use Proofpoint as an email gateway, so it does mail scanning. We have
> Checkpoint firewalls for managing that sort of traffic.
>
> Thoughts?  I know I've heard good things about ESET and Sophos, among
> others. Just soliciting some real world opinions, along with our own
> research.
>
>
>

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-14 Thread James Rankin 
Just playing devil's advocate here - are you required by regulation to actually 
use AV?

Because I think it's had its day. App management and other tech are arguably so 
much better, and have much less of a resource footprint.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: 14 September 2017 17:32
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

We use Kaspersky for our AV needs, and to be honest, it's worked out well for 
us. It's certainly caught things that McAfee, our previous AV solution, didn't. 
However, they have this slight problem with being a covert arm of the Russian 
government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking at. But 
tell me, who do you have? And - more importantly - if you had your say in the 
matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch of 
laptops issued to remote users. So far, all Win 7 for workstations, but 
obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized console, to push 
out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We have 
Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among others. 
Just soliciting some real world opinions, along with our own research.