How to choose an AV?

mikedisd2

I need to recommend an AV for the new AD domain we're building. From the CUA, it's a choice of Trend Micro and McAfee. How do you build a case for a preference? All my knowledge of AV's is anecdotal and we all know that no single package will detect all viruses.

Given the choice, anyone have any solid reasons for picking one over the other? I've worked with TM and I think McAfee is crap, but I guess that's not a solid reason.

dynamik

Trend wouldn't be my first choice, but I'd prefer it to McAfee. Go with your gut!

I'd review this: AV-Comparatives - Independent Tests of Anti-Virus Software - Welcome to AV-Comparatives.org and go with things like how you see it affecting performance and ease of management.

mikedisd2

Likewise, I never really enjoyed configuring TM. I've also seen what it misses.

Thanks for the link.

RobertKaucher

Huh... In 7 years of consumer and enterprise IT support I have never seen a system with TM that was current in version and up-to-date in its defs ever be compromised. It is what I use at home and at work.

I'm not saying it does not happen... Just have not seen it. I would say 80% of the infected systems I fix that have an active AV are McAfee, 10% are Norton/Symantec and the rest are other misc off-brands.

Dynamik, why is that your opinion?

Hyper-Me

Panda was terrible at my previous employer and my current one we use Symantec Endpoint and its just about terrible too.

I'm putting my bet on the new Forefront.

Although you are right that there is no silver bullet AV.

mikedisd2

RobertKaucher wrote: »

Huh... In 7 years of consumer and enterprise IT support I have never seen a system with TM that was current in version and up-to-date in its defs ever be compromised. It is what I use at home and at work.

I'm not saying it does not happen... Just have not seen it. I would say 80% of the infected systems I fix that have an active AV are McAfee, 10% are Norton/Symantec and the rest are other misc off-brands.

Yeah, We've had it miss a few infections that other AVs have picked up. I'd call it a good product, but I really didn't enjoy the administrative side of it.

Looking through the ratings of McAffee on the AV-Comparatives - Independent Tests of Anti-Virus Software - Welcome to AV-Comparatives.org site, I don't TM will be a hard sell. McAffee has high false positives, high false alarms, average scanning speed...

dynamik

It's not that I really like TM, I just dislike McAfee and Symantec. I actually just worked with a respectably-sized financial institution that was using TM, and they liked it and had it up-to-date. Depends on the admin as well I suppose. I'm an ESET/Kaspersky guy myself.

arwes

I can't recommend anything, but I can sure recommend against Symantec Endpoint Protection. I've got an administrator scan scheduled every day at noon. My workstation and most others will finish within an hour. I've got about 10 workstations that take anywhere from 3-5 hours to finish scanning. Tech support has been useless, so I'm going to test out Forefront soon to see how it goes.

SrSysAdmin

I'm not familiar with Forefront. What is supposed to be better about that than its competition?

Hyper-Me

JrSysAdmin wrote: »

I'm not familiar with Forefront. What is supposed to be better about that than its competition?

The way I understand it the new forefront (Sterling) is based on Microsoft Security Essentials. Which is taking the consumer AV market by storm. Its being given very high ratings.

MSE is the ONLY AV ive ever seen that properly detects the "antivirus 2009/2010" virus before the thing gets all over the machine. It detects the "seed" right when its downloaded and cleans it immediately.

SrSysAdmin

Hyper-Me wrote: »

The way I understand it the new forefront (Sterling) is based on Microsoft Security Essentials. Which is taking the consumer AV market by storm. Its being given very high ratings.

MSE is the ONLY AV ive ever seen that properly detects the "antivirus 2009/2010" virus before the thing gets all over the machine. It detects the "seed" right when its downloaded and cleans it immediately.

Yeah, I like MSE a lot. I have started using it on all of my home boxes and recommending it to others as well.

I look forward to messing around with Forefront...I might see about setting up a test network here in the office to give it a spin.

HeroPsycho

JrSysAdmin wrote: »

I'm not familiar with Forefront. What is supposed to be better about that than its competition?

It can run with multiple independent AV engines of your choice if desired. The way those engines interface is through Forefront, which is good. No goofy rootkits or any of that kind of nonsense, it's done the right way, which causes less problems.

Forefront IMO is the best out there not taking price into consideration IMO. It's just more expensive than others, which is often why people choose other solutions.

SrSysAdmin

HeroPsycho wrote: »

It can run with multiple independent AV engines of your choice if desired. The way those engines interface is through Forefront, which is good. No goofy rootkits or any of that kind of nonsense, it's done the right way, which causes less problems.

Forefront IMO is the best out there not taking price into consideration IMO. It's just more expensive than others, which is often why people choose other solutions.

I'll look into the pricing. How does it compare price wise to Symantec Endpoint? That's what we're currently using and our contract up is in a few months.

rsutton

We are using Trend Micro worry free and we get viruses all the time. It also kills our older systems (<2 ghz proc). Mcaffe was the same story, and even worse on resources. There are lots of better AV engines out there, most from small companies. Do some research on NOD32 & Kaspersky. They have better detection rates and use less resources than the aforementioned swine.

Xargon61

We use Sophos AV for our enterprise clients and have been quite satisfied with the results. Of course, no AV solution is completely foolproof, but it has detected and removed virtually everything we've encountered thus far.

HeroPsycho

JrSysAdmin wrote: »

I'll look into the pricing. How does it compare price wise to Symantec Endpoint? That's what we're currently using and our contract up is in a few months.

It was I want to say between 1-2 times the cost of SEP per seat last I priced it, but it all depends what licensing agreements you have, yada yada yada...

Hyper-Me

I have zero faith in endpoint. Also it doesnt look right when our customers ask "Why did we pay XYZ$ for antivirus if its not catching this or that virus?"

RobertKaucher

Hyper-Me wrote: »

I have zero faith in endpoint. Also it doesnt look right when our customers ask "Why did we pay XYZ$ for antivirus if its not catching this or that virus?"

You know Symantec's new slogan, right?

"EndPoint Protection: Because we suck less than McAfee."

My first exposure to to EndPoint was when it first came out. We had put new wireless APs in the building to allow the techs and sales team to roam the building and still get network access. Once we installed End Point it all went south as the firewall had incompatabilities with wireless networking.

2007 and your RTM does not have perfect support for wireless networking? And then there were the typical issues trying to uninstall it... Loved it when the driver for the firewall would stay on the network stack and the computer would get no access to the network after uninstall.

One thing I can say about AV systems: they all suck in some way. Anytime something has to be that intrusive in the system, there are bound to be issues.

RobertKaucher

dynamik wrote: »

It's not that I really like TM, I just dislike McAfee and Symantec. I actually just worked with a respectably-sized financial institution that was using TM, and they liked it and had it up-to-date. Depends on the admin as well I suppose. I'm an ESET/Kaspersky guy myself.

Most of my friends love Kaspersky. The only issue I have encountered is it will not allow incoming connections to RDP even when the port is maually opened, blocks it on the service level. At least that is the case with the consumer version of the product.

HeroPsycho

Hyper-Me wrote: »

I have zero faith in endpoint. Also it doesnt look right when our customers ask "Why did we pay XYZ$ for antivirus if its not catching this or that virus?"

Honestly, SEP was competitive in viral detection in my experience. It blew chunks in bogging down machines and causing miscellaneous problems.

mikedisd2

rsutton wrote: »

We are using Trend Micro worry free and we get viruses all the time. It also kills our older systems (<2 ghz proc). Mcaffe was the same story, and even worse on resources. There are lots of better AV engines out there, most from small companies. Do some research on NOD32 & Kaspersky. They have better detection rates and use less resources than the aforementioned swine.

Wish I could; but them's the choices. It's government so we have a CUA to conform to.