How to choose an AV?

mikedisd2mikedisd2 Member Posts: 1,096 ■■■■■□□□□□
I need to recommend an AV for the new AD domain we're building. From the CUA, it's a choice of Trend Micro and McAfee. How do you build a case for a preference? All my knowledge of AV's is anecdotal and we all know that no single package will detect all viruses.

Given the choice, anyone have any solid reasons for picking one over the other? I've worked with TM and I think McAfee is crap, but I guess that's not a solid reason.icon_smile.gif

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Trend wouldn't be my first choice, but I'd prefer it to McAfee. Go with your gut!

    I'd review this: AV-Comparatives - Independent Tests of Anti-Virus Software - Welcome to AV-Comparatives.org and go with things like how you see it affecting performance and ease of management.
  • mikedisd2mikedisd2 Member Posts: 1,096 ■■■■■□□□□□
    Likewise, I never really enjoyed configuring TM. I've also seen what it misses.

    Thanks for the link.
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Huh... In 7 years of consumer and enterprise IT support I have never seen a system with TM that was current in version and up-to-date in its defs ever be compromised. It is what I use at home and at work.

    I'm not saying it does not happen... Just have not seen it. I would say 80% of the infected systems I fix that have an active AV are McAfee, 10% are Norton/Symantec and the rest are other misc off-brands.

    Dynamik, why is that your opinion?
  • Hyper-MeHyper-Me Banned Posts: 2,059
    Panda was terrible at my previous employer and my current one we use Symantec Endpoint and its just about terrible too.

    I'm putting my bet on the new Forefront.

    Although you are right that there is no silver bullet AV.
  • mikedisd2mikedisd2 Member Posts: 1,096 ■■■■■□□□□□
    Huh... In 7 years of consumer and enterprise IT support I have never seen a system with TM that was current in version and up-to-date in its defs ever be compromised. It is what I use at home and at work.

    I'm not saying it does not happen... Just have not seen it. I would say 80% of the infected systems I fix that have an active AV are McAfee, 10% are Norton/Symantec and the rest are other misc off-brands.

    Yeah, We've had it miss a few infections that other AVs have picked up. I'd call it a good product, but I really didn't enjoy the administrative side of it.

    Looking through the ratings of McAffee on the AV-Comparatives - Independent Tests of Anti-Virus Software - Welcome to AV-Comparatives.org site, I don't TM will be a hard sell. McAffee has high false positives, high false alarms, average scanning speed...
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    It's not that I really like TM, I just dislike McAfee and Symantec. I actually just worked with a respectably-sized financial institution that was using TM, and they liked it and had it up-to-date. Depends on the admin as well I suppose. I'm an ESET/Kaspersky guy myself.
  • arwesarwes Member Posts: 633 ■■■□□□□□□□
    I can't recommend anything, but I can sure recommend against Symantec Endpoint Protection. I've got an administrator scan scheduled every day at noon. My workstation and most others will finish within an hour. I've got about 10 workstations that take anywhere from 3-5 hours to finish scanning. Tech support has been useless, so I'm going to test out Forefront soon to see how it goes.
    [size=-2]Started WGU - BS IT:NDM on 1/1/13, finished 12/31/14
    Working on: Waiting on the mailman to bring me a diploma
    What's left: Graduation![/size]
  • SrSysAdminSrSysAdmin Member Posts: 259
    I'm not familiar with Forefront. What is supposed to be better about that than its competition?
    Current Certifications:

    * B.S. in Business Management
    * Sec+ 2008
    * MCSA

    Currently Studying for:
    * 70-293 Maintaining a Server 2003 Network

    Future Plans:

    * 70-294 Planning a Server 2003 AD
    * 70-297 Designing a Server 2003 AD
    * 70-647 Server 2008
    * 70-649 MCSE to MCITP:EA
  • Hyper-MeHyper-Me Banned Posts: 2,059
    JrSysAdmin wrote: »
    I'm not familiar with Forefront. What is supposed to be better about that than its competition?

    The way I understand it the new forefront (Sterling) is based on Microsoft Security Essentials. Which is taking the consumer AV market by storm. Its being given very high ratings.

    MSE is the ONLY AV ive ever seen that properly detects the "antivirus 2009/2010" virus before the thing gets all over the machine. It detects the "seed" right when its downloaded and cleans it immediately.
  • SrSysAdminSrSysAdmin Member Posts: 259
    Hyper-Me wrote: »
    The way I understand it the new forefront (Sterling) is based on Microsoft Security Essentials. Which is taking the consumer AV market by storm. Its being given very high ratings.

    MSE is the ONLY AV ive ever seen that properly detects the "antivirus 2009/2010" virus before the thing gets all over the machine. It detects the "seed" right when its downloaded and cleans it immediately.


    Yeah, I like MSE a lot. I have started using it on all of my home boxes and recommending it to others as well.

    I look forward to messing around with Forefront...I might see about setting up a test network here in the office to give it a spin.
    Current Certifications:

    * B.S. in Business Management
    * Sec+ 2008
    * MCSA

    Currently Studying for:
    * 70-293 Maintaining a Server 2003 Network

    Future Plans:

    * 70-294 Planning a Server 2003 AD
    * 70-297 Designing a Server 2003 AD
    * 70-647 Server 2008
    * 70-649 MCSE to MCITP:EA
  • HeroPsychoHeroPsycho Inactive Imported Users Posts: 1,940
    JrSysAdmin wrote: »
    I'm not familiar with Forefront. What is supposed to be better about that than its competition?

    It can run with multiple independent AV engines of your choice if desired. The way those engines interface is through Forefront, which is good. No goofy rootkits or any of that kind of nonsense, it's done the right way, which causes less problems.

    Forefront IMO is the best out there not taking price into consideration IMO. It's just more expensive than others, which is often why people choose other solutions.
    Good luck to all!
  • SrSysAdminSrSysAdmin Member Posts: 259
    HeroPsycho wrote: »
    It can run with multiple independent AV engines of your choice if desired. The way those engines interface is through Forefront, which is good. No goofy rootkits or any of that kind of nonsense, it's done the right way, which causes less problems.

    Forefront IMO is the best out there not taking price into consideration IMO. It's just more expensive than others, which is often why people choose other solutions.


    I'll look into the pricing. How does it compare price wise to Symantec Endpoint? That's what we're currently using and our contract up is in a few months.
    Current Certifications:

    * B.S. in Business Management
    * Sec+ 2008
    * MCSA

    Currently Studying for:
    * 70-293 Maintaining a Server 2003 Network

    Future Plans:

    * 70-294 Planning a Server 2003 AD
    * 70-297 Designing a Server 2003 AD
    * 70-647 Server 2008
    * 70-649 MCSE to MCITP:EA
  • rsuttonrsutton Member Posts: 1,029 ■■■■■□□□□□
    We are using Trend Micro worry free and we get viruses all the time. It also kills our older systems (<2 ghz proc). Mcaffe was the same story, and even worse on resources. There are lots of better AV engines out there, most from small companies. Do some research on NOD32 & Kaspersky. They have better detection rates and use less resources than the aforementioned swine.
  • Xargon61Xargon61 Member Posts: 26 ■■■□□□□□□□
    We use Sophos AV for our enterprise clients and have been quite satisfied with the results. Of course, no AV solution is completely foolproof, but it has detected and removed virtually everything we've encountered thus far.
  • HeroPsychoHeroPsycho Inactive Imported Users Posts: 1,940
    JrSysAdmin wrote: »
    I'll look into the pricing. How does it compare price wise to Symantec Endpoint? That's what we're currently using and our contract up is in a few months.

    It was I want to say between 1-2 times the cost of SEP per seat last I priced it, but it all depends what licensing agreements you have, yada yada yada...
    Good luck to all!
  • Hyper-MeHyper-Me Banned Posts: 2,059
    I have zero faith in endpoint. Also it doesnt look right when our customers ask "Why did we pay XYZ$ for antivirus if its not catching this or that virus?"

    ncool.gif
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Hyper-Me wrote: »
    I have zero faith in endpoint. Also it doesnt look right when our customers ask "Why did we pay XYZ$ for antivirus if its not catching this or that virus?"

    ncool.gif

    You know Symantec's new slogan, right?

    "EndPoint Protection: Because we suck less than McAfee."

    My first exposure to to EndPoint was when it first came out. We had put new wireless APs in the building to allow the techs and sales team to roam the building and still get network access. Once we installed End Point it all went south as the firewall had incompatabilities with wireless networking.

    2007 and your RTM does not have perfect support for wireless networking? And then there were the typical issues trying to uninstall it... Loved it when the driver for the firewall would stay on the network stack and the computer would get no access to the network after uninstall.

    One thing I can say about AV systems: they all suck in some way. Anytime something has to be that intrusive in the system, there are bound to be issues.
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    dynamik wrote: »
    It's not that I really like TM, I just dislike McAfee and Symantec. I actually just worked with a respectably-sized financial institution that was using TM, and they liked it and had it up-to-date. Depends on the admin as well I suppose. I'm an ESET/Kaspersky guy myself.

    Most of my friends love Kaspersky. The only issue I have encountered is it will not allow incoming connections to RDP even when the port is maually opened, blocks it on the service level. At least that is the case with the consumer version of the product.
  • HeroPsychoHeroPsycho Inactive Imported Users Posts: 1,940
    Hyper-Me wrote: »
    I have zero faith in endpoint. Also it doesnt look right when our customers ask "Why did we pay XYZ$ for antivirus if its not catching this or that virus?"

    ncool.gif

    Honestly, SEP was competitive in viral detection in my experience. It blew chunks in bogging down machines and causing miscellaneous problems.
    Good luck to all!
  • mikedisd2mikedisd2 Member Posts: 1,096 ■■■■■□□□□□
    rsutton wrote: »
    We are using Trend Micro worry free and we get viruses all the time. It also kills our older systems (<2 ghz proc). Mcaffe was the same story, and even worse on resources. There are lots of better AV engines out there, most from small companies. Do some research on NOD32 & Kaspersky. They have better detection rates and use less resources than the aforementioned swine.

    Wish I could; but them's the choices. It's government so we have a CUA to conform to.
Sign In or Register to comment.