Your opinions?

  • Thread starter Thread starter Twinkletoes
  • Start date Start date
T

Twinkletoes

I'm interested, what people here think makes a good anti-virus product.
For me (listed in order of importance, 1 being the most important), it
is:

[Home User]
1) - Easy to update
2) - Frequency of updates
3) - Reliabiltiy
4) - Easy to use
5) - Easy to install
6) - Vendor support

[Corporate Users]
1) - Easy to update an entire network
2) - Reliability
3) - Vendor support
4) - Frequency of updates
5) - Ease of initial installation
6) - Ease of use

In practice, the 6 reasons listed in corporate users are far closer than
is shown. I cold probably list their importance as 1, 1.1, 1.2, 1.3
etc...

Just interested,
'Ole Twinkle.
 
In a flash of inspiration, Torti Schlumpf declared :
What does this point imply in your opinion? That an AV scanner detects
as much malware as possible?
Click to expand...

What I meant by reliability was that it didn't crash. Maybe robust
would have been a better word.

Twinkle :)
 
I think your Corporate priorities are off.

You need to consider, centralized; Alerting, Reporting and Logging and finally
configuration management.

A corporate LAN should also consider using a few vendors.
For example; McAfee on workstations, Symantec/Norton on Exchange/Notes email servers and
Trend on border gateways.

Dave

| I'm interested, what people here think makes a good anti-virus product.
| For me (listed in order of importance, 1 being the most important), it
| is:
|
| [Home User]
| 1) - Easy to update
| 2) - Frequency of updates
| 3) - Reliabiltiy
| 4) - Easy to use
| 5) - Easy to install
| 6) - Vendor support
|
| [Corporate Users]
| 1) - Easy to update an entire network
| 2) - Reliability
| 3) - Vendor support
| 4) - Frequency of updates
| 5) - Ease of initial installation
| 6) - Ease of use
|
| In practice, the 6 reasons listed in corporate users are far closer than
| is shown. I cold probably list their importance as 1, 1.1, 1.2, 1.3
| etc...
|
| Just interested,
| 'Ole Twinkle.
|
|
 
Twinkletoes said:
I'm interested, what people here think makes a good anti-virus product.
For me (listed in order of importance, 1 being the most important), it
is:

[Home User]
1) - Easy to update
2) - Frequency of updates
3) - Reliabiltiy
4) - Easy to use
5) - Easy to install
6) - Vendor support

[Corporate Users]
1) - Easy to update an entire network
2) - Reliability
3) - Vendor support
4) - Frequency of updates
5) - Ease of initial installation
6) - Ease of use

In practice, the 6 reasons listed in corporate users are far closer than
is shown. I cold probably list their importance as 1, 1.1, 1.2, 1.3
etc...

Just interested,
'Ole Twinkle.
Click to expand...
Since probably almost all corporate users are also home users, I suspect the
rankings are more similar than you think.
 
David H. Lipman said:
A corporate LAN should also consider using a few vendors.
For example; McAfee on workstations, Symantec/Norton on Exchange/Notes email servers and
Trend on border gateways.
Click to expand...
Is the cost of doing that versus using one vendor neutral?
 
Twinkletoes said:
What I meant by reliability was that it didn't crash. Maybe robust
would have been a better word.
Click to expand...

Well, so you forgot the most important point:

An AV scanner should detect as much malware as possible. Therefor,
quality of the scanengine and the signatures is very important.
 
Twinkletoes said:
What I meant by reliability was that it didn't crash. Maybe robust
would have been a better word.
Click to expand...

Well, so you forgot the most important point:

An AV scanner should detect as much malware as possible. Therefor,
quality of the scanengine and the signatures is very important.
 
Well, so you forgot the most important point:

An AV scanner should detect as much malware as possible. Therefor,
quality of the scanengine and the signatures is very important.
Click to expand...

Yes but if that scanner causes systems to fail it's pretty much useless.

--
Cheers-

Jeff Setaro
(e-mail address removed)
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
 
Jeffrey said:
Yes but if that scanner causes systems to fail it's pretty much useless.
Click to expand...

Well, but every software may cause conflicts with anonter one, e.g.
depending on configuration or up-to-dateness, too. So it's very
important to install and use just software you really need.
 
Twinkletoes said:
I'm interested, what people here think makes a good anti-virus product.
[Home User]
1) - Easy to update
Click to expand...

Less important than:
1.) Quality of scanengine and AV signatures (-> very good detection of
malware)
2) - Frequency of updates
Click to expand...

ACK. Daily updates shuold become standard concerning every AV software.
3) - Reliabiltiy
Click to expand...

Of course, if an AV program is responsable e.g. for system crashes, you
can't use it. The less deep an AV programm is involved in the orperating
system, the more improbable conflicts will be.
4) - Easy to use
Click to expand...

Comparatively unimportant. Reading the manual will help.
5) - Easy to install
Click to expand...

Comparatively unimportant, too. Two or three mouse clicks more or less
don't make any important difference.
6) - Vendor support
Click to expand...

Should be placed at 3.).
 
I'm interested, what people here think makes a good anti-virus product.
For me (listed in order of importance, 1 being the most important), it
is:

[Home User]
1) - Easy to update
2) - Frequency of updates
3) - Reliabiltiy
4) - Easy to use
5) - Easy to install
6) - Vendor support

[Corporate Users]
1) - Easy to update an entire network
2) - Reliability
3) - Vendor support
4) - Frequency of updates
5) - Ease of initial installation
6) - Ease of use

In practice, the 6 reasons listed in corporate users are far closer than
is shown. I cold probably list their importance as 1, 1.1, 1.2, 1.3
etc...
Click to expand...

As discussed/debated recently on acv, you also have preferences
between av scanners that attempt to detect and handle all kinds of
malware as opposed to those which (at least seem to) focus mainly on
ITW viruses (including worms). Some av products now include detection
for controversial-ware of various kinds .... categories which are
difficult to define .... though they could roughly be thrown into the
broad and nebulous term "Trojan". Some of what is often considered
spyware are included in detection as well.

Since at least some of these "detect everything" scanners may well bog
down a PC when the realtime monitor is active, scan speed (and under
which conditions or settings) has become a _very_ important factor for
many users.

So at least throw scan speed into your list.


Art
http://www.epix.net/~artnpeg
 
To sum it up in a single word "SIMPLICITY". Simplicity is:

Small footprint requiring minimal resources.
Minimal "Bells & Whistles" (just the bare essentials)
Non-invasive and easily disabled temporarily.
Easily configurable with minimal options to confuse users.

If the above criteria are met, what else really matters.
******************* REPLY SEPARATER ********************
 
Twinkletoes said:
I'm interested, what people here think makes a good anti-virus product.
For me (listed in order of importance, 1 being the most important), it
is:

[Home User]
1) - Easy to update
2) - Frequency of updates
3) - Reliabiltiy
4) - Easy to use
5) - Easy to install
6) - Vendor support
Click to expand...

A bare bones virus detector coupled with strict adherence
to safe computing practices negates most of what people
think is important in an AV. Most of the above list is really
catering to the inherent laziness of users. You need an on
demand scanner that reliably detects those viruses that are
known to it.

(1) How hard is it, really, to manually download a new
definitions set prior to running an on demand scan on files
you have been placing in a directory of downloaded and
not yet scanned files?

(2) The frequency doesn't really matter just as long as the
period is shorter than the time in which you are willing to
let unscanned files wait in the wings. If you absolutely have
to run this particular executable that you just downloaded
today ~ today, you are eventually going to get screwed
anyway by being the first one on your block to get a copy
of the new stuff. To possibly mitigate this day zero effect
you would have to give any newly obtained file a "cooling
off" period greater that the average lag time between the
unleashing of the virus, and the availability of the definition.
So, that lag time, would set your minimum period, and hence
your update frequency (with the period set as a phase delay
for the "cooling off").

(3) Reliable? ~ of course, if it isn't fairly reliable then it's
fairly useless.

(4) Easy usually means "does everything for me so that
I don't have to take a part in the administration of my
own machine". Sure, if you're already resigned to the fact
that you must have "bells and whistles" and a GUI with
pretty colors, and options to automatically unzip files
nested five layers deep and MIME encoded in an e-mail,
then *yes* it would be nice if all of these *must have*
features configureable in an easy to use intuitive interface.

(5) A nice on demand scanner really doesn't need to
install ~ what could be easier than that?

(6) Support is indeed the name of the game.
[Corporate Users]
Click to expand...

This is a whole 'nuther ball game. You really can't expect the
end users to have a clue even if you were to inject them with
it.

There should be some IT professionals here to help with
opinions on that score.
 
Torti said:
Well, so you forgot the most important point:

An AV scanner should detect as much malware as possible. Therefor,
quality of the scanengine and the signatures is very important.
Click to expand...

Easy man, I'm not saying anything that I think is right, I just want to
gather opinion and thought I would get the ball rolling.

Twinkle :)
 
Twinkletoes said:
Easy man, I'm not saying anything that I think is right, I just want to
gather opinion and thought I would get the ball rolling.
Click to expand...

Well, and I just wanted to point out what is - in my opinion - very
important. Anything else. :-)

By the way: Much more important is to know that new malware will perhaps
not be detected by any AV scanner - so everybody has to be careful
handling executable files, e.g. in eMails.

Bugbear.b (alias Tanatos.b) e.g. was just detected by NOD32 V. 2.0
without new signatures (cause of "Advanced Heutristic" for IMON, NOD's
eMail scanner). Every other AV program needed to have new signatures
while the worm was already spreading.

So strong heuristics might be another important point...
 
optikl said:
Is the cost of doing that versus using one vendor neutral?
Click to expand...


Nah it works out a lot more.

Maybe the same in licensing (depending on how things are licensed), but
add in:

1) training
2) having to manage multiple configs
3) maintain seperate sigs and keep up to date/manage various detections.

Still if that policy saves your company from being infected with a new
worm/virus ... how much is that worth?
 
Torti said:
Well, but every software may cause conflicts with anonter one, e.g.
depending on configuration or up-to-dateness, too. So it's very
important to install and use just software you really need.
Click to expand...

But users already think they do that. If their antivirus software refuses to
work with half the stuff they want to try then its going to be uninstalled.

Its a sad state of affairs when someone spends a lot of money on a computer
then can't use it the way they want due to poorly written AV software or
overly zealous AV software configuration.

Rob Moir
 
Back
Top