[Casper] Mac anti-virus thoughts

NATHANIEL.LINDLEY at spps.org NATHANIEL.LINDLEY at spps.org
Thu Nov 1 03:31:03 PDT 2007 

Disclaimer, I'm not  the Sophos expert in our district, but I'm trying to
learn more.

Here is what I know about Sophos on our computers in Saint Paul Schools.
-It sucks on a Mac with less than 512 MB RAM.  The on-access scanning
(which scans files as the are added or modified) called Intercheck, really
slows down the Finder.  More than 512 MB Ram and a recent CPU, no problem.
-It doesn't have a scheduled scanning feature built in to the very sparse
GUI.  However, the Unix command "sweep" can be setup with variables and run
as a cron job.  We are working to test this on a couple Mac OS X servers
(to run at night) and on some clients that use mobile home directories.
-Composer packages that I make never seem to include the latest definition
updates.  Not sure why, but after an install, we always need to run the
update right away and that works, but is anoying if you need to download 40
MB of definitions and updates.
-I have come accross Macs that have Microsoft Word Macro viruses and Sophos
cleans them easily.  The only way we find out though is that someone tries
to send an infected .doc from their Mac to someone else via email and our
seperate email anti-virus catches the infected file and cleans it.  This
gives the recepient a blank file.  So then we go back to the sender and run
a scan and cleans them up.  No biggie.
-Sophos seems to work pretty well on the Windows machines, when configured
correctly.  I have had some problems removing some of the malware that gets
buried on PCs, but we are still using the older Enterprise console and SAV
6 --not the latest.   We are going to be upgrading this year.

I have no idea what we payed for Sophos, but I bet it was a lot.   We also
have nearly 16,000 desktops (Windows, OS X, OS 9).


Nathaniel Lindley

++++++++++++++++++
Learning Systems Specialist
Educational Technology
Saint Paul Public Schools
Saint Paul, Minnesota
nathaniel.lindley at spps.org
phone:  651-603-4929


                                                                           
             "mcorippo"                                                    
             <mcorippo at lblp.co                                             
             m>                                                         To 
             Sent by:                  "Casper List"                       
             casper-bounces at li         <Casper at list.jamfsoftware.com>      
             st.jamfsoftware.c                                          cc 
             om                                                            
                                                                   Subject 
                                       Re: [Casper] Mac anti-virus         
             11/01/07 02:14 AM         thoughts                            
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




I can second the Sophos recommendation.  Been using it for a few years and
it has been good.  I have a couple minor gripes about some of the prefs on
the client being a bit unclear, but it has been working
seamlessly on a myriad of Mac models with no real problems or downsides for
us since early in 10.3 all the way up to 10.4.10.  We have never had any
issues while installing software or images with Casper (or
in any other situations).  It just doesn't get in the way for us.

The Sophos enterprise console was recently updated to v.3 and it is a real
help in a mixed platform environment.  They have added adware/spyware
protection too, plus other goodies that can really make Win
security fairly painless.

Last I looked, clamav would detect virruses, but has no repair
functionality, and it used to be dog slow.  Has it been updated or improved
recently?

One thing to consider is that if the Macs in question or normally run from
managed(non-admin) accounts, they are pretty safe.  Take the [
http://www.macworld.com/2007/10/firstlooks/trojanhorse/index.php
]latest Trojan for example.  No admin access, no real threat.  Sophos (or
perhaps Intego?) can still add a secondary  level of protection.

Thanks,
Matt Corippo
Lindamood-Bell Learning Processes
IT Dept.



"Ernst, Craig S." <ERNSTCS at uwec.edu> on October 31, 2007 at 7:45 PM -0700
wrote:
>Hi Jeff,
>
>We've been running for quite some time now without any AV software, and to
my knowledge have not run into anything as of yet. However, that doesn't
mean we haven't been looking for a good solution. Macs can
>still pass along Windows based viruses in files, or if you have classic
environments, they are still vulnerable.
>
>I know that Nathaniel, and the fine folks over at Saint Paul Public
Schools in Minnesota, were running Sophos, and that's a lot of machines
they run. Sophos appears to have some of the best options for
>centralized management and deployment. I started to work with them to get
a demo setup going, but ran out of time. Sophos will be very enthusiastic
about getting you setup with a test and getting any help you
>need to do so.
>
>Other products that in general have had good reviews, ClamXAV ([
http://www.clamxav.com). ]http://www.clamxav.com). It's free, but I think
it has some drawbacks, too.
>
>I haven't had a chance to look at Intego Virus Barrier. Symantec just
gives me the chills thinking about it.
>
>With the release of Leopard does this change what's necessary here, again?
There are reviews out there, but it's sometimes hard to find those that
aren't out of date and truly are geared towards the Mac. Many
>things I read..."What's the best antivirus program? Mac OS X!" I also see
the "there hasn't been a 'virus' reported for Mac OS X in over 6 years so I
don't run anything."
>
>Now what should worry about you is stuff like this article talks about,
stopping people from getting in, preventing intrusion:
>[ http://www.heise-security.co.uk/articles/print/98120
]http://www.heise-security.co.uk/articles/print/98120
>
>I think I helped? I'm not really sure...
>
>Craig Ernst
>Systems Management & Configuration
>+-------------------+
>University of Wisconsin-Eau Claire
>Learning and Technology Services
>105 Garfield Ave
>Eau Claire, WI 54701
>Phone: (715) 836-3639
>Fax: (715) 836-6001
>+-------------------+
>ernstcs at uwec.edu
>
>
>
>On 10/31/07 6:46 PM, "Jeff Johnson" <jeff.johnson at glendale.k12.wi.us>
wrote:
>
>
>
>I'd appreciate anti-virus recommendations from those of you deploy an AV
>package in your environment as well as hearing any reasons why you don't
>run one. We're about 99% Macs (mostly 10.4, a few 10.3 clients) and have
>all Mac servers (all OS X).
>
>Thanks in advance,
>
>Jeff Johnson
>Technology Coordinator
>Glendale-River Hills School District
>2600 W. Mill Rd.
>Glendale, WI 53209
>jeff.johnson at glendale.k12.wi.us
>
>_______________________________________________
>Casper mailing list
>Casper at list.jamfsoftware.com
>
>[ http://list.jamfsoftware.com/mailman/listinfo/casper
]http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
> _______________________________________________
>Casper mailing list
>Casper at list.jamfsoftware.com
>http://list.jamfsoftware.com/mailman/listinfo/casper


_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper

More information about the Casper mailing list