[Casper] Casper Digest, Vol 11, Issue 1
Michael W VanVliet
mwv1 at meadwestvaco.com
Thu Nov 1 08:02:38 PDT 2007
We have just finished a lengthy investigation of AV solutions (we are
currently using SAV) but we took a look at all major and proven products
out on the market currently. We had web demo's of all systems as well as
on site demo's and evaluations. We ended up going with SAV again for a
large number of reasons - Mac Console (future integration with windows and
Linux), quality of definitions, size of updates, low resources used for
all requested functions (scans/def updates, etc), already have inhouse
expertise and police, push vs. pull update method, and a large number of
other reason.
- Mac integration into the console (including windows/linux) should of
happened this past Sept per Symantec but is now pushed out to mid 2008 as
stated by our Symantec rep, they will eventually get there and I am sure
it will be fine once they do, just a matter of when.
-The Sophos solution is nice at first glance, but pretty much only on the
console side. Which is nice - but not needed, once you get your
settings/polices set in the console you are not in it daily (if you are
something is wrong) but its mainly eye candy. Time that would of been
spent better elsewhere. It also is a resource hog and uses the pull method
of updating both of these along with a number of other reason were show
stoppers for Sophos.
- Also running without AV is nice if you are a closed shop with no windows
clients, but if you deal with any exterior vendors/clients or have
internal windows clients then you could very well be a carrier of windows
virus which is not an option for us.
-There are many other topics I would like to touch upon and I am sure I
have skipped a few major ones but I am rushing as I am now 1 minute late
to a meeting (another one).....
Mike VanVliet
MeadWestvaco
casper-request at list.jamfsoftware.com
Sent by: casper-bounces at list.jamfsoftware.com
11/01/2007 10:33 AM
Please respond to
casper at list.jamfsoftware.com
To
casper at list.jamfsoftware.com
cc
Subject
Casper Digest, Vol 11, Issue 1
Send Casper mailing list submissions to
casper at list.jamfsoftware.com
To subscribe or unsubscribe via the World Wide Web, visit
http://list.jamfsoftware.com/mailman/listinfo/casper
or, via email, send a message with subject or body 'help' to
casper-request at list.jamfsoftware.com
You can reach the person managing the list at
casper-owner at list.jamfsoftware.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Casper digest..."
Today's Topics:
1. Mac anti-virus thoughts (Jeff Johnson)
2. Re: Mac anti-virus thoughts (Ernst, Craig S.)
3. Re: Mac anti-virus thoughts (mcorippo)
4. Re: Mac anti-virus thoughts (NATHANIEL.LINDLEY at spps.org)
5. Re: Mac anti-virus thoughts (John Wetter)
----------------------------------------------------------------------
Message: 1
Date: Wed, 31 Oct 2007 17:46:03 -0600
From: "Jeff Johnson" <jeff.johnson at glendale.k12.wi.us>
Subject: [Casper] Mac anti-virus thoughts
To: "Casper List" <Casper at list.jamfsoftware.com>
Message-ID:
<fc.000f6ed2008d5e2f000f6ed2008d5e2f.8d5e34 at glendale.k12.wi.us>
Content-Type: text/plain; charset=ISO-8859-1
I'd appreciate anti-virus recommendations from those of you deploy an AV
package in your environment as well as hearing any reasons why you don't
run one. We're about 99% Macs (mostly 10.4, a few 10.3 clients) and have
all Mac servers (all OS X).
Thanks in advance,
Jeff Johnson
Technology Coordinator
Glendale-River Hills School District
2600 W. Mill Rd.
Glendale, WI 53209
jeff.johnson at glendale.k12.wi.us
------------------------------
Message: 2
Date: Wed, 31 Oct 2007 21:45:45 -0500
From: "Ernst, Craig S." <ERNSTCS at uwec.edu>
Subject: Re: [Casper] Mac anti-virus thoughts
To: Casper List <Casper at list.jamfsoftware.com>
Message-ID: <C34EA809.22C6%ernstcs at uwec.edu>
Content-Type: text/plain; charset="iso-8859-1"
Hi Jeff,
We've been running for quite some time now without any AV software, and to
my knowledge have not run into anything as of yet. However, that doesn't
mean we haven't been looking for a good solution. Macs can still pass
along Windows based viruses in files, or if you have classic environments,
they are still vulnerable.
I know that Nathaniel, and the fine folks over at Saint Paul Public
Schools in Minnesota, were running Sophos, and that's a lot of machines
they run. Sophos appears to have some of the best options for centralized
management and deployment. I started to work with them to get a demo setup
going, but ran out of time. Sophos will be very enthusiastic about getting
you setup with a test and getting any help you need to do so.
Other products that in general have had good reviews, ClamXAV (
http://www.clamxav.com). It's free, but I think it has some drawbacks,
too.
I haven't had a chance to look at Intego Virus Barrier. Symantec just
gives me the chills thinking about it.
With the release of Leopard does this change what's necessary here, again?
There are reviews out there, but it's sometimes hard to find those that
aren't out of date and truly are geared towards the Mac. Many things I
read..."What's the best antivirus program? Mac OS X!" I also see the
"there hasn't been a 'virus' reported for Mac OS X in over 6 years so I
don't run anything."
Now what should worry about you is stuff like this article talks about,
stopping people from getting in, preventing intrusion:
http://www.heise-security.co.uk/articles/print/98120
I think I helped? I'm not really sure...
Craig Ernst
Systems Management & Configuration
+-------------------+
University of Wisconsin-Eau Claire
Learning and Technology Services
105 Garfield Ave
Eau Claire, WI 54701
Phone: (715) 836-3639
Fax: (715) 836-6001
+-------------------+
ernstcs at uwec.edu
On 10/31/07 6:46 PM, "Jeff Johnson" <jeff.johnson at glendale.k12.wi.us>
wrote:
I'd appreciate anti-virus recommendations from those of you deploy an AV
package in your environment as well as hearing any reasons why you don't
run one. We're about 99% Macs (mostly 10.4, a few 10.3 clients) and have
all Mac servers (all OS X).
Thanks in advance,
Jeff Johnson
Technology Coordinator
Glendale-River Hills School District
2600 W. Mill Rd.
Glendale, WI 53209
jeff.johnson at glendale.k12.wi.us
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://list.jamfsoftware.com/pipermail/casper/attachments/20071031/d85bb8a1/attachment.html
------------------------------
Message: 3
Date: Wed, 31 Oct 2007 23:14:22 -0800
From: "mcorippo" <mcorippo at lblp.com>
Subject: Re: [Casper] Mac anti-virus thoughts
To: "Casper List" <Casper at list.jamfsoftware.com>
Message-ID: <fc.006ad22901712ac7000f6ed2008d5e2f.1712b04 at lblp.com>
Content-Type: text/plain; charset=ISO-8859-1
I can second the Sophos recommendation. Been using it for a few years and
it has been good. I have a couple minor gripes about some of the prefs on
the client being a bit unclear, but it has been working
seamlessly on a myriad of Mac models with no real problems or downsides
for us since early in 10.3 all the way up to 10.4.10. We have never had
any issues while installing software or images with Casper (or
in any other situations). It just doesn't get in the way for us.
The Sophos enterprise console was recently updated to v.3 and it is a real
help in a mixed platform environment. They have added adware/spyware
protection too, plus other goodies that can really make Win
security fairly painless.
Last I looked, clamav would detect virruses, but has no repair
functionality, and it used to be dog slow. Has it been updated or
improved recently?
One thing to consider is that if the Macs in question or normally run from
managed(non-admin) accounts, they are pretty safe. Take the [
http://www.macworld.com/2007/10/firstlooks/trojanhorse/index.php
]latest Trojan for example. No admin access, no real threat. Sophos (or
perhaps Intego?) can still add a secondary level of protection.
Thanks,
Matt Corippo
Lindamood-Bell Learning Processes
IT Dept.
"Ernst, Craig S." <ERNSTCS at uwec.edu> on October 31, 2007 at 7:45 PM -0700
wrote:
>Hi Jeff,
>
>We?ve been running for quite some time now without any AV software, and
to my knowledge have not run into anything as of yet. However, that
doesn?t mean we haven?t been looking for a good solution. Macs can
>still pass along Windows based viruses in files, or if you have classic
environments, they are still vulnerable.
>
>I know that Nathaniel, and the fine folks over at Saint Paul Public
Schools in Minnesota, were running Sophos, and that?s a lot of machines
they run. Sophos appears to have some of the best options for
>centralized management and deployment. I started to work with them to get
a demo setup going, but ran out of time. Sophos will be very enthusiastic
about getting you setup with a test and getting any help you
>need to do so.
>
>Other products that in general have had good reviews, ClamXAV ([
http://www.clamxav.com). ]http://www.clamxav.com). It?s free, but I think
it has some drawbacks, too.
>
>I haven?t had a chance to look at Intego Virus Barrier. Symantec just
gives me the chills thinking about it.
>
>With the release of Leopard does this change what?s necessary here,
again? There are reviews out there, but it?s sometimes hard to find those
that aren?t out of date and truly are geared towards the Mac. Many
>things I read...?What?s the best antivirus program? Mac OS X!? I also see
the ?there hasn?t been a ?virus? reported for Mac OS X in over 6 years so
I don?t run anything.?
>
>Now what should worry about you is stuff like this article talks about,
stopping people from getting in, preventing intrusion:
>[ http://www.heise-security.co.uk/articles/print/98120
]http://www.heise-security.co.uk/articles/print/98120
>
>I think I helped? I?m not really sure...
>
>Craig Ernst
>Systems Management & Configuration
>+-------------------+
>University of Wisconsin-Eau Claire
>Learning and Technology Services
>105 Garfield Ave
>Eau Claire, WI 54701
>Phone: (715) 836-3639
>Fax: (715) 836-6001
>+-------------------+
>ernstcs at uwec.edu
>
>
>
>On 10/31/07 6:46 PM, "Jeff Johnson" <jeff.johnson at glendale.k12.wi.us>
wrote:
>
>
>
>I'd appreciate anti-virus recommendations from those of you deploy an AV
>package in your environment as well as hearing any reasons why you don't
>run one. We're about 99% Macs (mostly 10.4, a few 10.3 clients) and have
>all Mac servers (all OS X).
>
>Thanks in advance,
>
>Jeff Johnson
>Technology Coordinator
>Glendale-River Hills School District
>2600 W. Mill Rd.
>Glendale, WI 53209
>jeff.johnson at glendale.k12.wi.us
>
>_______________________________________________
>Casper mailing list
>Casper at list.jamfsoftware.com
>
>[ http://list.jamfsoftware.com/mailman/listinfo/casper
]http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
> _______________________________________________
>Casper mailing list
>Casper at list.jamfsoftware.com
>http://list.jamfsoftware.com/mailman/listinfo/casper
------------------------------
Message: 4
Date: Thu, 1 Nov 2007 05:31:03 -0500
From: NATHANIEL.LINDLEY at spps.org
Subject: Re: [Casper] Mac anti-virus thoughts
To: "mcorippo" <mcorippo at lblp.com>, jeff.johnson at glendale.k12.wi.us
Cc: casper-bounces at list.jamfsoftware.com, Casper List
<Casper at list.jamfsoftware.com>
Message-ID:
<OF67ACBEBB.5934FCB9-ON86257386.0038AC02-86257386.003A2AAB at spps.org>
Content-Type: text/plain; charset=iso-8859-1
Disclaimer, I'm not the Sophos expert in our district, but I'm trying to
learn more.
Here is what I know about Sophos on our computers in Saint Paul Schools.
-It sucks on a Mac with less than 512 MB RAM. The on-access scanning
(which scans files as the are added or modified) called Intercheck, really
slows down the Finder. More than 512 MB Ram and a recent CPU, no problem.
-It doesn't have a scheduled scanning feature built in to the very sparse
GUI. However, the Unix command "sweep" can be setup with variables and
run
as a cron job. We are working to test this on a couple Mac OS X servers
(to run at night) and on some clients that use mobile home directories.
-Composer packages that I make never seem to include the latest definition
updates. Not sure why, but after an install, we always need to run the
update right away and that works, but is anoying if you need to download
40
MB of definitions and updates.
-I have come accross Macs that have Microsoft Word Macro viruses and
Sophos
cleans them easily. The only way we find out though is that someone tries
to send an infected .doc from their Mac to someone else via email and our
seperate email anti-virus catches the infected file and cleans it. This
gives the recepient a blank file. So then we go back to the sender and
run
a scan and cleans them up. No biggie.
-Sophos seems to work pretty well on the Windows machines, when configured
correctly. I have had some problems removing some of the malware that
gets
buried on PCs, but we are still using the older Enterprise console and SAV
6 --not the latest. We are going to be upgrading this year.
I have no idea what we payed for Sophos, but I bet it was a lot. We also
have nearly 16,000 desktops (Windows, OS X, OS 9).
Nathaniel Lindley
++++++++++++++++++
Learning Systems Specialist
Educational Technology
Saint Paul Public Schools
Saint Paul, Minnesota
nathaniel.lindley at spps.org
phone: 651-603-4929
"mcorippo"
<mcorippo at lblp.co
m> To
Sent by: "Casper List"
casper-bounces at li <Casper at list.jamfsoftware.com>
st.jamfsoftware.c cc
om
Subject
Re: [Casper] Mac anti-virus
11/01/07 02:14 AM thoughts
I can second the Sophos recommendation. Been using it for a few years and
it has been good. I have a couple minor gripes about some of the prefs on
the client being a bit unclear, but it has been working
seamlessly on a myriad of Mac models with no real problems or downsides
for
us since early in 10.3 all the way up to 10.4.10. We have never had any
issues while installing software or images with Casper (or
in any other situations). It just doesn't get in the way for us.
The Sophos enterprise console was recently updated to v.3 and it is a real
help in a mixed platform environment. They have added adware/spyware
protection too, plus other goodies that can really make Win
security fairly painless.
Last I looked, clamav would detect virruses, but has no repair
functionality, and it used to be dog slow. Has it been updated or
improved
recently?
One thing to consider is that if the Macs in question or normally run from
managed(non-admin) accounts, they are pretty safe. Take the [
http://www.macworld.com/2007/10/firstlooks/trojanhorse/index.php
]latest Trojan for example. No admin access, no real threat. Sophos (or
perhaps Intego?) can still add a secondary level of protection.
Thanks,
Matt Corippo
Lindamood-Bell Learning Processes
IT Dept.
"Ernst, Craig S." <ERNSTCS at uwec.edu> on October 31, 2007 at 7:45 PM -0700
wrote:
>Hi Jeff,
>
>We've been running for quite some time now without any AV software, and
to
my knowledge have not run into anything as of yet. However, that doesn't
mean we haven't been looking for a good solution. Macs can
>still pass along Windows based viruses in files, or if you have classic
environments, they are still vulnerable.
>
>I know that Nathaniel, and the fine folks over at Saint Paul Public
Schools in Minnesota, were running Sophos, and that's a lot of machines
they run. Sophos appears to have some of the best options for
>centralized management and deployment. I started to work with them to get
a demo setup going, but ran out of time. Sophos will be very enthusiastic
about getting you setup with a test and getting any help you
>need to do so.
>
>Other products that in general have had good reviews, ClamXAV ([
http://www.clamxav.com). ]http://www.clamxav.com). It's free, but I think
it has some drawbacks, too.
>
>I haven't had a chance to look at Intego Virus Barrier. Symantec just
gives me the chills thinking about it.
>
>With the release of Leopard does this change what's necessary here,
again?
There are reviews out there, but it's sometimes hard to find those that
aren't out of date and truly are geared towards the Mac. Many
>things I read..."What's the best antivirus program? Mac OS X!" I also see
the "there hasn't been a 'virus' reported for Mac OS X in over 6 years so
I
don't run anything."
>
>Now what should worry about you is stuff like this article talks about,
stopping people from getting in, preventing intrusion:
>[ http://www.heise-security.co.uk/articles/print/98120
]http://www.heise-security.co.uk/articles/print/98120
>
>I think I helped? I'm not really sure...
>
>Craig Ernst
>Systems Management & Configuration
>+-------------------+
>University of Wisconsin-Eau Claire
>Learning and Technology Services
>105 Garfield Ave
>Eau Claire, WI 54701
>Phone: (715) 836-3639
>Fax: (715) 836-6001
>+-------------------+
>ernstcs at uwec.edu
>
>
>
>On 10/31/07 6:46 PM, "Jeff Johnson" <jeff.johnson at glendale.k12.wi.us>
wrote:
>
>
>
>I'd appreciate anti-virus recommendations from those of you deploy an AV
>package in your environment as well as hearing any reasons why you don't
>run one. We're about 99% Macs (mostly 10.4, a few 10.3 clients) and have
>all Mac servers (all OS X).
>
>Thanks in advance,
>
>Jeff Johnson
>Technology Coordinator
>Glendale-River Hills School District
>2600 W. Mill Rd.
>Glendale, WI 53209
>jeff.johnson at glendale.k12.wi.us
>
>_______________________________________________
>Casper mailing list
>Casper at list.jamfsoftware.com
>
>[ http://list.jamfsoftware.com/mailman/listinfo/casper
]http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
> _______________________________________________
>Casper mailing list
>Casper at list.jamfsoftware.com
>http://list.jamfsoftware.com/mailman/listinfo/casper
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper
------------------------------
Message: 5
Date: Thu, 1 Nov 2007 08:33:30 -0600
From: John Wetter <john_wetter at hopkins.k12.mn.us>
Subject: Re: [Casper] Mac anti-virus thoughts
To: Casper List <Casper at list.jamfsoftware.com>
Message-ID: <C34F4DEA.17EA%john_wetter at hopkins.k12.mn.us>
Content-Type: text/plain; charset="iso-8859-1"
We're running Symantec. We centrally manage the Windows environment, but
the mac environment doesn't allow the same integration at this point.
We've been told they are updating their whole line this fall sometime, but
I haven't seen it yet. We've looked at Sophos a couple times, but haven't
been able to look at it enough to be convinced either way. On many of our
older macs we run into the same problem Nathaniel did with Sophos.
Everyone turns off the on-access scanners because they slow the computer
down too much. Also, in many of our labs, they're disabled because
testing programs and some of our keyboarding programs go nuts. So, I
guess we are running AV, but I find myself asking why sometimes because
it's disabled in most of the environments that I'd like to have an extra
layer of protection on (labs and student use computers). I've had NAV
catch a couple macros my Windows counterparts have sent my way, but that's
about it. I got a NAV package made much more eas!
ily than I thought it would be. I packaged it up with our settings and
also with the updates that make some pieces in it universal.
-John
On 10/31/07 6:46 PM, "Jeff Johnson" <jeff.johnson at glendale.k12.wi.us>
wrote:
I'd appreciate anti-virus recommendations from those of you deploy an AV
package in your environment as well as hearing any reasons why you don't
run one. We're about 99% Macs (mostly 10.4, a few 10.3 clients) and have
all Mac servers (all OS X).
Thanks in advance,
Jeff Johnson
Technology Coordinator
Glendale-River Hills School District
2600 W. Mill Rd.
Glendale, WI 53209
jeff.johnson at glendale.k12.wi.us
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper
--
John Wetter
Technology Support Administrator
Technology & Information Services
Hopkins Public Schools
952-988-4106
john_wetter at hopkins.k12.mn.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://list.jamfsoftware.com/pipermail/casper/attachments/20071101/638711a3/attachment.htm
------------------------------
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper
End of Casper Digest, Vol 11, Issue 1
*************************************
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service._______________________________________________________________
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service._______________________________________________________________
This electronic message contains information from MeadWestvaco
Corporation or subsidiary companies, which may be confidential,
privileged or otherwise protected from disclosure. The
information is intended to be used solely by the recipient(s)
named. If you are not an intended recipient, be aware that
any review, disclosure, copying, distribution or use of this
transmission or its contents is prohibited. If you have
received this transmission in error, please notify MeadWestvaco
immediately at postmaster at MeadWestvaco.com.
_______________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20071101/e4c8ee68/attachment.htm
More information about the Casper
mailing list