[Casper] Mac anti-virus thoughts

Smith, William william.smith at merrillcorp.com
Thu Nov 1 08:42:51 PDT 2007 

I see my response yesterday went to Jeff instead of the group. I'm reposting
below...


On 10/31/07 6:46 PM, "Jeff Johnson" <jeff.johnson at glendale.k12.wi.us> wrote:

> I'd appreciate anti-virus recommendations from those of you deploy an AV
> package in your environment as well as hearing any reasons why you don't
> run one. We're about 99% Macs (mostly 10.4, a few 10.3 clients) and have
> all Mac servers (all OS X).

Hi Jeff!

We run Symantec Antivirus 10.x.

Why this software? Frankly, because we're already covered under a volume
license agreement for our Windows clients and our Mac seats are kinda thrown
in. I really have not seen any of the problems many people report (among a
few hundred Macs).

Also, SAV is one of the handful of Mac antivirus solutions with a server
console component. I consider this important in a large scale deployment
because we need some control and feedback with the antivirus client. Knowing
what's happening with clients is simply part of being an administrator.
Otherwise, you're shooting in the dark. Intego's VirusBarrier has a console
as well but I haven't tested it yet.

Why do I choose to run antivirus software at all? Two reasons:

1. I was one of the complacent admins when the AutoStart Worm hit back in
the Mac OS 8/9 days. One variant targeted graphics files on local hard
drives, server volumes and any writable disks such as Zips (abundant at the
time) and attempted to destroy them. We were impacted more from the
performance hits the worm caused and getting rid of it was a pain until we
installed antivirus software.

Mac OS X has no current virus threats but then no one thought Mac OS 8/9 was
very susceptible either. I believe it's a matter of when, not if, one will
strike for Mac OS X. When it does I want to have that protection
infrastructure in place. I can't prevent the spread of a virus after the
fact.

2. Running AV is just good network citizenship. I compare computer viruses
with human viruses. Who's responsible for the prevention of spreading
disease--those who are infected or those who aren't? I say both.

I use Casper with an "At Reboot" script to install the SAV .pkg file on the
Macs I'm building and bring them up-to-date before users touch them. I use
the JSS to set each of our Macs with a schedule to check our internal
LiveUpdate server once per day. Casper is also far more reliable for sending
immediate commands to my clients to check for updates rather than the SAV
console.

-- 

bill

William M. Smith, Technical Analyst
Digital Information Systems Support
Merrill Communications, LLC
(651) 632-1492

More information about the Casper mailing list