[OPLINTECH] AV and Ransomware

Chad Neeper cneeper at level9networks.com
Fri Jun 14 12:05:50 EDT 2019 

It's been a few years since I last deep dived into AV software, but I don't
have the impression that things have changed much since then (in very
broad terms). Generally speaking, I think pretty much all the big names are
generally feature and hit-rate comparable, with none of them really head
and shoulders above the rest in terms of effectiveness. I think that
probably still holds true for the most part. As long as you HAVE AV
software installed and configured correctly, you're generally as good as
you're going to reasonably be. As for which software to use, I think it
comes down to price, personal preference, and the details of how features
are implemented. For my part, I've used Symantec Endpoint Protection for
years. I've only just recently in the past year started using the SEP Small
Business Edition...same level of protection, but simpler at the expense of
being less configurable. But like you, I have the libraries get it via
TechSoup to keep costs down. For me, I'm comfortable with how SEP works and
it fits into my network configuration pretty well, so I don't have enough
incentive to switch.

SEP/SEPSBE works well, but as a rule...if there's a computer I suspect has
ACTUALLY been successfully infected, I always try to run several on-line
scans from other manufacturers for second and third opinions. Experience
has taught me that one manufacture can never be perfect at ferreting out
all of the malware, but a team effort is effective. (Never have more than
one on-access scanner running, of course! Just use the on-line manual
scanners from the competing companies for the extra muscle when you know
you've been infected.)

It's also worth mentioning that all manufacturers have occasional bad years
(or bad runs of a product), but they will generally normalize again. For
instance, 10-12 years or so ago SEP had a period of time where their
on-access scanner just killed the performance of the computer for maybe a
year or so. Other manufacturers were doing a much better job at it.
Naturally, money talks and Symantec didn't want to lose business, so the
problem didn't stay a problem. So if the grass is suddenly looking greener
on the other side of the fence, you might want to weight the cost/effort of
change versus hanging tight with what you're already familiar with for a
little while longer until you know what's coming down the pike.

2 cents,
Chad


______________________________
*Chad Neeper*
Senior Systems Engineer

*Level 9 Networks*
740-548-8070 (voice)
866-214-6607 (fax)

*Full IT/Computer consulting services -- Specialized in libraries and
schools*


On Fri, Jun 14, 2019 at 10:20 AM Kevin Jones via OPLINTECH <
oplintech at lists.oplin.org> wrote:

> We are currently using Symantec Endpoint Protection.  We purchase it from
> Techsoup and have used it for several years becasue it is cheap.  I was
> looking at Bitdefender and was wanting to know if anyone has an opinion
> about Symantec vs. Bitdefender.  I was informed from a consulting company
> that Bitdefender has some protection against ransomware.
>
> Also, what steps are your libraries taking to protect against ransomware?
>
> Thanks,
>
>
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at lists.oplin.org
> http://lists.oplin.org/mailman/listinfo/oplintech
>
> *** OPLIN offers DNS services to libraries at no charge Find out more:
> https://oplin.ohio.gov/dns-services ***
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20190614/78f11883/attachment.html>

More information about the OPLINTECH mailing list