Monday, June 05, 2006

Same Anti-Virus Vendor

NO – NO - NO!!!!

Getting back on my security bent here for a second, there has been a lot of talk on the Exchange boards about having a single vendor for providing an Antivirus solution for the complete environment. This is where you are running a AV solution for everything in your enterprise, from the Exchange Server to the file servers to the workstations on everyone’s desk. If you do this, you are an IDIOT and are looking for an good ass-kicking. “Aren’t most big AV vendors the same or when they release their sig files?” Most of the big AV companies release their signature files within 4-24 hours of a new virus being released. I have found that Kaspersky releases it dat files the fastest, however, there have been major problems with their dat files being screwed up. (but, that is another rant) McAfee and Symantec are right inline with each other, then there is CA and various others. So, as you can see there is a spread of time when the new sig file will be released. Then there are the different variants that spring up, creating havoc when you are already down. (kick’em again - kick’em again)

Having a single solution will mean that it will sooner or later miss one and that one could be a -big- one. Simple conclusion, you'd better have at least two AV vendors scanning your environment for viruses. And since email is one of the major vectors of spreading viruses, your Exchange server definitely to be running a different Anti-virus solution than the rest of your environment. “But, it costs more money – they are giving me AV for Exchange for free.” Free is about what I would pay for this type of solution and you will be sorry, one day, for not having a multi-tiered solution for your environment.

In conclusion, having just one AV vendor for both your email and desktops might sound like a convenient solution. However, using the -same- AV engine on Exchange, servers, and the desktop is ultimately an invitation to infection. (and an ass-kicking)

No comments: