From a fellow catalyst, Eric:

“I make the technology decisions at a small CPA firm, and our Symantec subscriptions are up in a week. I have been researching antivirus software for too long and just keep going in circles. I cannot distinguish between different antivirus software vendors because of either their marketing hype, inconsistent reviews, FUD, etc. I have reviewed them all myself, and have used a handful of them in the past years. Is there really a quantifiable difference or is it just opinions?

I feel there is too much subjective information out there to base a good decision out of. Since I do not have a
robust antivirus testing lab myself, it makes this decision very tough. With firewalls, I can test them with an arsenal of tools freely available but antivirus if different. I have been researching network and internet security extensively this summer and played with Linux some. In doing so, the knowledge I have gained makes me suspicious of antivirus companies. For
example, Symantec Internet Security Suite requires you to run as admin. I have tried various workarounds, talked to support, but not successful. You must run as admin. They want you to not practice computer security basics
that would decrease the attack vector in the first place, and rely on their security software blindly and pay them a fee.

What are your thoughts on this, and if you could your antivirus suggestions.

I see a lot of products realying heavily on signiture based defense, which has its strengths and weaknesses.  The more I research into host based intrustion detection, I like the idea of behavior and Knowledge based intrusion detection more and more.  While signiture based detection is always going to be a need, over reliance on that I think is a weakness.  The
problem I have come across is that any products that get into the host based type intrustion detection are weaker in the signiture based area.  For example, Zone Labs security suite has a good OS firewall (behavior based), but a watered down antivirus scanner.

At the moment I am leaning more towards either Zone Alarm Security Suite, or Kerio and NOD32.”

I’m certain some of you are dealing with a comparable issue – and if you’d like, we can even do a podcast episode dedicated to questions to ask you AV vendor to make sure you are making the right choice.

That said – share your ideas, comments and questions either in the comments below (user name registration required) or send me an email to mi**************@se**************.com with your ideas and insights!

Thanks for helping a fellow catalyst out.

About the Author Michael Santarcangelo

The founder of Security Catalyst, Michael develops exceptional leaders and powerful communicators with the security mindset for success.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.