WAYNE RASH: "Security Adviser" from Infoworld.com", June 26, 2003 (fwd)

Thu Jun 26 22:34:52 IST 2003

This is pretty amusing.  I suspect there are some other consultants on
this list that would be happy to provide Wayne a definitive answer.
:)  His e-mail address is wayne_rash at infoworld.com .

--
</chris>

The death of democracy is not likely to be an assassination from ambush. It
will be a slow extinction from apathy, indifference, and undernourishment.
-Robert Maynard Hutchins, educator (1899-1977)

---------- Forwarded message ----------

========================================================
SECURITY ADVISER                           InfoWorld.com
========================================================

Thursday, June 26, 2003

Network protection commentary by:           Wayne Rash

Advertising Sponsor - - - - - - - - - - - - - - - - - -
FREE Security Seminars
Join IDC, Nokia and Trend Micro at a half day Managing
Email Security Seminar. Learn how to optimize email
system integrity while requiring less IT management
time. Subjects covered include email security, virus
protection and other secure content management issues.
For locations and FREE registration click here...
http://63.115.136.15/go/infoworld/5762518.html

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

ONE LUMP OR TWO?

By Wayne Rash

Posted June 20, 2003 3:00 PM Pacific Time

In Dan Morton's recent review of several enterprise antivirus
packages, use of multiple anti-virus engines was something he
considered an important characteristic. In fact, the
anti-virus solution with the best score, GFI's MailSecurity,
can use multiple anti-virus engines to beef up virus scans.
While working on a companion piece for Dan's article, I
noticed that the anti-virus market leaders, Symantec and
Network Associates, didn't follow this practice. They used
one engine for their e-mail server products -- their own.

Intrigued by this, I talked to the companies involved and
found just what you'd expect: Each company said they were
doing it the right way. I talked to some independent
consultants as well, and they seemed to agree that there were
good reasons to have more than one company providing the
information your anti-virus product needs to do its job. But
it was hard to get anyone to commit to a full-out
recommendation; there is, as the consultants noted, a
performance cost to using more than one anti-virus engine.

Since it was clear that there was no definitive, independent
authority on this topic, I decided to give it some thought.
After all, we're clearly suffering from an authority vacuum
here, and I might as well try to fill it.

The first question I tackled was whether it is really
necessary to have more than one means of checking your e-mail
as it enters your enterprise. That seemed an easy question to
answer -- e-mail is, after all, your single most significant
point of exposure to virus threats. If malicious code is
going to penetrate your defenses, this is where it will come
first. The risk is pretty high.

In addition, it's clear that many of the virus writers are in
Asia, the Middle East, and Europe. A company with a presence
to the east of the continental United States may have an edge
in discovering a new attack and starting work on defensive
measures, perhaps reacting sooner and more accurately. After
all, Europe's business hours start five or six hours before
we hit the Starbucks in the eastern United States.

So in addition to the fact that the European anti-virus
companies have a head start, they also may have different
insights into the emerging viruses and worms. On the other
hand, US companies based in California, such as Network
Associates and Symantec, are no slouches at writing
anti-virus software -- you can assume that whatever they
create will work.

This talent probably explains why these companies are
confident in their own abilities to create anti-virus
software as good as or better than any other company out
there. Besides, it wouldn't do to advise your customers to
get protection from the competition, so why recommend an
additional anti-virus engine if you don't have them
yourself?

Now, what about the performance issues? After all, if you have
to have every e-mail and attachment scanned twice, it will
take longer. Fortunately, e-mail doesn't operate in real
time, so this is hardly a problem. A second or two extra
before e-mail hits your server is unlikely to be noticed at
all, much less cause a problem.

What this means is that unless you have a very good reason to
use a single-engine solution for your enterprise e-mail
anti-virus gateway, take the safe road and use more than one
engine. It offers at least a little extra protection, and
that's important.

After all, getting just a few viruses in your enterprise is
very different from not getting any at all, and it could make
the difference in making sure your enterprise stays safe.

Wayne Rash is a senior analyst at the InfoWorld Test Center.
Contact him at wayne_rash at infoworld.com.

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

MORE SECURITY ADVISER
For a complete archive of his InfoWorld columns visit
http://www.infoworld.com/columnists/wayne.html

INFOWORLD OPINIONS
Weekly commentary from the most trusted voices in
IT at: http://www.infoworld.com/community/t_opinions.html
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
"For more information on Security"

http://www2.infoworld.com/cgi/redesign/subjectindex.wbs?year=&month=&section=&startcount=1&topic=SECURITY

- - - - - - - - - - - - - - - - - - - - - - - - - - - -
To join, or start, a discussion on this or any IT-related
topic, please visit our InfoWorld forums at
http://forums.infoworld.com. Here you can interact and
exchange ideas with InfoWorld staff and other readers.

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

QUOTE OF THE DAY:
"What did Java win? For one thing, it won Sun, which is now
perfectly content to be known as The Java Company. Java
phones, Java desktops, Java servers, Java chips, Java
tools. Java, Java, Java."

--"Ahead of the Curve" columnist Tom Yager

http://www.infoworld.com/article/03/06/20/25OPcurve_1.html

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

SUBSCRIBE/UNSUBSCRIBE/CHANGE E-MAIL
To subscribe, unsubscribe or change your e-mail address
for any of InfoWorld's e-mail newsletters,
go to:http://www.iwsubscribe.com/newsletters/

To subscribe to InfoWorld.com, or InfoWorld Print,
or both, or to renew or correct a problem with any
InfoWorld subscription, go to http://www.iwsubscribe.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

2003 Readers' Choice Awards
It's time to cast your e-mail vote for your favorite
vendors and products! Request a Readers' Choice Awards
ballot by sending an e-mail to
readerschoice at infoworld.com. Please vote by Tuesday,
July 8. Winners will be announced in our July 28 issue.

Advertising Sponsor - - - - - - - - - - - - - - - - - -
FREE Security Seminars
Join IDC, Nokia and Trend Micro at a half day Managing
Email Security Seminar. Learn how to optimize email
system integrity while requiring less IT management
time. Subjects covered include email security, virus
protection and other secure content management issues.
For locations and FREE registration click here...
http://63.115.136.15/go/infoworld/5762518.html

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

ADVERTISING
For information on advertising, contact
laurel_peddie at infoworld.com.

- - - - - - - - - - - - - - - - - - - - - - - - - - - -