Vexira with MS?

Chris Trudeau chris at TRUDEAU.ORG
Wed Oct 15 17:23:25 IST 2003

In addition, its important to point out that companys that SHOULD be able to
afford it...don't because they're products have some difficulty keeping

check the archives for notable virus scanners that start with an "F" and end
with a "prot" that seem to always be behind in rolling out def files.  These
guys don't seek/stay certified because they can't seem to keep up with the

The guys at ICSA Labs do a good job of notifying program members when issues
arise and they need to be addressed by the vendors.  The program is
expensive, but provides the common baseline to me the consumer, that the
product meets a certain set of standards.

As for iptables vs checkpoint...its a similar arguement...if I am
responsible for a large amount of dollars rolling in the door...I'm going to
pay for the mission critical stuff, because I have a scapegoat and
"support".  If I deploy iptables (and I have) then I buy support from the
distribution vendor.

Nobody ever got fired for hiring IBM  :)  to that end, nobody ever got fired
for buying an AV product that is certified...(maybe)


----- Original Message ----- 
From: "Nathan Johanson" <nathan at TCPNETWORKS.NET>
Sent: Wednesday, October 15, 2003 10:50 AM
Subject: Re: Vexira with MS?

In that case, I wonder where BullGuard AntiVirus for Windows XP Professional
got the money to afford the certification :) Vendors like eTrust, McAfee,
and Symantec I can understand, but BullGuard... Never heard of it (and it
only supports one XP Pro?).


-----Original Message-----
From: Antony Stone [mailto:Antony at SOFT-SOLUTIONS.CO.UK]
Sent: Wednesday, October 15, 2003 7:41 AM
Subject: Re: Vexira with MS?

On Wednesday 15 October 2003 3:22 pm, Nathan Johanson wrote:

> Funny, there are some notable scanners missing from the certification
> list.

Well, ICSA certification is a very expensive process, and not all companies
can afford to go through it for the difference it might make to their sales.

Also, once a company has certification, it continues to be expensive,
you need to pay for retesting of new versions of the software as they're

I think it's one of those things where some people want to pay for a product
with a certificate (and don't mind the extra cost that adds on), some people
want to pay for a product which works (and prefer to save money if it's less
than a competing product with the added certification cost).

eg: Some people buy Check Point firewalls for $$$$ (or ££££ etc) - some
people know that Linux/netfilter/iptables can do the job they need, so they
use that, even though it hasn't got the certification the Check Point


> -----Original Message-----
> From: Chris Trudeau [mailto:chris at TRUDEAU.ORG]
> Sent: Tuesday, October 14, 2003 8:13 AM
> Subject: Re: Vexira with MS?
> be aware that using just ANY AV could be risky...there are a lot of
> posts
> about the viability and inability of certain vendors to provide
> libraries in
> a reasonable period of time after an outbreak on this list (see
> archives).
> Take a look at this site:
> an extension of TruSecure Corp and they provide a
> certification
> program for security products including firewalls and VPNS.  Their AV
> certification lab is well run and up to date on which products are
> certified.  There is certain criteria that the labs requires of member
> product vendors such as 24-hour release of signatures and several other
> standard requirements.
> I have always been a proponent of knowing what I'm buying, so making a
> purchasing requirement such as an ISCA certification is an easy
> decision.
> CT


Your email has been returned due to insufficient voltage.

More information about the MailScanner mailing list