The AV switch

MSU just got a site license agreement with Eset for Nod32. This was at a time when the collective frustrations with Norton/Symantec Antivirus where at all time high. I have noticed over the years a few very prevalent problems with Symantec’s antivirus solution.

1. The updates don’t come as quickly and often as I would like.
2. Norton is slow to release fixes for already infected machines. In some cases I find myself writing an in house fix to mitigate the damage.
3. It’s a resource hog. It’s just heavy. It drastically affects performance when real time scan is enabled (which it should be to be effective) because it’s running all disk writes and reads through its filters.
4. Anyone who has had to use their server component knows that I don’t even need to continue this sentence.

Given these sins I decided to buy a few licenses for Nod32 and keep it on my key chain flash drive ready to install on the next machine I see with a virus related issue.

On Jan 27 the Brepibot.L took a couple of my users by surprise. It was too early in its life to be detected by the campuses clamav and a few users ran the exe before I could send out my warning to the distro lists.

Norton didn’t have a def that would fix it for a couple of days. In that time Nod32 got it with no problem, and even cleaned it on a guinea pig machine.

The next day a faculty member was having issues with random word doc corruption and suspected it to be virus related. I removed Norton and installed nod32 and then updated its defs. I ran a complete system scan and oddly enough it found four infected files that Norton had not previously detected. Two of these files where OLD viruses (one was my doom and another was sober). The problem ended up being a failing usb flash drive that he had the documents on.

Now to develop a deployment strategy.

One thought on “The AV switch

  • February 24, 2006 at 3:16 pm
    Permalink

    Great review of the problems w/ NAV/SAV. I’d add that even upgrading to the latest SAV engine build (10.0.2) the desktops are still buggy. One of the best utilities that Symantec has created: No-NAV Removes NAV/SAV completely when you’ve got a screwed up client (which happens ALL the TIME) that isn’t getting updates and refuses to update, etc. Of course, do a search on Symantec’s site and try find it! I’ve got a copy I’d be happy to share; just a simple batch script; saves a TON of time over manually removing all those reg. keys like I had to do dozens of times over the years until one kind Sym. techie told me about No-NAV.

    One of the other things I really like so far w/ NOD32 are the def update frequency; during my 30 day testing of the desktop it always updated daily and often 2x or even 3x a day!

    Reply

Leave a Reply