Sign In
Register
Help
Maybe I'm just ignorant...but I didn't realize that F-Secure and Kaspersky had such a close relationship. F-Secure OEM's technology from Kaspersky (if you install F-Secure Anti-Virus 2005 you'll see that they use Kaspersky definitions...just open the AVC files). Also, they're apparently working on an engine together.
Interesting stuff. I was wondering how the frack F-Secure all of a sudden was hangin with the big boys (Sophos, Kaspersky, etc.). B)
Page 1 of 1
Kaspersky And F-secure They're in cahoots with eachother
MultiQuote
#2
- Master Sergeant
-
- Group: Specialist
- Posts: 800
- Joined: 03-September 04
Posted 05 February 2005 - 01:26 AM
Hows the honey pots going? You caught any more interesting malware / viruses? As you mentioned Sophos being one of the big boys I would like to hear your opinion about them. I know they are not aimed at home users as they concentrate on coorporations and they specialise in networking when it comes to their AV.
Have to say i wasnt impressed with their interface. However, i suppose the interface is not particuarly important as its on the network admins who will be dealing with the AV.
Im very interested in their patented technology - InterCheck. This technology apparently makes their AV the fastest scanner going due to their advanced checksumming algorithms.
I find Sophos are not talked about alot. I suppose not alot of people will have experience with this product because of the audience it is aimed at. However, im sure you have tried it and would like to hear more (any strengths, weaknesses etc..)
Cheers
Have to say i wasnt impressed with their interface. However, i suppose the interface is not particuarly important as its on the network admins who will be dealing with the AV.
Im very interested in their patented technology - InterCheck. This technology apparently makes their AV the fastest scanner going due to their advanced checksumming algorithms.
I find Sophos are not talked about alot. I suppose not alot of people will have experience with this product because of the audience it is aimed at. However, im sure you have tried it and would like to hear more (any strengths, weaknesses etc..)
Cheers
#3
- Sergeant
-
- Group: Members
- Posts: 212
- Joined: 22-October 03
Posted 05 February 2005 - 03:50 AM
Yup its bin like that for a while. Fsecure just use the definitions from Kasp. I dunno wht Kasp get in return though but its a good deal for Fsecure and Kasp definitions are good(in case anyone who has no idea is read :P).
#4 Guest_sk3tch_*
Posted 05 February 2005 - 05:08 PM
Hey kbnet...they're going well. I'm up to 13 of them. :)
Sophos is pretty great. I've had it deployed since last week and it has not been infected once. I was using 3.89 but now I have 3.90 deployed. The interface is pretty blah...it is designed to be managed by their central server. I do have a tip though, if you would like to run it on a single box you can get this script to update it automatically...just set it up in task scheduler or create a batch that you whack every day or so:
http://updatesophos.sourceforge.net/
I've been doing this since October and I've considerably upgraded my setup since then. Now I have two beefy Linux servers running VMware systems and one hardened Windows box storing my samples and analysis tools. The network is completely DMZ'd from the rest of my stuff and I have QoS, Snort, and full network logging enabled for forensic analysis cross-checking (since I use tools on the host to analyze the worms, etc.).
Anyway, my opinion is high on the following products:
Kaspersky (in general)
McAfee (VirusScan Enterprise 8.00)
Sophos (in general)
Dr. Web (desktop AV)
F-Secure (since they're Kaspersky JR.)
I'd *almost* put VirusBuster up there. They've impressed me but they have been infected a time or two since deployment last week. Could just be luck..but who knows. The above names have not yet been infected and generally thwart everything.
Also, Kaspersky has seemed to fix it's sometimes buggy code if you are using their Personal Pro or Business Optimal versions. If you use just regular ol' Personal (or Defender Pro 2005 like I was) - you can have buggy issues. Makes sense I guess, since the Personal Pro/Business Optimal versions were only recently updated and the Personal version was out for several months before them. Perhaps that is how they beta test. B)
Sophos is pretty great. I've had it deployed since last week and it has not been infected once. I was using 3.89 but now I have 3.90 deployed. The interface is pretty blah...it is designed to be managed by their central server. I do have a tip though, if you would like to run it on a single box you can get this script to update it automatically...just set it up in task scheduler or create a batch that you whack every day or so:
http://updatesophos.sourceforge.net/
I've been doing this since October and I've considerably upgraded my setup since then. Now I have two beefy Linux servers running VMware systems and one hardened Windows box storing my samples and analysis tools. The network is completely DMZ'd from the rest of my stuff and I have QoS, Snort, and full network logging enabled for forensic analysis cross-checking (since I use tools on the host to analyze the worms, etc.).
Anyway, my opinion is high on the following products:
Kaspersky (in general)
McAfee (VirusScan Enterprise 8.00)
Sophos (in general)
Dr. Web (desktop AV)
F-Secure (since they're Kaspersky JR.)
I'd *almost* put VirusBuster up there. They've impressed me but they have been infected a time or two since deployment last week. Could just be luck..but who knows. The above names have not yet been infected and generally thwart everything.
Also, Kaspersky has seemed to fix it's sometimes buggy code if you are using their Personal Pro or Business Optimal versions. If you use just regular ol' Personal (or Defender Pro 2005 like I was) - you can have buggy issues. Makes sense I guess, since the Personal Pro/Business Optimal versions were only recently updated and the Personal version was out for several months before them. Perhaps that is how they beta test. B)
#5 Guest_sk3tch_*
Posted 05 February 2005 - 05:15 PM
Oh, and here is a cool little Serv-U worm that a warez site was distributing (For clarification - I caught it on one of my honeypots..they weren't giving out the virus. I mean distributing as in they started the worm). Pretty fun to pick apart:
XDCCz.zip
Zip pass is "infected" - enjoy.
Other than that, most of the stuff I catch are SDBot variants. They're a dime a doz...sooo many out there. Oh well, still interesting stuff. I'm just learning a lot about forensics, that really keeps it interesting for me.
XDCCz.zip
Zip pass is "infected" - enjoy.
Other than that, most of the stuff I catch are SDBot variants. They're a dime a doz...sooo many out there. Oh well, still interesting stuff. I'm just learning a lot about forensics, that really keeps it interesting for me.
#6
- Master Sergeant
-
- Group: Specialist
- Posts: 800
- Joined: 03-September 04
Posted 06 February 2005 - 03:18 AM
Hi sk3tch, good to hear your interests in forensics are still going strong. Did you ever get round to writing a tutorial on a recommended setup for honeypots? I know documentation is the last thing you will want to do but even if you wrote a quick tutorial which named a few tools and offered some of your expert advice I think alot of people on this forum would be interested in it - i know i certainly would!
Also, if you had a large network (say a few hundered machines) which AV would have protecting it?
cheers bud.
Also, if you had a large network (say a few hundered machines) which AV would have protecting it?
cheers bud.
#8 Guest_sk3tch_*
Posted 09 February 2005 - 08:50 AM
kbnet, on Feb 6 2005, 11:18 AM, said:
Also, if you had a large network (say a few hundered machines) which AV would have protecting it?
The best AV and the best AV in a large corporate environment are two different things.
Because of this, I'd recommend deploying McAfee VirusScan Enterprise 8.00 with ePO for management. Their buffer overflow and network-based protection can't be beat. Their defs aren't too bad as well.
#10
- Sergeant
-
- Group: Members
- Posts: 212
- Joined: 22-October 03
Posted 10 February 2005 - 04:19 AM
Yea f-secure must be paying em a proportion of their profit. Its like dixons, currys, pcworld - they're all managed by the same company so its like a monopoly - i think they're trying to do the same thing here at a smaller scale
#11 Guest_sk3tch_*
Posted 10 February 2005 - 07:19 AM
Possibly. And at a more basic level I think that many companies are recognizing Kaspersky's superior definitions and utilizing that advantage in their products (whether it be for AV software or other security software such as all-in-one firewalls, SMTP gateways, etc).
I'm not 100% sure, but I believe F-Secure used to be quite weak in the definitions area. Not a bad deal to go from the bottom rung to the top of the heap with just the writing of a check! B)
I'm not 100% sure, but I believe F-Secure used to be quite weak in the definitions area. Not a bad deal to go from the bottom rung to the top of the heap with just the writing of a check! B)
Page 1 of 1
