CLEANACCESS Archives

October 2005

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: AVG - Cisco please read
From:
"Rajesh Nair (rajnair)" <[log in to unmask]>
Reply To:
Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:
Tue, 25 Oct 2005 17:59:34 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (135 lines) 
Folks,

At the risk of receiving lots of flames and brickbats, I attempt to
respond to these issues.

The current issue with AVG is that AVG's latest udpate had both updates
for the AVG engine as well as virus DAT updates.  The newest engine
broke the way in which we check for DAT version date/timestamp.  Its not
that the change in DAT version format broke the checking.  The issue
with the new engine update (essentially a version change in AVG) is that
it does not provide the DAT version date correctly anymore.  While we
try to track beta versions of supported products diligently, we don't
have a way of ensuring that an AV vendor does not change their product.


We have been working on a fix for this since early this morning.  And we
do now have a fix for this and we have released it. Also, this fix will
be quite painless since it will only involve an update of the AV support
chart.  So, no client updates or server updates.  Only a support chart
update.  

So, your CAM should get this update the next time it checks for updates
(I assume everyone has that set to 1 hour or so...) or you can force a
manual update... 

Once it gets the new support chart, the AVG DAT assessment should work. 

Regards,
Rajesh.

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of John Stauffacher
Sent: Tuesday, October 25, 2005 2:38 PM
To: [log in to unmask]
Subject: Re: AVG - Cisco please read

Well put. I think Eric has summed up the frustrations most of us have
felt -- and not just with the AV detection (its a lot better now than it
was [i.e. McAfee Online != McAfee Enterprise]), but with the client side
issues as well. I don't know who is steering the boat at Cisco with
regards to this product, the Cisco people I spoke with at Educause
seemed oblivious about its current lack of any level of quality control,
yet Cisco was heavily pushing it with their whole Campus Secure
platform.

IMHO with Bradford's advances towards being totally switch agnostic, and
the fact that this place will never be a full cisco shop -- we might
just be re-evaluating CCA as a sollution. I don't want to,  I went
through great pains with Perfigo to get the system working -- but I
don't think our IS dept can take another vicious brow beating because an
update of CCA rules, or an update of the client, or an update of the AV
detection broke some (read: alot) user(s)' machine(s). Its a very
delicate political spot to be in -- students pay money, they expect a
quality of service, they expect certain things. When they don't get it
-- it makes life hard on the rest of us.

I know Rajesh has been pretty active on conveying our thoughts for
future development, but what about current stable development. Is anyone
at Cisco (other than rajesh) reading this list, and can they provide us
with any explination as to why this stuff isn't being caught in some QA
cycle somewhere? We shouldnt be beta testers!


Eric Weakland wrote:

>All,
>
><rant>
>Forgive me for sounding off, but I am a little frustrated - this is not

>the first time there have been problems with AVG. . . and I feel that 
>this needs to be said.
>
>As everyone who participates in this list is aware, the reputation of 
>initiatives in the ResNet problem space is very hard to maintain when 
>things break all of a sudden like this.  Maintaining student 
>belief/support in a system like CCA is an important aspect to the 
>success of initiatives with students.  Students pay to use the 
>network/their computer as part of their tuition - unlike in the 
>business space where the ability to change requirements on your users 
>can be a little easier to push through.
>
>My staff and I spent over nine months testing every possible scenario 
>that we could, producing tons of documentation and generally worrying 
>about every detail.  We wrote up use cases and tested them.  We 
>committed to the idea of having (and paying for) redundant systems and 
>test environments so that we would NEVER deploy changes into production

>without rigorous testing.  We paid a LOT of money to have Cisco take 
>care of a portion of the system and trusted that they would be just as 
>dilligent in testing their changes.
>
>I know that the problem of antivirus vendors and their changes is 
>difficult, but that is why we have paid Cisco copious amounts.  Their 
>documentation and sales literature does not say - "Antivirus checks 
>will work some of the time, expect them to be problematic."  Cisco 
>needs to invest more in testing their changes.
>
>It would seem to me that Cisco needs to also do at least the following:
>
>IF support for all Antivirus vendors is untenable, reduce your list of 
>supported antivirus vendors.  Apologize profusely to schools who now 
>have to inform all the users of the unsupported Antivirus software.  In

>our market research before deployment, AU found that almost all of the 
>vendors of computers used Antivirus products from one of 3 vendors.  We

>also determined that we HAVE to have at least one "free" antivirus
option.
>
></rant>
>
>Thanks for listening,
>
>Eric Weakland, CISSP
>Director, Network Security
>Office of Information Technology
>American University
>[log in to unmask]
>202.885.2241
>  
>


--
John Stauffacher, CISSP
Network Administrator
Chapman University
[log in to unmask]
ph: 714.628.7249
"It's amazing how much you take for granted when you already know what
you are doing."
"there is no /usr/local on my C:\ drive!"

ATOM RSS1 RSS2