Untangle and XP Antispyware 2011

[gpeters]

Quote:

Originally Posted by sky-knight

I just sell the customer the premium web filter. OpenDNS looses it's benefit when you have that filter present.

I now have a customer who is setup with the premium web filter and he has two PC's infected now with XP Antispyware 2011

I guess there is nothing that will stop this monster so far.

[sky-knight]

What are you using for desktop AV?

Untangle Premium at the edge, and NOD32 on the desktop, and I don't see these infections. The only time a box gets sick is if the thing goes home and doesn't have UT's filters.

[gpeters]

Using trend WFBS on desktops

[bigdessert]

yeah we use wfbs on over 100 customers sites and it won't really stop any variant of this malware.

[blueshoes]

Trend is only a mid pack AV in detection.

Here is one month out of a four month real world "whole dynamic test" to see how an AV uses ALL it's Suite's resources to stop a compromise or attack. This is one of the best and real world tests out there.


http://chart.av-comparatives.org/chart2.php

.

[sky-knight]

To be fair, NOD won't "stop" this infection by itself and it has a high rating according to that site. It does however contain things just enough that adding UT's defenses has built a wall strong enough that my ability to remove viruses is actually diminished thanks to a lack of demand for the skill reducing my need to practice it. Which I is the point I might add, that said, these tests are run using the default settings for the AV in most cases. I didn't dig in to see if that test was tweaked to enable heuristics and other advanced features some AV providers leave off.

I'd look into your central console and see if there are any settings you can use to harden the AV modules you have.

[westgj]

Quote:

Originally Posted by YeOldeStonecat

At clients that I have Untangle at...I have a huge drop in rogue/fake alert problems...but sometimes one still slips through. Yes...a huge drop! So Untangle does help substantially. And this claim is easily made because all other variables are usually quite equal among my clients.

Great summary.

I run Untangle Lite + Kaspersky at 3 sites. I am seeing a number of scareware malware still get through. Are you using the paid Web Filter and if so is that blocking most of these scareware trojans?

[f1assistance]

Quote:

Originally Posted by westgj

Great summary.

I run Untangle Lite + Kaspersky at 3 sites. I am seeing a number of scareware malware still get through. Are you using the paid Web Filter and if so is that blocking most of these scareware trojans?

The internet is a compilation of dynamic threats and basically we’re all attempting to mitigate risk with one hand tied behind our back. The question is what are we allowing through the gate which is serving the malicious content and allowing our “users” to compromise the domain?
Unfettered internet access cannot be defended and whitelisting works every time it’s tried. The key to information security is a dynamic balance between unlimited permissions and strict denial, and if this were easy anyone could do it...
I would use all the tools I can afford and spend the rest of my time attempting to educate users.

[sky-knight]

I haven't seen this particular bug in a while, it's been a couple of months. So either my users haven't found a site with it, or Untangle Premium + NOD32 are dealing with it now.

Rogue Anti-Malware is still one of the more common issues on random new client boxes that come in.

[gpeters]

I have most of my customer on premium too and have not seen in three months now or so