Link to home
Start Free TrialLog in
Avatar of Member_2_2473503
Member_2_2473503Flag for Philippines

asked on

Symantec VS McAfee

Symantec VS McAfee

I’m curious what do you think is better?  Personally I prefer Symantec, but that is mostly due to that is what I know.  So I’m interested in what everyone at EE has to say on the topic.

Anyone who contributes original arguments either way will receive a share of the points.

eb

SOLUTION
Avatar of DVation191
DVation191

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of DVation191
DVation191

Kapersky - 33 Success / 13 Failure
SOLUTION
Avatar of Rich Rumble
Rich Rumble
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I also use NOD32 in both home and enterprise environments...haven't had a single spyware or virus problem since...and no noticable loss in system performance which is stunning.
Avatar of Member_2_2473503

ASKER

"One solution gives you comprehensive system protection and scalable network access control. It includes anti-spyware, anti-virus, anti-spam, firewall, and host intrusion prevention."

Symantec also has a product with all these included it's called Client Security (OK no SPAM).  V3.x incorperats anti-spyware.  You can also lock down the user interface in Client Security so far that the end user can do nothing.

eb
Yes but the Symantec product is of poor quality
Best Practices.
-rich
"Yes but the Symantec product is of poor quality" Please provide documentation supporting this kaerez

I have never had a problem with Symantec detecting or repairing a VIRUS.

eb
The virus bulliten is proof of this:
http://www.virusbtn.com/
Also the personal (non corporate) version
is very consuming of system resources.
My personal version does not cause me any problems with resource hoging.
Try a test, make note of system usage (again not in the corporate version)
in idle and on system scan then disable it and try NOD32 for instance.

Other than that facts are facts, Symantec takes longer to update new viruses
as per the Virus Bulliten and does not find all viruses or treats all viruses while
other AV's do.
Again, I have been using Symantec for many many many years now and I have never seen a time when they were behind on a virus update or unable to detect anything that tried to infect my system or other systems I managed (networks in the 1000s)

I even had a case where I worked on a DOD network with about 5000 hosts, split about 50/50 symantec McAfee.  The McAfee computers were all infected with the netskey virus but the Symantec clients remained clean.

Also McAfee released an update that treated Office files as viruses basicaly destroying the MS Office app. http://news.com.com/McAfee+update+exterminates+Excel/2100-1002_3-6048709.html

I don't think Symantec has ever done that.

eb
I'm just saying there are much better proven solutions the Symantec (i'm not saying Mcafee is good) and
gave you two examples, one is a non parcial testing body that constantly tests all AV solutions and the second
is a test you can perform your self.

I will not go into my own experiance as this isn't a show-off but I recommend you
take a look/try these items.

In the end this is only for your own good as none of us work for these companys.
No offence kaerez, but the topic is Symantec VS McAfee.  I know there are other's out there that are better, but face it most of the corperate world uses either Symantec or McAfee...

eb
Evaluation of products is always needed. What fit's on company and works well, might not for another. This "debate" has occured on EE more times than I can count, and the result is the same, no one wins outright. Some Companies won't use free software, even if it's the best of the best. They want reputable vendors they can trust, sue, and have a proven track record. McAfee and Symantec have that, and others are starting to get that, such as AVG, NOD32, ClamAV etc...

The reason I recommend McAfee is this:
It's served our company well, when we buy a company that uses norton as their AV, we move them to McAfee and thus far, the users of that aquisition have reported better preformance and reliability.
It has served my own customers/clients well.
I like the spyware detection, and especially it's mal-ware detection. I've personally submitted a few dozen tools and executables to McAfee for them to be included in detection, and all have been added.
I like mcafee's detection, mid-download, of the following programs, norton detects upon running, or during a system scan... what if I use the Sony-Root-kit once I've downloaded these... http://xinn.org/Sony-DRM.html
http://ntsecurity.nu/toolbox/fakegina/   http://ntsecurity.nu/toolbox/kerbcrack/    http://ntsecurity.nu/toolbox/klogger/   http://www.oxid.it/cain.html   http://www.openwall.com/john/   http://passwords.openwall.net/dl/pwdump/pwdump4.zip  http://passwords.openwall.net/dl/pwdump/pwdump3v2.zip
amoung others....

I have friends that swear by norton, I actually like norton, and especially the stand-alone scanners they release. It's a toss-up, mcafee releases Stinger with more definitions for viri, while norton releases single/variant single viri scanners. Stinger isn't as updated as often, so often times I use nortons stand-alone scanner/removers.

There are too many factors, too many variances to consider to say one product is supreme.
Security isn't a Product, it's a Process.
Period.
Even with best-practices, all the AV and Firewall's you can use, there are still exploits and hacks that get around all of it. The windows WMF vulnerability is a prime example, even if your user account was in the "Guests" Group, WMF gives (gave)the attacker system priv's, higher than Admin mind you. With system priv's you can do anything, install root-kits, turn off AV altogether, the sky is the limit.

Mistakes are made on all products, some consider this-n-that to be dangerous, and another detects that-n-this as dangerous. The issue isn't black and white, cut and dry, it's realitive and subjective, it's my opinion that you can't measure these products effectively on all fronts.
Each product has flaws: http://secunia.com/product/5555/#advisories  http://secunia.com/product/4793/#advisories

No matter what, your not protected 100% using either product, and I don't think either has a superior advantage over the other one. Both are good companies, both have their moments of shame, both will do their best to fix and protect you. Neither is good enough alone without, patching the OS regularly, following best practices, and using caution. your milage may vary.
-rich
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I don't think that's the issue, or far fetched... I've consulted for the Gov't, they have no clue like many others... doesn't matter the branch, they all use windows to some degree, and best practices elude everyone it seems, pitty. Flaming is not an option here on EE. Web-site defacement, network break-in's happen to the gov't, nasa, lexus/nexus, visa/master card, you name it.

-rich
I've been using McAfee/NAI ePolicy Orchestrator (ePO) for almost 5 years and recomend it every chance I get.
It is scalable (several 100,000+ host networks) and configurable (settings, scans, updates, etc) for all time zones and all functions.
My networks have typically been in the 1,500 - 2,000 host range.
On a daily basis, 100% of my computers (that have touched the network in the past 24 hours) have the most current definition files.
The detailed information (hardware, software, firmware, user info) collected from the 'agent' running on the remote host is enough to make even a crusty old Security Manager smile.
I have gone through four NT - AD migrations. Two with ePO and two without. The grunt work involved in the migration is probably halved with it.
BTW - asking Security folks which is the 'best' anything is bound to raise a ruckus.
The efficacy of several applications is about even - AT THE HOST LEVEL.
Nothing I've seen (11 years in Network Security) matches up to ePO.
And it is configurable (repeat) for % of processor used and time of scans
younghv,

If my statment is total BS, please tell me why me and my team spent 3 weeks scrambling to re-immage all the infected computers.
Sounds to me like your decision was made before the post, based on your vigorous defense of Symantec.  You got lots of reading for your 500 pts.

My 2 cents:  McAfee.  I switched from Symantec 2 years ago, everyone complained about resource hogging in the office.  Since the switch:  2-3 complaints.  Viruses: 0.
Yes I am all for Symantec, I just wanted to get others outlooks on the subject.

eb
I'm curious, does Symantec still allow the downloading of the util's I listed above, but find them upon a scan, or launch? I've not had a Symantec install in some time to test with.
There are plenty more you wouldn't want a user to DL, then hide using a rootkit type app. Note, that symantec doen't detect it's own "root-kit" (loose definition)
So running an old version of symantec, you can use symantec to hide FOLDERS from itself... or using blizard's "warden" software, hide folders and process's
http://www.sysinternals.com/blog/2006/01/rootkits-in-commercial-software.html
-rich
richrumble,
One of the options in the Symantec applications is a configure piece is to 'ignore' specific files OR entire folders.
This is controlled by the local user.

One of the reasons we (Army) started moving to ePO is that the configuration settings for the entire network are managed by the SysAdmins from a central console.
Vic
McAfee has this as well, you can ignore certain files by extension, full name, entire directories etc...
McAfee clasifies the files in the links I posted as "potentially unwanted" and in most cases they are, but for admin's they are needed sometimes and have legit purposes for admins. The average user doesn't/shouldn't have them on their pc's, and mcafee (unless otherwise specified like in the ignore list) will catch these before they finish being downloading. I'm wondering if Symantec does the same thing now, they used to download just fine, but not execute because norton would catch them upon execution, or during a system scan. If I can download them, I can hide them and use them. Spyware and Viri turn off AV's, add themselves to the ignore list's, and or hide themselves as well, nothing is 100%, but I like that McAfee catches these upon download.
-rich
With ePO (ePolicy Orchestrator), you manage the McAfee on your hosts - almost - as well as you do with AD.
You can have multiple groups and different configuration settings for each group.
For example, your SysAdmins group can have full blown control of everything on the local host (8.0.i), but the basic network user can't even stop a scan.
As a Network Security Manager, it is no contest between ePO or the various Symantec/Norton Enterprise products (I've used them both).
Our default daily scans are set for 2400 Hours local time - or - 'upon connection' for computers not live at 2400.
The ePO 'Agent' that gets installed on the local host is almost unstoppable in forcing compliance with the Server settings - I've had computers deployed all over the world that still check back in with my server for configuration compliance and updates.
For anyone who can modify a little bit of SQL code, the density of reporting information is better (more current) than what we get from SMS.
Vic
Exactly the same with Symantec.  

So it appears to me that in the corperate world Symantec and McAfee offer about the same thing and it comes down to personol choice.

As for the home user I agree with what has been said here that neither Symatec or McAfee is a good choice, but any of the others listed here are excelent options (thiugh I shy away from the free ones)

I will leave the question open till the end of the week to allow anyone else who wants to make an argument either way then split the points amung all who answered.

eb
eb,
I've been using both products from Symantec 7x-10x and ePO 2.x-3.5x and Symantec (in my experience) doesn't come close to providing the granularity of control and reporting of ePO.
If you have actually used ePO, then you can draw your own conclusions.
If, after using both products, you prefer Symantec, you will be the first one I know of.
Thank you all for the input, I agree that for home use there are many better than Symantec and will look into buying one of the products mentioned here when my Symantec subscription ends (in a few months).  However for the corperate environment I still like Symantec, but I do plan on testing McAffe in the near future to determin if it is better for my project.  I don't have much experience with McAffe (and all I have is bad), but I will definetly check it out.

eb
It's hard to switch to another vendor when you're already comfortable and familiar with another product, but NOD32 does make an enterprise version and home version just like mcafee and symantec:
http://www.eset.com/products/enterprise_edition.php
 Glad I could help contribute.
Unfortunatly my client will only accept my system if it has either Symantec or McAffe as these are the only AV/ security sueits that they approve for use... and they will not let me change there mind.

eb