Solved

Symantec VS McAfee

Posted on 2006-07-09
34
8,562 Views
Last Modified: 2012-05-05
Symantec VS McAfee

I’m curious what do you think is better?  Personally I prefer Symantec, but that is mostly due to that is what I know.  So I’m interested in what everyone at EE has to say on the topic.

Anyone who contributes original arguments either way will receive a share of the points.

eb

0
Comment
Question by:Erik Bjers
  • 10
  • 6
  • 5
  • +6
34 Comments
 
LVL 20

Assisted Solution

by:DVation191
DVation191 earned 70 total points
ID: 17070066
Hello ebjers,
According to Virus Bulletin, a 3rd party antivirus testing company (http://www.virusbtn.com) shows McAfee with 26 Success and 18 Failure when tested for 100% detection versus the 33 Success  and 6 Failure Symantec has recieved.

VB100% Award Overview:
http://www.virusbtn.com/vb100/index

VB100% Test Procedures:
http://www.virusbtn.com/vb100/about/100procedure.xml

My personal favorite is NOD32 (38 Success / 3 Failure  )

Hope this helps.
0
 
LVL 6

Assisted Solution

by:kaerez
kaerez earned 70 total points
ID: 17071057
I recommend neither one of those two options either use Kaspersky or NOD32.
0
 
LVL 5

Assisted Solution

by:rgutwein
rgutwein earned 70 total points
ID: 17071901
I agree with kaerez, I personally use Kaspersky.  The ease of use, quick updates, scans are super fast, and best of all, it does not use a lot of system resources.  Check out the website below, and download a demo for yourself.  Believe me, you will not go back to Norton or McAfee.

http://www.kaspersky.com/
0
 
LVL 20

Expert Comment

by:DVation191
ID: 17071969
Kapersky - 33 Success / 13 Failure
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 70 total points
ID: 17072007
Best practices is what I recommend, it's what M$ is doing in Vista, if it ever releases, especally with IE
http://www.matasano.com/log/332/matasano-interviews-ie-lead-pm-christopher-vaughan
I've been testing this theory, and so far so good: http://blogs.msdn.com/aaron_margosis/archive/2006/06/02/614226.aspx
It's only a matter of time, but still, best virus solution I can think of. No added overhead, system resources not used, and no false positives or need to update. No spyware, it's great! The corp I work for (5000+ user PC's) has cut our helpdesk calls in half, simply because we have no spyware on the pc's anymore.
Following best practices, and adding AV, no matter what vendor, only adds to your overall security. http://xinn.org/win_bestpractices.html
Vista seems to be doing what I said they should do, and what everyone has been doing in the OS game for 8+ years http://www.macobserver.com/article/2005/07/21.14.shtml
-rich
0
 
LVL 97

Accepted Solution

by:
war1 earned 80 total points
ID: 17073260
Greetings, ebjers !

If your environment is Enterprise system, then McAfee is better than Symantec.  One solution gives you comprehensive system protection and scalable network access control. It includes anti-spyware, anti-virus, anti-spam, firewall, and host intrusion prevention.

If you are talking about personal computers, I do not recommend either one.  For free antivirus, I recommend AVG.  AVG has almost daily definition updates, easy to use, easy to protect your emails.

For paid version, I would recommend NOD32. http://www.eset.com/ NOD32 is fast and uses little resource of the computer, great heuristics to detect virus not yet defined.  When new viruses, worms and other malicious attacks strike, traditional signature-based technology is insufficient. Every minute you wait for an update is another minute that your comptuer and network are vulnerable to damage, infection, or identity theft. ThreatSense Heuristics closes the window of vulnerability by safely identifying and stopping malware as it runs on your computer.

NOD32 has consistently been rated as the best protection against zero-day outbreaks and attacks by the world's leading antivirus testing organizations.

Best wishes!
0
 
LVL 20

Expert Comment

by:DVation191
ID: 17073357
I also use NOD32 in both home and enterprise environments...haven't had a single spyware or virus problem since...and no noticable loss in system performance which is stunning.
0
 
LVL 23

Author Comment

by:Erik Bjers
ID: 17073373
"One solution gives you comprehensive system protection and scalable network access control. It includes anti-spyware, anti-virus, anti-spam, firewall, and host intrusion prevention."

Symantec also has a product with all these included it's called Client Security (OK no SPAM).  V3.x incorperats anti-spyware.  You can also lock down the user interface in Client Security so far that the end user can do nothing.

eb
0
 
LVL 6

Expert Comment

by:kaerez
ID: 17073386
Yes but the Symantec product is of poor quality
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17073388
Best Practices.
-rich
0
 
LVL 23

Author Comment

by:Erik Bjers
ID: 17073424
"Yes but the Symantec product is of poor quality" Please provide documentation supporting this kaerez

I have never had a problem with Symantec detecting or repairing a VIRUS.

eb
0
 
LVL 6

Expert Comment

by:kaerez
ID: 17073448
The virus bulliten is proof of this:
http://www.virusbtn.com/
Also the personal (non corporate) version
is very consuming of system resources.
0
 
LVL 23

Author Comment

by:Erik Bjers
ID: 17073466
My personal version does not cause me any problems with resource hoging.
0
 
LVL 6

Expert Comment

by:kaerez
ID: 17073495
Try a test, make note of system usage (again not in the corporate version)
in idle and on system scan then disable it and try NOD32 for instance.

Other than that facts are facts, Symantec takes longer to update new viruses
as per the Virus Bulliten and does not find all viruses or treats all viruses while
other AV's do.
0
 
LVL 23

Author Comment

by:Erik Bjers
ID: 17073542
Again, I have been using Symantec for many many many years now and I have never seen a time when they were behind on a virus update or unable to detect anything that tried to infect my system or other systems I managed (networks in the 1000s)

I even had a case where I worked on a DOD network with about 5000 hosts, split about 50/50 symantec McAfee.  The McAfee computers were all infected with the netskey virus but the Symantec clients remained clean.

Also McAfee released an update that treated Office files as viruses basicaly destroying the MS Office app. http://news.com.com/McAfee+update+exterminates+Excel/2100-1002_3-6048709.html

I don't think Symantec has ever done that.

eb
0
 
LVL 6

Expert Comment

by:kaerez
ID: 17073597
I'm just saying there are much better proven solutions the Symantec (i'm not saying Mcafee is good) and
gave you two examples, one is a non parcial testing body that constantly tests all AV solutions and the second
is a test you can perform your self.

I will not go into my own experiance as this isn't a show-off but I recommend you
take a look/try these items.

In the end this is only for your own good as none of us work for these companys.
0
 
LVL 23

Author Comment

by:Erik Bjers
ID: 17073711
No offence kaerez, but the topic is Symantec VS McAfee.  I know there are other's out there that are better, but face it most of the corperate world uses either Symantec or McAfee...

eb
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17073766
Evaluation of products is always needed. What fit's on company and works well, might not for another. This "debate" has occured on EE more times than I can count, and the result is the same, no one wins outright. Some Companies won't use free software, even if it's the best of the best. They want reputable vendors they can trust, sue, and have a proven track record. McAfee and Symantec have that, and others are starting to get that, such as AVG, NOD32, ClamAV etc...

The reason I recommend McAfee is this:
It's served our company well, when we buy a company that uses norton as their AV, we move them to McAfee and thus far, the users of that aquisition have reported better preformance and reliability.
It has served my own customers/clients well.
I like the spyware detection, and especially it's mal-ware detection. I've personally submitted a few dozen tools and executables to McAfee for them to be included in detection, and all have been added.
I like mcafee's detection, mid-download, of the following programs, norton detects upon running, or during a system scan... what if I use the Sony-Root-kit once I've downloaded these... http://xinn.org/Sony-DRM.html
http://ntsecurity.nu/toolbox/fakegina/   http://ntsecurity.nu/toolbox/kerbcrack/    http://ntsecurity.nu/toolbox/klogger/   http://www.oxid.it/cain.html   http://www.openwall.com/john/   http://passwords.openwall.net/dl/pwdump/pwdump4.zip  http://passwords.openwall.net/dl/pwdump/pwdump3v2.zip
amoung others....

I have friends that swear by norton, I actually like norton, and especially the stand-alone scanners they release. It's a toss-up, mcafee releases Stinger with more definitions for viri, while norton releases single/variant single viri scanners. Stinger isn't as updated as often, so often times I use nortons stand-alone scanner/removers.

There are too many factors, too many variances to consider to say one product is supreme.
Security isn't a Product, it's a Process.
Period.
Even with best-practices, all the AV and Firewall's you can use, there are still exploits and hacks that get around all of it. The windows WMF vulnerability is a prime example, even if your user account was in the "Guests" Group, WMF gives (gave)the attacker system priv's, higher than Admin mind you. With system priv's you can do anything, install root-kits, turn off AV altogether, the sky is the limit.

Mistakes are made on all products, some consider this-n-that to be dangerous, and another detects that-n-this as dangerous. The issue isn't black and white, cut and dry, it's realitive and subjective, it's my opinion that you can't measure these products effectively on all fronts.
Each product has flaws: http://secunia.com/product/5555/#advisories  http://secunia.com/product/4793/#advisories

No matter what, your not protected 100% using either product, and I don't think either has a superior advantage over the other one. Both are good companies, both have their moments of shame, both will do their best to fix and protect you. Neither is good enough alone without, patching the OS regularly, following best practices, and using caution. your milage may vary.
-rich
0
 
LVL 13

Assisted Solution

by:haim96
haim96 earned 70 total points
ID: 17075079
i can see that it's long post and i didn't read all of it ...
any way , as home user ,from Symantec or mcafee ,i preferd  McAfee. whay ?
after some time i worked with Symantec i discaverd that since it so popular most of  virus know
how to disable it ! plus it run very heavy on my machine (and i have strong machine)
and even couldn't stop alot of worms and virus programs.
so i moved on to McAfee for some time and things get better but still not perfect.
(so i moved on again to zone alerm pro but this another story ...  :) )

for network protaction i suggest to use dubble protaction any way ! (and we do so ...)
McAfee for servers and Symantec for machines.

0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 70 total points
ID: 17080829
FOR EBJERS:
Regarding your statement:
"I even had a case where I worked on a DOD network with about 5000 hosts, split about 50/50 symantec McAfee.  The McAfee computers were all infected with the netskey virus but the Symantec clients remained clean."

So, you're saying that a DoD network had about 2,500 infected computers?

That statement is complete BS.

Feel free to contact me at my posted email address.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17080871
I don't think that's the issue, or far fetched... I've consulted for the Gov't, they have no clue like many others... doesn't matter the branch, they all use windows to some degree, and best practices elude everyone it seems, pitty. Flaming is not an option here on EE. Web-site defacement, network break-in's happen to the gov't, nasa, lexus/nexus, visa/master card, you name it.

-rich
0
 
LVL 38

Expert Comment

by:younghv
ID: 17080872
I've been using McAfee/NAI ePolicy Orchestrator (ePO) for almost 5 years and recomend it every chance I get.
It is scalable (several 100,000+ host networks) and configurable (settings, scans, updates, etc) for all time zones and all functions.
My networks have typically been in the 1,500 - 2,000 host range.
On a daily basis, 100% of my computers (that have touched the network in the past 24 hours) have the most current definition files.
The detailed information (hardware, software, firmware, user info) collected from the 'agent' running on the remote host is enough to make even a crusty old Security Manager smile.
I have gone through four NT - AD migrations. Two with ePO and two without. The grunt work involved in the migration is probably halved with it.
BTW - asking Security folks which is the 'best' anything is bound to raise a ruckus.
The efficacy of several applications is about even - AT THE HOST LEVEL.
Nothing I've seen (11 years in Network Security) matches up to ePO.
And it is configurable (repeat) for % of processor used and time of scans
0
 
LVL 23

Author Comment

by:Erik Bjers
ID: 17082452
younghv,

If my statment is total BS, please tell me why me and my team spent 3 weeks scrambling to re-immage all the infected computers.
0
 
LVL 7

Expert Comment

by:jdietrich
ID: 17083931
Sounds to me like your decision was made before the post, based on your vigorous defense of Symantec.  You got lots of reading for your 500 pts.

My 2 cents:  McAfee.  I switched from Symantec 2 years ago, everyone complained about resource hogging in the office.  Since the switch:  2-3 complaints.  Viruses: 0.
0
 
LVL 23

Author Comment

by:Erik Bjers
ID: 17083988
Yes I am all for Symantec, I just wanted to get others outlooks on the subject.

eb
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17084158
I'm curious, does Symantec still allow the downloading of the util's I listed above, but find them upon a scan, or launch? I've not had a Symantec install in some time to test with.
There are plenty more you wouldn't want a user to DL, then hide using a rootkit type app. Note, that symantec doen't detect it's own "root-kit" (loose definition)
So running an old version of symantec, you can use symantec to hide FOLDERS from itself... or using blizard's "warden" software, hide folders and process's
http://www.sysinternals.com/blog/2006/01/rootkits-in-commercial-software.html
-rich
0
 
LVL 38

Expert Comment

by:younghv
ID: 17084404
richrumble,
One of the options in the Symantec applications is a configure piece is to 'ignore' specific files OR entire folders.
This is controlled by the local user.

One of the reasons we (Army) started moving to ePO is that the configuration settings for the entire network are managed by the SysAdmins from a central console.
Vic
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17084549
McAfee has this as well, you can ignore certain files by extension, full name, entire directories etc...
McAfee clasifies the files in the links I posted as "potentially unwanted" and in most cases they are, but for admin's they are needed sometimes and have legit purposes for admins. The average user doesn't/shouldn't have them on their pc's, and mcafee (unless otherwise specified like in the ignore list) will catch these before they finish being downloading. I'm wondering if Symantec does the same thing now, they used to download just fine, but not execute because norton would catch them upon execution, or during a system scan. If I can download them, I can hide them and use them. Spyware and Viri turn off AV's, add themselves to the ignore list's, and or hide themselves as well, nothing is 100%, but I like that McAfee catches these upon download.
-rich
0
 
LVL 38

Expert Comment

by:younghv
ID: 17085533
With ePO (ePolicy Orchestrator), you manage the McAfee on your hosts - almost - as well as you do with AD.
You can have multiple groups and different configuration settings for each group.
For example, your SysAdmins group can have full blown control of everything on the local host (8.0.i), but the basic network user can't even stop a scan.
As a Network Security Manager, it is no contest between ePO or the various Symantec/Norton Enterprise products (I've used them both).
Our default daily scans are set for 2400 Hours local time - or - 'upon connection' for computers not live at 2400.
The ePO 'Agent' that gets installed on the local host is almost unstoppable in forcing compliance with the Server settings - I've had computers deployed all over the world that still check back in with my server for configuration compliance and updates.
For anyone who can modify a little bit of SQL code, the density of reporting information is better (more current) than what we get from SMS.
Vic
0
 
LVL 23

Author Comment

by:Erik Bjers
ID: 17085606
Exactly the same with Symantec.  

So it appears to me that in the corperate world Symantec and McAfee offer about the same thing and it comes down to personol choice.

As for the home user I agree with what has been said here that neither Symatec or McAfee is a good choice, but any of the others listed here are excelent options (thiugh I shy away from the free ones)

I will leave the question open till the end of the week to allow anyone else who wants to make an argument either way then split the points amung all who answered.

eb
0
 
LVL 38

Expert Comment

by:younghv
ID: 17086607
eb,
I've been using both products from Symantec 7x-10x and ePO 2.x-3.5x and Symantec (in my experience) doesn't come close to providing the granularity of control and reporting of ePO.
If you have actually used ePO, then you can draw your own conclusions.
If, after using both products, you prefer Symantec, you will be the first one I know of.
0
 
LVL 23

Author Comment

by:Erik Bjers
ID: 17115154
Thank you all for the input, I agree that for home use there are many better than Symantec and will look into buying one of the products mentioned here when my Symantec subscription ends (in a few months).  However for the corperate environment I still like Symantec, but I do plan on testing McAffe in the near future to determin if it is better for my project.  I don't have much experience with McAffe (and all I have is bad), but I will definetly check it out.

eb
0
 
LVL 20

Expert Comment

by:DVation191
ID: 17115237
It's hard to switch to another vendor when you're already comfortable and familiar with another product, but NOD32 does make an enterprise version and home version just like mcafee and symantec:
http://www.eset.com/products/enterprise_edition.php
 Glad I could help contribute.
0
 
LVL 23

Author Comment

by:Erik Bjers
ID: 17115261
Unfortunatly my client will only accept my system if it has either Symantec or McAffe as these are the only AV/ security sueits that they approve for use... and they will not let me change there mind.

eb
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now