REVIEW: "The Enterprise Anti-Virus Book", Robert S. Vibert
- BKENTAVB.RVW 20001019
"The Enterprise Anti-Virus Book", Robert S. Vibert, 2000,
%A Robert S. Vibert rv@...
%C RR1, Braeside, ON K0A 1G0
%I Segura Solutions Inc.
%O C$99.95 fax: +1-613-623-1645 info@...
%P ~ 140 p.
%T "The Enterprise Anti-Virus Book"
It is very difficult to know what to say about this book. For one
thing, it isn't really a book. It seems to be printed on a "one-off"
basis on each request, and is in a constant state of modification.
(It is printed on standard letter sized sheets, and "bound" in a 3-
ring binder.) To the specific points that I raise in this review, the
most common response from Segura was that the item would be addressed
in a future edition.
For another, the title, while not exactly wrong, needs some
explanation. The introduction indicates (without really ever so
stating) that this is a guide to buying antiviral software. It is
similar to my own antivirus evaluation FAQ, although much more
lengthy. More lengthy and much, much more complicated. There are 300
criteria on the checklist provided, and for each the user has to
provide his or her own scoring and weighting system.
Chapter one describes yardsticks for measuring antiviral vendors, and
makes a very strong promotional push for an expectation of support
from vendors and VARs (Value Added Resellers). Since Vibert has most
recently worked as a reseller of antivirus software, this should come
as little surprise. (Segura Solutions, in response to the draft of
this review, were most upset that this statement might suggest that he
or they have any commercial ties to resellers.) More important,
however, is that while the book lists a great many appropriate
questions to ask, there is very little content that would allow non-
specialists to intelligently analyze the answers they might receive.
Users should ask what kind of training resales agents have received,
but what standard training is available? Again, users should ask
whether the vendor provides up to date virus information, but there is
no gauge of the quality of that information. Yes, the queries are
apposite; they are, in fact, very similar to the questions I ask as I
am doing reviews of antiviral software, but I've got many years of
experience in determining what the answers mean, and how important
they are in the overall context of both an antiviral system, and a
given work environment. Readers of Vibert's book are left not only to
puzzle out what answers might be "correct," but how compliant
different answers are in relation to each other (and some absolute
standard), and how important each question might be to the company or
enterprise they are trying to protect. Some very vague and general
discussions touch on a few of the points, but many questions are
simply listed with no discussion whatsoever.
The second chapter deals with general antiviral aspects. The
discussion of antiviral actions and functions does cover a wide range,
but explanatory information is very limited. It is interesting that
the introduction makes the point that all enterprises are different,
but the text implies that one antiviral will fit all users, and places
an extremely heavy emphasis on real time (on-access) scanners. In a
similar way, the statement is made that all certification tests should
use at least 100 versions of every polymorphic virus. The number
isn't justified in any way, and this assertion ignores the fact that
polymorphs vary greatly: Whale has only thirty variations while Tremor
has almost six billion. Much space is occupied by material copied
from certification company Web sites. There is also some confusing
contradiction: ICSA is first promoted, but two pages later is not
listed as a reputable tester. No mention is made of the fact that
ICSA charges vendors for certification, or the implications that fact
Chapter three states a concentration on desktop, or non-server,
considerations, but duplicates much of the relevant material from
chapter two. Again, the emphasis on certain subjects is odd: there is
a large section on DOS TSRs (Terminate and Stay Resident programs) and
only a terse mention of email. Chapter four then turns to server
factors, but extraordinarily briefly.
The section on antivirus deployment and maintenance has the largest
checklist in the book. There is a great deal of duplication, at least
in terms of the concepts touched on. There is not much organization.
Once again, there are many questions, but little content to help the
reader analyze answers.
Email gets another mention in a chapter only four and a half pages
long. The explanation of email operations is poor, and there is no
discussion of the problem of "streaming" filtering at all. Chapter
seven, on groupware, is really just a replay of a subset of email
considerations. The last chapter, on firewalls, provides no
background at all on firewall technology or types.
For those who have some background knowledge of viruses and antiviral
technology, this book will provide you with a checklist to ensure that
you don't forget any points. It does, however, seem a rather
expensive checklist, and you will still be left with the problem of
how to weight and evaluate the mass of data you collect. For those
without a conceptual foundation, this work is as likely to confuse as
copyright Robert M. Slade, 2001 BKENTAVB.RVW 20001019
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
My mind not only wanders, sometimes it leaves completely.
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade