Implementing an enterprise anti-virus and anti-spam strategy, adventures in the real world presented at Virus Bulletin 2005

by Earl Greer (,


Summary : "
As Robert Heinlein said, there is no security this side of the grave. Therefore the goal of IT security staff is to pursue endlessly the unattainable holy grail of perfect security in an imperfect world. Well, it's a living.
The authors briefly discuss their real-world experiences in implementing anti-virus and anti-spam strategies at a government organization with 20,000+ workstations. Mistakes were made by both customers and vendors, and yet in the end a reasonably secure system was constructed.
The most valuable lesson learned was the importance of communication between the customers and the anti-virus vendors. The major problem was that each side was not aware of, or had unrealistic expectations of the other's challenges and capabilities.
The bulk of the paper is about looking forward. What kinds of simple and affordable technologies exist, but are not being utilized to their fullest potential by the market? Are there opportunities where value is not being exploited?
The authors believe that a reasonably inexpensive, but effective system could be created, striking a compromise between the needs of the enterprise and the high costs of development that a vendor in the marketplace is forced to recover.
Developing this system will require new means of dialog among vendors and customers so that each can understand the capabilities and limitations of the other. For the solution must include not just new products, but products and services that meet what the customers now perceive to be their needs. "