From: Kal H (calikali2006@yahoo.com)
Date: Mon Mar 13 2006 - 01:48:07 GMT-3
You are right. CSA keeps hosts safe and also does reporting.
Actually CSA and anti-virus are a little different in how they work.
Based on how they work, CSA can make new virus ineffective. CSA wont let new virus to come on to ur host, wont let it install on ur host, wont let it to propogate it from ur host to other vulnurable hosts, it wont let the whole network go down. ( even if the virus is new )... You can imagine CSA as a tool sitting on the computer and watching what you are doing ( installing, uninstalling , running applications that change registry settings, running applications that install or put some files into system directory, etc... anything that could be harmful ) It doesnt care about the files/applications/virus/ till you actually start running them ( or those apps run by themselves ). It is at this point CSA kicks in into action.
You know anti-virus works differently ... it looks into files weather you use them or not.
All the above cannot be dont by anti-virus, incase of new virus. You need to update ur signature or .dat files for that specific anti-virus software.
Thanks
Kalyan
Tim <ccie2be@nyc.rr.com> wrote: Kalyan,
Thanks for your input. That's some very valuable info to have.
I imagine that everything you've said about CSA and anti-virus also applies
for the other forms of malware, right?
This means that CSA should really be thought of as another tool to help keep
hosts safe but one that provides good reporting based on a security policy.
Thanks again, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Kal
H
Sent: Sunday, March 12, 2006 7:33 PM
To: Tim; 'Shaun Nicholson'; ccielab@groupstudy.com; security@groupstudy.com
Subject: RE: CSA vs anti-virus, anti-spam, popup blockers, etc
Hi Tim
I use CSA. I have Norton anti-virus software. They work without any
problem with each other.
I visualize these two softwares as one working over the other. Anti-Virus
is the first layer that will detect any kind of virus es and try to stop
them. CSA is more based on user input than antivirus software. Any software
( unknown to CSA ) you install, CSA will catch it, pop up a dialog box and
ask the user what to do with that software ( if the installation tries to
change any system files or adds more files to the system directory ) . If
there is no user input for a default of 5 mins, CSA will kill the
installation. CSA cannot clean virus. It will just make virus ineffective.
CSA doesnt scan to find any virus ( anti virus usually scans for virus. ).
From this behavior, I am assuming CSA signatures, if any, are not as
effective as a good anti-virus software's.
But it will very efficiently supress the effect of any virus, that escaped
the regular virus checks ( eg,. a new virus )
Hope this helps a bit.
Kalyan
Tim wrote:
Hey Shaun,
Thanks for your input. Do you know if I have to be concerned about
conflicts if I'm running CSA along with anti-virus software?
Will these 2 programs play "nice" with each other?
If CSA is being deployed, does it make any difference which anti-virus
software is used?
(I've heard rumors that CSA can be "picky" about which anti-virus software
package is running on the same box.)
Amy thoughts or comments?
TIA, Tim
-----Original Message-----
From: Shaun Nicholson [mailto:shauninusa@geordiepride.com]
Sent: Saturday, March 11, 2006 8:30 PM
To: 'Tim'; ccielab@groupstudy.com; security@groupstudy.com
Subject: RE: CSA vs anti-virus, anti-spam, popup blockers, etc
Its another tool, if you get a virus or worm with CSA you still have a virus
or worm on your system and can still affect other machines it simply stops
it from totally affecting your machine.
Shaun Nicholson CCIE 6705
CCNP, CCSP, INFOSEC, JNCIA-M
-----Original Message-----
From: Tim [mailto:ccie2be@nyc.rr.com]
Sent: Saturday, March 11, 2006 5:13 PM
To: ccielab@groupstudy.com; security@groupstudy.com
Subject: CSA vs anti-virus, anti-spam, popup blockers, etc
Hi guys,
Should I think of CSA (Cisco Security Agent) as an alternative to all the
various anti -badstuff software that's out there or think of CSA as just
another tool that can be used to further protect a system?
>From what I'm hearing, CSA if properly setup and configured can negate the
need for all that anti-badstuff software.
Please feel free to offer your thoughts and comments.
TIA, Tim
-- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006
--------------------------------- Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze.
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:38 GMT-3