Q&A: Vendors Of Anti-Virus Software

1. What are some basic features VARs should look for when selecting an anti-virus solution?

ISS, Greg Adams: Determining how long it takes the vendor to provide a working signature (i.e. solution) to offer protection is important. So is a low rate of false positives. VARs also need to be looking for a single product to stop viruses, worms, malicious code, spam, and unwanted Web content. Unified protection against all types of threats drastically reduces the total cost of ownership and provides proactive protection.

Sophos, Chris Belthoff: VARs that focus on specific verticals such as education look for anti-virus (AV) solutions offering protection across multiplatforms and support for older platforms that some AV vendors have abandoned. This is important since many schools, whether K-12 or higher education, are forced to work with limited resources and budgets.

Trend Micro, Dan Glessner: VARs should look for more than just traditional AV pattern file creation and distribution features. Instead, you should look for proactive services that address the outbreak lifecycle (e.g. preoutbreak, containment, post outbreak/damage cleanup). In addition, focus on multilayered AV solutions at gateways, servers, and desktops.

2. What types of mistakes do VARs make when selling anti-virus software?

ISS, Greg Adams: Overselling the capabilities of AV software is a common mistake. Because AV technology relies on the vendor constantly updating the product with new attack signatures, it is difficult for stand-alone AV solutions to block the new blended threats that replicate and spread within minutes to hours.

Sophos, Chris Belthoff: Some VARs don't stay in close enough contact with their clients and AV vendor during a virus outbreak. By providing your clients with immediate information during an outbreak, you build loyalty. So, when it comes time to renew, you can bet those clients will sign that purchase order. These days, AV products and services may be similar, but it's the quality and speed of service you offer that your clients will remember.

Trend Micro, Dan Glessner: One common mistake is overselling the perception that if customers install your AV solution, they will never see another virus. Instead, customers should be educated that the threat is evolving and that product updates/upgrades will be necessary, as will periodic reviews of policies and configurations. VARs should also consider offering employee safe-computing behavior training to their customers.

3. What are some common misunderstandings about anti-virus software?

ISS, Greg Adams: Although customers believe they are buying comprehensive anti-virus protection, they may be safe from only a small number of threats. A unified approach to protection reduces total cost of ownership by stopping a wide array of threats with a single product. Hybrid threats like SQL Slammer and MS Blaster demonstrate the need for desktop firewalls and intrusion detection/prevention technologies to be used in concert with traditional AV checks.

Sophos, Chris Belthoff: That all AV software is created equal. Furthermore, many people assume all AV software is easy to deploy, administer, and maintain - but that is not the case. There are vendors that offer solutions requiring intense training, while others, you simply set and forget.

Trend Micro, Dan Glessner: One misunderstanding is that AV software can stop a network virus or a virus that depends on exploiting a Microsoft operating system flaw, without the user doing anything. These network viruses cannot be stopped, but they can be mitigated and contained through outbreak prevention policies. Some people also think desktop protection is enough, which it isn't. Finally, small and medium business users cannot use the same software that enterprises use. Instead, it must be purpose built.

4. What features are VARs asking for from anti-virus vendors?

Sophos, Chris Belthoff: They ask for features such as small virus identities that won't clog a prospect's network pipeline, remote updating capabilities, centralized management that is easy to deploy and manage, and multi-platform protection, including legacy systems.