Do you push Antivirus update immediately or test them first?

Discussion in 'other anti-virus software' started by hutchingsp, Aug 1, 2013.

Thread Status:
Not open for further replies.
  1. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    Probably aimed more at those in a corporate or educational environment but:

    Let's assume around 600 machines and layers of defence i.e. firewall does URL filtering and antivirus etc.

    I'm have a dilemma which seems pretty much 50/50:

    • Push updates immediately and get the maximum protection from new threats.
    • Stage updates to a test group and push after X hours resulting in less protection from new threats but protection from "Our new update thinks <vitalsystemfile> is a virus"
    Which do you do and why, and if you do the second option what is the value of "X"?
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Approach will depend on the AV been choosen and setup of the machine you have to protect.

    In a controlled environment, limited users access (no permission to install software, no access to system, etc) then AV updates can be more flexible. E.g. Wait one day for the distribution or take a sample for testing before release to the rest, etc. Stricter is the control on machine more lax could be the setup of AVs as the chances to get infected on closed machines is minimal.

    If those 600 machine are open to user customisation then priority is to release AV updates as soon as received and you should select an AV with an history of low false positives to minimise risk.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    With a good backup plan (personally have hourly snapshots and offline imaging), I update them as soon as the stable version is released.

    @fax: Aren't open machines the ones more likely to have errors?
     
  4. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,094
    This is someone's else job. And it's already done => QA......
    i.e. =
     
  5. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
  6. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,094
  7. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Errors? You mean malware infection?
     
  8. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    No, because the machine setup is less static, there can be more false positives, incompatibilities, and the like.
     
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Yes, indeed and hopefully not the scenario for the OP as it will be near to impossible to manage given the number of machines to support and should be supported by imaging/backups
     
    Last edited: Aug 3, 2013
  10. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    I don't know if you're still reading this thread but if you do, I suggest going with this 2nd option. It's better to do your own testing beforehand as it may reduce the likelihood of deploying updates that may interfere negatively with a corporate/educational environment. AV vendors may have extensive QA but they can't possibly predict all forms of incompatibilities that may arise with custom setups.

    As for X hours, up to your convenience and risk aversion.
     
Loading...
Thread Status:
Not open for further replies.