HayesJupe's Blog

November 15, 2012

SCEP 2012 vs others – making my blood boil

Filed under: Evil people,security — hayesjupe @ 6:21 am

We’ve had a number of customers recently move to SCEP 2012 from other solutions, particularly mcafee, but also some symantec, sophos etc.

These have generally been customers on an EA, with core cal already purchased and additionally , SCCM 2007 or 2012 already in place for deployment…. so for these enviornments, there is a cost saving with SCEP (as its part of the core cal) and since the SCCM infrastructure is already in place, the management overhead (when other products were in use) is reduced.

The biggest thing i see – and continue to hear from customers is the about the massive performance difference on the workstations after moving from something like Mcafee to SCEP…. Mcafee is a machine crippler, plain and simple. For those of you that have it…. build up two SOE machines, one with Mcafee, one with with SCEP and have a look at the performance difference for yourselves.

Anyhoo – a few days ago, a customer was telling me about independant reports which claim SCEP is quite bad (for various reasons) and how superior the administration of EPO is, the feature set etc etc…. so, i went looking for these independant reports.

This is the first one i found – http://www.mcafee.com/us/resources/demos/endpoint-protection-comparison/McAfee-EP-Microsoft-FEP.swf – and, well, as per the title of this post, my blood boiled.

This is flat out, religious style, mis-information, bullshit and quater truths trying to look legimate… some of the claims in the presentation are just ludicrous.

Now this slidehsow is based on FEP 2010 – but quite frankly, the majority of points have not changed between FEP 2010 and SCEP 2012 (but a couple have)

such as

Administration costs (slide 6) – These figures are just insane… where are these coming from ? 3 times as many new servers to deploy SCEP ? how? 1 server is required to deploy SCEP – and, if the organisation is already using SCCM (which isnt exactly uncommon!) – 0… none, nada, zilch new servers required to deploy. Even if geographically diverse orgs, if SCCM was only being used for SCEP – then 1 server is still only required, as BDP’S (SCCM 2007) or DP’s on a workstation (SCCM 2012) can be used for remote distribution (and this would depend on network speeds/topology etc)

The higher personell costs… well, intentionally vague because of what a ludicrous statement it is….. you need 1 (one!) automatic deployment rule to deploy updates… and in the client policy you set “deploy SCEP” to true…. now clearly this guy doesnt actually use the products he’s talking about, but think of the dumbest tech you possible can – even they could rollout and keep SCEP up to date, with a total admin effort of a few hours (a few mins for an SCCM experienced tech).

The comment about SCCM and forefront being “more complex to administer” – you’ve got to be fucking joking. EPO is definitely one of the better anti-virus administration tools out there – but it, as all software, has its own quirks and complexities too…. trying to clain that SCCM is more complex than EPO…. well ofcourse it is if you have used EPO for 5 years and never used SCCM! The same is true the other way around! Thats just a dodgey arguement.

License fee’s – well that all depends on if you are already licensed via an EA (which is very common in our market) – in which case its bundled in with your other CAL’s….. thats a very large and  important point to miss!

Licenisng for other OS’es – This is a fair point for FEP 2010, but as of SCEP 2012 SP1 (due Jan 2013-ish), SCEP supports MAC and Liunx

Admin and reporting (Slide 8)

EPO group membership is security orientated where-as SCCM collection membership is patch orientated…. just huh ? If i understood what he is getting at here, i could shoot it down…. but it just doesnt make any sense.

distributing updates faster – so… your saying you dont know how to configure SCCM ?

Reporting – No question, Mcafeee reporting is richer than SCEP reporting…. SCEP reporting will continue to get better over time (2012 is better than 2010, obviously)

Consoles (Slide 9)

Requires expertise in 6 different consoles! Thats just a flat out lie. SCEP requires you to know how to use the SCCM console, set policy, deploy software updates, view reports….. i.e. the normal things an SCCM admin already does. If you dont already use SCCM, then sure, you’ll have to learn SCCM, but again, the same is true for EPO!

Tampering and reboots (Slide 10)

“Barrage of windows updates, requiring many reboots” – so are we talking about general windows patching or antivirus here – you cant change topic when convienient. Sure windows updates require reboots, but this is completely seperate to antivirus – if you use mcafee, you still need to patch your machines, and those patches still will need reboots. What a disgusting twisting of the facts.

Tamper proof – “users can tamper with and disable forefront” ? really? So you haven’t configured SCEP to lock down the settings (the same as you need to in EPO) and then your complaining that users can change the settings you havent locked down?

 

There is no question Mcafee (and others) have been around longer, are more mature in some ways (reporting in particular) and have more “features”. I argue, and always will, that the additonal features (such as firewalls, execution prevetion etc) are a pain in the arse for most of our clients…. but sure there are some clients that have valid reasons for using them. The biggest doiwnside to these additional features is the crippling performance impact of mcafee (and others) – and important point which seems to have been left out completely. A number of these features are also already available within the OS and can be configured via group policy… sure its a different tool…. but show me one enterprise IT admin that doesnt know how to use group policy.

If you are a Microsoft-based IT enviornment already – chances are the licenses for SCEP are included in the licensing you already have – if you also already use SCCM for deployment, then you already have the infrastructure and skills to deploy SCEP very quickly and keep it easily updated. So its a very compelling case to look seriously at SCEP at save a big wad of cash….. if your not already licensed (which is unlikley if your an MS based enviornment) and dont have SCCM,  by all means, evaluate the different antivirus solutions for your company to see which ones meet your needs, but do not ever, use an “independent” report such as this one as a justification or to form part of your reasoning…. it is one of the most disgracefully, intentionally inaccurate pieces of “independent” advice I have ever seen.

Advertisements

1 Comment »

  1. Glad you posted this, I have the same frustrations when talking to customers who have seen similar things.

    Comment by Martyn — November 16, 2012 @ 6:08 pm | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: