Well put. I think Eric has summed up the frustrations most of us have
felt -- and not just with the AV detection (its a lot better now than it
was [i.e. McAfee Online != McAfee Enterprise]), but with the client side
issues as well. I don't know who is steering the boat at Cisco with
regards to this product, the Cisco people I spoke with at Educause
seemed oblivious about its current lack of any level of quality control,
yet Cisco was heavily pushing it with their whole Campus Secure platform.
IMHO with Bradford's advances towards being totally switch agnostic, and
the fact that this place will never be a full cisco shop -- we might
just be re-evaluating CCA as a sollution. I don't want to, I went
through great pains with Perfigo to get the system working -- but I
don't think our IS dept can take another vicious brow beating because an
update of CCA rules, or an update of the client, or an update of the AV
detection broke some (read: alot) user(s)' machine(s). Its a very
delicate political spot to be in -- students pay money, they expect a
quality of service, they expect certain things. When they don't get it
-- it makes life hard on the rest of us.
I know Rajesh has been pretty active on conveying our thoughts for
future development, but what about current stable development. Is anyone
at Cisco (other than rajesh) reading this list, and can they provide us
with any explination as to why this stuff isn't being caught in some QA
cycle somewhere? We shouldnt be beta testers!
Eric Weakland wrote:
>All,
>
><rant>
>Forgive me for sounding off, but I am a little frustrated - this is not
>the first time there have been problems with AVG. . . and I feel that this
>needs to be said.
>
>As everyone who participates in this list is aware, the reputation of
>initiatives in the ResNet problem space is very hard to maintain when
>things break all of a sudden like this. Maintaining student
>belief/support in a system like CCA is an important aspect to the success
>of initiatives with students. Students pay to use the network/their
>computer as part of their tuition - unlike in the business space where the
>ability to change requirements on your users can be a little easier to
>push through.
>
>My staff and I spent over nine months testing every possible scenario that
>we could, producing tons of documentation and generally worrying about
>every detail. We wrote up use cases and tested them. We committed to the
>idea of having (and paying for) redundant systems and test environments so
>that we would NEVER deploy changes into production without rigorous
>testing. We paid a LOT of money to have Cisco take care of a portion of
>the system and trusted that they would be just as dilligent in testing
>their changes.
>
>I know that the problem of antivirus vendors and their changes is
>difficult, but that is why we have paid Cisco copious amounts. Their
>documentation and sales literature does not say - "Antivirus checks will
>work some of the time, expect them to be problematic." Cisco needs to
>invest more in testing their changes.
>
>It would seem to me that Cisco needs to also do at least the following:
>
>IF support for all Antivirus vendors is untenable, reduce your list of
>supported antivirus vendors. Apologize profusely to schools who now have
>to inform all the users of the unsupported Antivirus software. In our
>market research before deployment, AU found that almost all of the vendors
>of computers used Antivirus products from one of 3 vendors. We also
>determined that we HAVE to have at least one "free" antivirus option.
>
></rant>
>
>Thanks for listening,
>
>Eric Weakland, CISSP
>Director, Network Security
>Office of Information Technology
>American University
>[log in to unmask]
>202.885.2241
>
>
--
John Stauffacher, CISSP
Network Administrator
Chapman University
[log in to unmask]
ph: 714.628.7249
"It's amazing how much you take for granted when you already know what you are doing."
"there is no /usr/local on my C:\ drive!"
|
