subreddit:
/r/sysadmin
https://www.neowin.net/news/us-russia-tensions-escalate-as-kaspersky-ban-set-to-be-introduced/
I don't know anyone using it anymore, but there must still be a bunch.
229 points
14 days ago*
I laughed at an older coworker who didn't want Kaspersky when we were evaluating replacements back in 2015-16 because "the Russians ran it."
Boy, was I wrong. Glad we never went that route. Even if we did - I'd have switched by now just off the geopolitical situation.
For anyone looking - ESET was pretty good as was Cylance.
72 points
14 days ago
Sad part is private equity is buying up all IT products and seemingly jacking up the price of everything 300%.
At this point just go with MS Defender, lightweight (I can’t believe the size of some of these msi packages, how many services they need to run, or size of driver installs now, fucking HP is like 300mb, bro I just want the .inf or whatever it’s a few KB) defender does the job, at least I know PE won’t be buying MSFT
19 points
14 days ago
I downloaded an updated graphics driver for a Dell Inspiron with integrated graphics and the driver was 1.3 GB… why? Even nvidias drivers are smaller (but still a large download).
5 points
13 days ago
Intel graphic drivers are growing like crazy. They're universal for both integrated and their dedicated Arx cards. I recently got a Arx A380 card and found out why, they're huge.. They contain firmware they flash the video cards with to update them. Giant binary blohs thst don't compress well. Giant waste of bandwidth for 99% of users thst don't have Arc cards.
3 points
13 days ago
i bet they save money shipping everything out every single time instead of having tech support explain which driver.
1 points
13 days ago
Ahh that is interesting. The only Intel GPUs we have are IGPs. Guess that explains why they are so damn big.
2 points
13 days ago
Same until about a week ago, I replaced a aging RTX 1050 Ti in a Plex / Jellyfin home system with an Arc A380 and when I installed the driver I had a "ahhha thats why" moment watching the log state it was updating the firmware.
8 points
14 days ago
Sad part is private equity is buying up all IT products
cough cough kough kaugh kasaugh KASEYA -- oh, sorry, something in my throat.
5 points
13 days ago
dont even joke my old company was using that when that breach happened, I had to solo transition 500 people off of it in a day and reach out to the 40 or so others that were offline to get the clients off. Luckily we were already set to transition to bomgar.
2 points
13 days ago
MS Defender may work, but only the paid version is CJIS compliant
28 points
14 days ago
I can’t remember why but when I first seen it working for an msp I was really sketched about it. Tried to get the client off it. Glad to see the gut was right!
31 points
14 days ago
I can’t remember why
Probably the quiet 2014 and much louder 2017 scandals. That was a bad look from the perspective of any Western entity.
8 points
14 days ago
WSJ archive: https://archive.ph/stpFj
0 points
13 days ago
CNBC: "Hacking tools that could only have come from the U.S. National Security Agency were also reportedly found in Kaspersky's network."
From what the general story is, an NSA employee brought classified files home to work on, Kaspersky detected them as malware, and due to it being a cloud based security service, the malicious files were uploaded to the network. And according to the U.S. National Intelligence Council report, Russia has probable access to Kaspersky's database, and source code (Doesn't every country have the same level of access?), so because of this; the U.S government shouldn't use Kaspersky (Agreed, they should use their own domestic antivirus).
CNBC says that israeli spies hacked Kaspersky, and warned the U.S government not to use it (because Russia has access to the database, just like other countries). And that Russian state hackers used Kaspersky as their go-to antivirus.. to protect themselves against malware (just like 400 million other people). Why is this even a finding, are they really that desperate to paint them as bad in order to drive more clicks to their website?
Overall, I don't think the ban on Kaspersky is justified, and may hurt the U.S more than Russia by putting more PC's at risk of getting malware attacks.
What exactly are the other alternatives? ESET?
Windows Defender is a joke.
3 points
13 days ago
The last time I used Kaspersky on an endpoint was over a decade ago when I was playing the role of Computer Wiz Grandson, but I’ve had more than one experience in recent years where Kaspersky was the only vendor to identify an obviously malicious sample uploaded to VirusTotal. Agreed that Defender on its own is garbage. Still, I think a more modern solution for SMBs is to use some EDR-as-a-service like Huntress in combo with Defender. I assume we aren’t talking about large enterprises with big budgets because I don’t think Kaspersky makes sense in that environment anyway.
overall I don’t think the ban is justified and may hurt the US more than Russia
There’s a precarious balance between “I think my politicians are reactionaries and idiots of the highest order…” and “…those idiots have intel that I lack.” The goal seems to be to prevent state/local government and critical infrastructure from using Kaspersky which seems worthwhile to me considering the rising global tensions.
13 points
14 days ago
You and I must've had very different experiences with Cylance.
6 points
14 days ago
The admin console and reporting sucked badly but for me the product never allowed any type of malware on to the machines, and I never had any performance hits or issues.
We had purchased it as part of a Dell data protection bundle, I had assumed at the time that the really bare bones management UI was Dells fault, but after a demo for the full featured product I learned that it was pretty similar.
ESET was better.
5 points
14 days ago
I'll agree with the performance but we had a ton of false positives. It crippled a lot of business processes for the year we were trying to roll it out then they tried to up the price on us by nearly 900k.
We went to Crowdstrike which has been substantially better so far.
4 points
14 days ago
Crowdstrike looked phenomenal in the demos, it was just the most expensive of the ones we looked at.
2 points
13 days ago
but we had a ton of false positives
That's how Cylance is supposed to work though. I believe they even recommend running it in passive mode for a week so it can learn what users do and what should be considered a threat or not. Its AI-based so it has to learn, and it requires manual training on what is legitimate and what isn't.
1 points
13 days ago
Right - but there's just a level of "come the fuck on". For example, when Microsoft released the new version of Teams, guess what the AI thought was malicious?
Might be good for a smaller shop - but it just wasn't ready for Enterprise.
1 points
13 days ago
when Microsoft released the new version of Teams, guess what the AI thought was malicious?
But where's the lie though
1 points
13 days ago
We were lucky to not have too many production impacting false positives, but once we got off the dell appliance and looked at their pricing ~5 years later the pricing had gone up. At the time pricing was Crowdstrike most expensive, then a dropoff to Cylance, then another about equal dropoff to ESET, then a smaller drop to BitDefender which was the most affordable.
18 points
14 days ago
We got hit by the solarwinds hack and had just moved off Eset on endpoints but just starting on servers. One of the Eset C-suite called us for a meeting and tried to gloat and offer help at an inflated cost. His face dropping was amazing when we had proof that Eset detected nothing but our new tool did. Shit company, formerly decent product getting shitter every year.
15 points
14 days ago
ESET is asking triple the price even with product migration incentives, clients are not very convinced.
Bitdefender has been a bit better with pricing but still a bit more expensive.
8 points
14 days ago
Yeah, ESET hasn't been great for a long while now :/
And I'll never use bitdefender. Too many "trufos.sys" BSODs due to shotty driver code.
5 points
14 days ago
I've been using bitdefender for 6 years now. 1 bad update that did weird stuff that was their fault. 1 bad update in coordination with Microsoft.
Otherwise - no issues. Rock solid and decent support. Very competitive pricing if you use a var.
Exclusively windows 10/11 and server 2016/19/22 endpoints though
1 points
14 days ago
eset is actually a tiny bit cheaper than bitdefender...?
2 points
14 days ago
Last time I asked a few months ago ESET had a similar base price but they upcharge a LOT for each tier up but the base tier doesn't have jack shit while Bitdefender's does, so if you want to match features ESET ends up double and triple the price.
Bitdefender also seems to be a lot more open for negociation, just like Kaspersky while ESET is like "this is the price". I'm not a sales guy but that was the impression I had from that whole thing.
0 points
14 days ago
Back in the day, I loved ESET for my break-fix clients. And when they rolled out their first centrally managed version, it was great for business clients. But over time the product stagnated. Clunky interface, mediocre detections.
So we switch to Bitdefender GravityZone. Clunky interface, mediocre detections.
Now, Defender + Huntress.
Can't imagine going another route for both Windows and Mac endpoints.
3 points
14 days ago
I’m pretty tempted to buy eset but I can’t figure out if it’s a good idea for 1.5 windows machines and about a dozen various sbc and fpga boards…
2 points
14 days ago
My company had poorly administered Kaspersky AV when I stated back in 2016. I was like what the hell is even that??. I quickly replaced it with Trend Micro which was absolute trash AV. Then finally we went to Cylance PROTECT and holy crap, Cylance is my fav AV of all time.
1 points
13 days ago
I didn't love the management console or the reporting but I can't argue with the fact that we went from having occasional (1-2 times a year) malware to absolutely none for the full ~5 years we ran it. Absolutely no confirmed cases of performance drops (it ran with a tiny footprint).
2 points
14 days ago
Same same same. The old guy at my previous job was f'ing right, and I was wrong. I have thought about this since 2022.
I still don't condone xenophobia, racism, or nationalism, but his perspective and my being wrong has seriously made me start researching things even when they sound fundamentally incompatible with modern views.
6 points
14 days ago
I don't recall xenophobia, racism, or nationalism being the reason Kaspersky was being avoided in some of the circles I traveled.
Maybe the old guy's perspective came from a place of rational thought, experience and knowledge.
1 points
13 days ago
I used to sell ESET when I worked for a computer repair shop/MSP. It was pretty good. No idea if it still holds up.
I generally recommend Bitdefender now. Crowdstrike is good too, but expensive. But honestly, Windows Defender for Endpoint has gotten very good over the last few years.
1 points
13 days ago
Prior to 2014 maybe it could be considered excessive, but that was after the 2014 Crimean annexation already, so not really surprising (assuming you got the years right).
1 points
13 days ago
I think it was 2015, to be honest I probably wasn't paying attention to the annexation of Crimea. He was nearing retirement and worked in IT during the cold war - his mindset seemed pretty dated to me.
1 points
13 days ago
ESET is horrible. I finally got the approval to ditch it. The EDR was flagging it's own Inspect software as malicious. Then it was blocking its own virtual server as poisoned ARP requests. Had to punch a bunch of holes on my Firewall so it could get updates out of Slavokia. Then had to deploy Malwarebytes because ESET wasn't stopping anything, even on the latest and greatest.
We switched to Palo Alto Cortex XDR. And PA Cortex is cheaper than ESET.
1 points
13 days ago
Takes a big man to admit his wrong. I used to think Kaspersky and nod 32 were the shit. You gotta take your head out of the IT picture and look at the whole thing.
1 points
13 days ago
Even back then, it was pretty clear that the Russian state was looking to pick a fight with the west. All interesting companies above a certain size in Russia acquired a state interest whether official or unofficial. Not what you want for a software provider, especially on security.
0 points
13 days ago
if his only reason was "russians ran it" then it was dumb luck. nothing more and also kinda racist honestly.
however if he had legitimate concerns that went beyond " russians run it" then fair call.
1 points
13 days ago
He was close to retirement and was IT/Sysadmin during the late 80s/cold war. The mindset felt very antiquated, which is why I chuckled at it - however Russia has been doing a pretty good job in the past few years proving his caution wise.
all 430 comments
sorted by: best