AV - should companies keep buying it?
-
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
See bold text. And yes, I know. Beyond my control.
-
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
There are a lot of things that you can "install" (using install in the light sense) that can include ransomware, that doesn't require admin rights, as we saw at a now customer over the last few days. It was an end user account with access to the main document store that ransomed everything.
-
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
See bold text. And yes, I know. Beyond my control.
If you have end users acting as admins, then a powerful central AV is way more important and doing things potentially beyond standard AV functions that are making more of a difference for you.
-
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
See bold text. And yes, I know. Beyond my control.
Wow!
-
@scottalanmiller said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
You're spending money on AV today - should you ditch it for something like KnowBe4?
For internal IT? Almost always, yes.
For MSPs, not likely. Customers like the "monitoring feel", but dislike being told what to do.
In my case I have a customer who I consult for. They have Webroot today - they are asking - should we renew?
I'm thinking - nope, save the money. They are pulling Rojo's POV - not that it happens a lot, but they do get the notices when someone bounces into something bad, and they get a feel good feeling from it.
I'm thinking I should suggest either:
a) dump webroot and buy abc patch management software
b) dump webroot and buy knowbe4 and train train train your users
c) dump webroot and buy knowbe4 AND patch management software (not likely because of cost). -
@IRJ said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
See bold text. And yes, I know. Beyond my control.
Wow!
It is slowly changing for the better. Management's desire for bigger customers has shown them that we need WAY more security and best practices.
-
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
See bold text. And yes, I know. Beyond my control.
oh - sorry I stopped reading before that part - and the broken fonts on the site are not showing anything in Bold
@scottalanmiller - font issue is still here FYI.
-
@scottalanmiller said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
There are a lot of things that you can "install" (using install in the light sense) that can include ransomware, that doesn't require admin rights, as we saw at a now customer over the last few days. It was an end user account with access to the main document store that ransomed everything.
of course - I know this. I truly detest Google because Google Chrome and Chromium can be installed without local admin rights... and many programs can just run without the need for local admin - and yeah, infect, encrypt whatever it wants.
-
@IRJ said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
See bold text. And yes, I know. Beyond my control.
Wow!
Why do they need local admin? because shitty applications? will they allow you to try to make solutions to that? There was a recent thread around here about that - getting an app to run as admin, though the user doesn't know the admin password.
-
@scottalanmiller said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
See bold text. And yes, I know. Beyond my control.
If you have end users acting as admins, then a powerful central AV is way more important and doing things potentially beyond standard AV functions that are making more of a difference for you.
That's my take on it as well. My users are mostly excellent, they rarely do dumb things. In fact, they often call me over to look at stuff they deem suspect, and it makes me smile to know they stopped to think first. But I sleep better knowing webroot is there.
-
@RojoLoco said in AV - should companies keep buying it?:
@scottalanmiller said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
See bold text. And yes, I know. Beyond my control.
If you have end users acting as admins, then a powerful central AV is way more important and doing things potentially beyond standard AV functions that are making more of a difference for you.
That's my take on it as well. My users are mostly excellent, they rarely do dumb things. In fact, they often call me over to look at stuff they deem suspect, and it makes me smile to know they stopped to think first. But I sleep better knowing webroot is there.
Even IT people should not be local admins. It's partly about doing something dumb, but things can happen accidentally, too.
-
@Dashrender said in AV - should companies keep buying it?:
@IRJ said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
See bold text. And yes, I know. Beyond my control.
Wow!
Why do they need local admin? because shitty applications? will they allow you to try to make solutions to that? There was a recent thread around here about that - getting an app to run as admin, though the user doesn't know the admin password.
My understanding is that our internal application and CRM need local admin rights. Poor design? Yes. But as the product advances, and as large potential customers scoff at things like that (also CRM only works in IE), things are slowly changing for the better.
-
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@IRJ said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
See bold text. And yes, I know. Beyond my control.
Wow!
Why do they need local admin? because shitty applications? will they allow you to try to make solutions to that? There was a recent thread around here about that - getting an app to run as admin, though the user doesn't know the admin password.
My understanding is that our internal application and CRM need local admin rights. Poor design? Yes. But as the product advances, and as large potential customers scoff at things like that (also CRM only works in IE), things are slowly changing for the better.
LOL and OMG!
-
@Dashrender yeah..... it's like that.
We had a dev here a year ago or so that was able to get the CRM fully working in chrome, but it was an unofficial feature. So I know it can be done.
-
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender yeah..... it's like that.
We had a dev here a year ago or so that was able to get the CRM fully working in chrome, but it was an unofficial feature. So I know it can be done.
I can't believe you're getting new customers.
-
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender yeah..... it's like that.
We had a dev here a year ago or so that was able to get the CRM fully working in chrome, but it was an unofficial feature. So I know it can be done.
I can't believe you're getting new customers.
Haven't for a while, hopefully they fix that. We make software for property tax assessment... so not exactly the bleeding edge of technology in those government offices. I just recently shut down the last XP machine - its only purpose was for running a really old version of TeamViewer to support them. Super poor county with no means or desire to upgrade beyond that old TV and XP.
-
@Dashrender said in AV - should companies keep buying it?:
@scottalanmiller said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
There are a lot of things that you can "install" (using install in the light sense) that can include ransomware, that doesn't require admin rights, as we saw at a now customer over the last few days. It was an end user account with access to the main document store that ransomed everything.
of course - I know this. I truly detest Google because Google Chrome and Chromium can be installed without local admin rights... and many programs can just run without the need for local admin - and yeah, infect, encrypt whatever it wants.
Slack client, too.
-
@IRJ said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@scottalanmiller said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
See bold text. And yes, I know. Beyond my control.
If you have end users acting as admins, then a powerful central AV is way more important and doing things potentially beyond standard AV functions that are making more of a difference for you.
That's my take on it as well. My users are mostly excellent, they rarely do dumb things. In fact, they often call me over to look at stuff they deem suspect, and it makes me smile to know they stopped to think first. But I sleep better knowing webroot is there.
Even IT people should not be local admins. It's partly about doing something dumb, but things can happen accidentally, too.
I have this conversation all the time. "I'd never be an admin on my own box, so if the system admin wouldn't do it, why are the end users?"
And I'm not, my desktop account right now isn't the local admin.
-
@scottalanmiller said in AV - should companies keep buying it?:
@IRJ said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@scottalanmiller said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@Dashrender true, but in my small environment, it's more to remind them of company policy (don't install shit until I approve it). It hasn't been a huge issue, but it helps fill in the gaps left by everyone being local admin and the lack of web filtering.
What? How can they install something? They dont' have admin rights, right?
See bold text. And yes, I know. Beyond my control.
If you have end users acting as admins, then a powerful central AV is way more important and doing things potentially beyond standard AV functions that are making more of a difference for you.
That's my take on it as well. My users are mostly excellent, they rarely do dumb things. In fact, they often call me over to look at stuff they deem suspect, and it makes me smile to know they stopped to think first. But I sleep better knowing webroot is there.
Even IT people should not be local admins. It's partly about doing something dumb, but things can happen accidentally, too.
I have this conversation all the time. "I'd never be an admin on my own box, so if the system admin wouldn't do it, why are the end users?"
And I'm not, my desktop account right now isn't the local admin.
I made this change for myself about 8 years ago.. later than it should have been.. but meh, at least I did it.
I ditched Local admin rights here when I moved past Windows XP.
-
@Dashrender said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
@scottalanmiller said in AV - should companies keep buying it?:
@RojoLoco said in AV - should companies keep buying it?:
#3 is why I like webroot. Easy central control. Can you get any kind of management console for windows defender without giving MS a bunch more money?
You can make your own, but that's the same as spending money (basically.) The nice thing about Defender is that you rarely need central control. If that's something you need, then Defender is weak today. But rarely have we found a need for that.
The console is mostly to see who did something stupid so I can say "hey, don't do that shit".
But again, I ask - to what end? it's not likely the company will fire them if they do it again, or do it 10 more times. So why waste your breath? As an IT person I want to help people be safer on the internet, etc - but I've come around to realize that unless I'm the dictator - that's simply not a priority in most companies - and I just need to LET IT GO.
Why waste your time telling people not to do something? Then why train them with security awareness, like KnowBe4, as you brought up?