products were installed over the summer after what UBC’s manager of IT security Jens Haeusser called an intensive RFP process. Haeusser said the school was looking for an integrated anti-virus and anti-spam solution that would address the needs of multiple users on multiple platforms in multiple departments.
“We have quite a diverse set of users at UBC, both very knowledgeable and less knowledgeable, so we needed a product that can really meet both their needs,” said Haeusser.
During the testing process, Haeusser said Sophos had a 99 per cent success rate in correctly tagging spam, and less than .1 per cent were false positives. That’s a 39 per cent improvement over the anti-spam solution UBC was previously using.
Haeusser said Sophos’ licensing terms were also attractive for the university, allowing him to deploy the solution on an unlimited number of servers throughout the university, since many departments at UBC run their own e-mail server.
“They understood the university environment more then some of the other vendors we were dealing with,” said Haeusser.
Haeusser said he also liked the integrated anti-virus capability the Sophos solution offers. Previously, different departments each had their own desktop solutions for anti-virus. Now that can be more centralized.
“We don’t have central control over desktops, that’s probably the biggest issue,” said Haeusser. “We’re very decentralized. It some ways we’re more of an ISP when it comes to dealing with faculty, staff and students.”
Sophos senior security analyst Gregg Mastoras said post secondary education is a significant market for the firm, and universities tend to face two major challenges compared to a corporate environment. The first is running a wide range of systems, from Windows and Macintosh to Unix and Linux.
“That difference can create strains on their anti-virus and anti-spam technology,” said Mastoras. “You really need to have one technology to cover all those platforms because having different ones for each platform is very difficult.”
Mastoras said the second challenge is one of academic freedom. Students will likely want more e-mail to get through and not be intercepted, while professors or administrative staff may want a more sensitive system.
“That’s one of the strong points we have,” said Mastoras. “We can almost at the individual level define what that person will be seeing in their e-mail box, and they can have some flexibility too.”
He adds the system is designed to be fairly maintenance-free for the IT staff, with automatic updates and a reporting function that gives the IT manager a good high-level view of what is getting through and what isn’t, and what impact adjusting different settings would have.
Having a good anti-virus and anti-spam solution seems to becoming more important than ever. Mastoras said 2004 has been a very significant year for just the sheer volume of viruses, with an increase of about 30 per cent to date and trending higher. But perhaps more disturbingly, Mastoras said viruses are also becoming more sophisticated.
“The sophistication is really challenging for the everyday user,” said Mastoras.
A good example is the recent spate of phishing attacks, where a spoofed site designed to look like your bank’s attempts to trick you into divulging personal information, such as your PIN code.
“There’s an element of more organized crime getting involved,” said Mastoras. “Virus writers that in the past may have written viruses to gain notoriety within their community are now doing it for financial gain, and that’s fueling quite an increase in sophistication.”