We in the EDU world have thousands of computers that aren't members of our domains, have any of a hundred different anti-virus and anti-spyware solutions if they have one at all and can be running Windows, Mac OS (9 or 10) and/or some obscure Linux distribution. So where support for Symantec, McAfee, Trend and CA will cover 99% of the corporate users here at a state school with an arts concentration support for Avast and AVG are equally important.
One vendor that called this week started his spiel bragging about how their agentless system would eliminate the pain our students had installing the SafeAccess agent. When I asked how his system remotely read the Windows registry to see if the latest virus definitions were installed when I didn't have administrator privileges on the system he had to get me an engineer who admitted an agent was required for unmanaged PCs like those in the EDU space.
When it comes to quarantining unhealthy systems corporate network managers can stick the occasional consultant or other guest in an access the internet only subnet protecting their servers and workers from their system. While you'd like them to remediate; truth is if they don't, they don't.
Our students would be perfectly happy if we gave them internet access in quarantine. If they can get to YouTube and "share" music via Gnutella they don't care if they can access the registration system from their dorms rooms, except of course during registration. If we didn't block internet access most students wouldn't remediate.
We have two big problems with our current solution. The first I classify as "Who'd a thunk it" when we tested the system over the summer we made sure it could support Windows 2000, XP and Vista and Mac OS X. As students started arriving we found more OS 9 systems than we expected and discovered that HP is pre-installing the 64bit version of Vista on consumer laptops. Since 64bit Vista still has a somewhat narrower set of drivers than the 32bit and should benefit machines with more than 4GB of memory we didn't test , and discovered that SafeAccess doesn't fully support the 64 bit version.
The second problem is remediation. Many of our students aren't up for installing service packs, anti-virus updates Etc. Through in the old antivirus software that sees service packs as viruses and the helpdesk is swamped. Once again the corporate folks, with fewer variables, have an easier row to hoe here.
The story's not over yet…