True or not... that's why there's such a high demand for security professionals. 

Plus apache is free, and I love me some apache, but then I'm a big supporter of open source.  And now that includes OpenSolaris.  Woohoo!

I agree that Microsoft does many things well, but it's just so expensive.

It's been a while since I've used BitDefender, but I really like they're linux products more than anything else.

I don't like the CA product for personal reasons.  I've used way too many CA "Security" products that wound up having so many holes that they knew about and decided not to fix, that their "Security" product wound up being the biggest hole in my environment.  I have trust issues with them.

I think Kaspersky is great.  I really like their software just because I feel they've been steady throughout.

Norton has their moments when I feel they get a big head and start lacking.

I've never used Panda.

I don't suppose there's a way you can upload it, so that I can get it is there?  I can put it on my list to decompile.  I think it'll be like 4th in line.   

I've had that problem with Vista already also.   The worst thing about it is that I put 3 boxes up with vista on it and 2 crashed after 2 days.  Microsoft told me they wouldn't support it because it must be hardware compatibility issues.  I upgraded from XP fracking morons.  Vista is hereby written off.  I deal with the XP woes of re-validating the license until Vista quits idling at 59%.  By the way, prepare for the same thing with Longhorn guys.  Vista on steroids. 

Hey Rich.  I've been out for a while, and I might be too late, but I've done a small to mid jabber roll out before.  What problem have you run into and which jabber server are you rolling?

I think ClamAV does okay for free AV.  I've run ClamAV on my qmail servers and on workstations before and don't know if it was luck or good administration, but was virus free for several years before I left that company.  I still follow up with that company and understand that they're still standing strong on that front.

For IDS/IPS.  I like snort with guardian.pl monitoring it.  Astaro does okay with theirs also.

I know the whole talk about this one is Linux vs. Windows, but I think the question these days should be closer to open source vs. closed source.  I grew up with 'nix platforms which strangely was the first operating systems I had ever seen.  You can imagine this GUI thing was very unfamiliar to me the first time I saw Windows and like everyone else was in "awe" at it's ease of use.  When I heard the price tag for it, I decided to stick with my 'nix.  However, I eventually realized how many cool tools I was missing out on like someone else mentioned earlier.  I mean, I have a ton of uses for Cain and Abel and love it.  BurpSuite is much easier to teach to my level 1 guys using Windows than it is Linux because they don't know Linux.  Windows is what they grew up on.  Things like that.  On the other side of that, MacOS X is a good tool to use for hacking I think because of the power built behind the Mac hardware.  BSD is also a fantastic resource.  Unless it's not available to me, I try to put some implementation of OpenBSD on my external facing sites, even if it's just a reverse proxy or something like that.  That being said, now you have Sun contributing to open source a little more with Open Solaris/Solaris 10 which includes zoning.  Huge tool because if you know how, you can push several tools into different zones and run them simultaneously without having to worry about one conflicting with the other.

There are some things that MickeySoft is good for and it all depends on it use.  I always fight putting a Windows Webserver up, and if I'm forced to, I fight to put something more than just a firewall to protect it.  Let something else take the blow that can actually take it.

Though I am a major supporter of open source and 'nix platforms, there are many great tools and things that I would miss if Windows wasn't around, but I definitely don't use it as much.  I think it is necessary though.

I agree with Chris, lock those dudes down with group policy, and if you do have DHCP, or if it's large enough to worry about, you can lock that down with DHCP by Reservations.  It's a little more overhead to administer DHCP, but it keeps this users from bringing in their home computers and connecting up.  The other solution I can think of is NAC with the switches, but I don't know if you have the right equipment or time for that.

SlimJim's idea is good too though if it is a small environment.  I can't remember, but I think Cain will run through and grab all of the MAC addresses for you though, but then so will a lot of other tools.

Is there some kind of web content proxy with AV or something in place or that can be implemented that you're looking at rolling?  I'm guessing and hoping that the mail piece is already there, and in somewhat decent shape.

Nice work and keep us in formed.  I'm either having a brainstorm or brainfart, I'm not sure which yet, but I'm enjoying the post, and get frustrated with these guys at the same time.  I can setup a lab if you need someone to help test ideas though.

SlimJim,

I feel you on the company you were talking about.  I had one similar that was cross platform 'nix, NT4, and Mac with everything (including workstations) on public ip addresses behind a commercial ISDN line... Yeah, not fun.

Keep up the good work guys.

I'm looking at Paros now in my lab, along with Spike, burpsuite (which I already like), webscarab, and Nikto.  I'll let you know what my thoughts are when I'm done in a couple of weeks... if I remember to.  haha

This sounds like a similar project that I did about 5 or 6 years ago.  Sounds interesting.  I think I'll keep watching this one.

I like the idea of ghosting the images and pushing back out.  What kind of budget do you have to work with?  Are thin clients or virtualization an option?  That might help a little.