Slashdot Mirror
Anti-Viral Software Recommendations?
Kris_J asks: "My InoculateIT Personal Edition anti-virus scanner will no longer be updated from around mid-March. I've really enjoyed this package, particularly the price (it's free for personal use). The company is complaining that so many new ways are being found for virii/worms/trojans to spread that they can't afford to keep the personal edition updated. Whatever. Does anyone have a recommendation for either a particular anti-virus package/bundle, or a good place for trusted, independant, reviews of anti-virus software, or even products to avoid. (If Zonealarm Pro was bundled with an anti-virus option I'd just get that.)" For those of you who have to deal with operating systems where viruses are a problem, what software do you use to detect them and weed them out? How about software that will scan your entire network?
I have heard ver nice things about GriSoft.
I also recommend iptables on a linux firewall. Never had a virus yet (knocking on wood).
You are being MICROattacked, from various angles, in a SOFT manner.
I've been running some form of Windows for a little over 5 years with nary a virus. Instead of going with a system-resource-hogging-anti-virus program, I'd stick with a good firewall (free) and a bit of saviness (not opening strange attachements, etc...).
Norton Antivirus. Frequent updates, good intergration with windows (from 95 to XP) and easy to find from "alternative sources" ;)
Viva La Revolucion! Buy a Mac!
Cheers //Johan
Installed the Bubblemon yet?
This is a great product. It includes Norton's AntiVirus product (much better than McAfee, in my experience), as well as their 'software' firewall product (based on AtGuard). It also can block web ads in your browser. Very nice product, lots of features, and well worth the price.
At work, we use Sophos for Windows 2000 and 98 workstations. Antigen for Exchange 2000 (which utilises McAfee & Sophos engines in our config, but there are more). Norton with wrapper for Mailsweeper. Personally, I use Sophos on my Win2k workstation. It is constantly updated, and the support from Sophos is great. Plus it's a UK company ;) so I'm biased!
Definately, I use this both at work and at home, very good product.
The firewall allows you to configure rules based on applications, ports, local address, remote address, or any combination of the above. When you use a new product that tries to access the 'net you get a popup warning box which allows you to one-off block/allow or to configure a rule. Nortons "Live Update" allows you to stay easily up to date, and the firewall software automatically contains blocks for the most common trojan ports.
The firewall also allows you to have "privacy" controls to prevent your browser accepting / returning cookies and off-site information, along with add blocking, very nice.
The Anti-Virus seems pretty effective as well with the usualy quaranteen, dis-infect, delete options, and a nice auto-update facility.
You can find nortons page here
If you ever drop your keys into a river of molten lava, let'em go, because, man, they're gone.
then Alwil Software supplies the Avast antivirus package: avast.com
I haven't tried it and have no idea if it's any good, but it's free!
firstly don't get me wrong...I would rather people use this than nothing. All the win2k boxen at my workplace have this installed and it bugs the living shit out of me.
:)
Every site I try and view I get about 20 windows popping up asking me about cookies/directx/nonport 80 and god knows what else. After the 30th message on the 3rd webpage I give up and click "block" blindely to everything.
Now I disagree for this reason:
my home boxen has no anti virus software. It has no IE. It has no Outlook Express. It needs no anti virus software. I spent 10 minutes setting up an iptables firewall and 10 minutes updating my browser every few weeks/months and that prevents me getting virii. The email client does not consider running vbs scripts embedded in emails a feature so is not at risk.
So whats better..to have an OS that just doesn't really get virii and is very easy to protect? or to run a background process that constantly blocks every "feature" of your OS and has to ask your permission first. I know which annoys me more
Im personally using Mcafee, mainly because i have good experiences with it from work where we have it running both on all windows clients and linux file servers. And if you aren't behind a "real" firewall it does come with McAfee firewall included, which i haven't actually tried myself. I think there is a trial version but im not sure. And if you like all kinds of other crap^H^H^H^Hutilities then you can get it from McAfee as well.
An alternative i have heard some good things about though is Panda antivirus. One of the good things is that you can get an evalution version so you can try it before shelling out the money.
Another one i haven't seen mentioned on here, and that i actually own but havent tried (came with my motherboard) is PC-cillin. This one allows you to download an evaluation version as well.
I could mention a few others, but they have already been mentioned by others... (Norton antivirus for instance)
I miss the days where you had a lightweight anti-virus scanner that ran only when you wanted it to, or at most scheduled itself to run overnight and that's it. I was a big fan of F-Protect software but it seems to be prohibitively expensive now.
If there's one piece of software that can make your 2Ghz system perform like a Pentium 200 it's overly aggressive anti-virus software. It seems like Norton is the worst offender. It causes a noticable resource drain whenever you do anything with files. It's resident in memory all the time in various different places. It's hooked into the OS in so many different places that I worry if it will break when updates, hotfixes, etc are applied. I suppose it's great from a IT perspective where you have to assume your users are stupid, but I can't stand to deal with software like that at home.
Not like I use windows that much these days at home, but I sure don't miss all those "treat your user like a moron" anti-virus packagages.
I've been using Pccillin for about 2 months now. There's a free one month trial, and it found a virus in an old email attachment I had laying around on my file server. It automatically prompts for updates (typically once or twice a week) and it suits my purposes.
I believe most AV software can be configured to scan remote shares automagically (I know Norton 5.0 does).
I dont like windows based anti-virus software because it often requires infected parts of the os to run. i have seen Norton not clean stuff up properly and out right miss things witht the latest definitions.
Personally i use the free version of f-prot from f-secure
it runs in any version of windows, is updated weekly, is free, and works.
Like the original poster, i too use InoculateIT in my personal machine, and have been warned at update time that in May Computer Associates will stop supporting the product. It is a very lightweight anti-virus, with a simple and effective interface (is it me or aren't there getting so cheesy these days), that doesn't get in the way of work, and doesn't try to be everything to everybody and the same time. And guess what, it is also free. Practical alternatives nowadays, even non-free ones, are little to none. So one of these days, in one of my intellectual honesty attacks, i hatched up something it may end up being a radical idea: if this is such a great product, why can't i just upgrade to the e-trust version they are offering now? It has the same charm as InoculateIT, and the price is a little less than $10 each year. I mean, we all love free software and all, but i spend almost that each time i go out with my wife and daughter and we want to sit down have a coffee or whatever. $10 for peace of mind? It is as much as free. So you may ask, why haven't i upgraded yet? Well ... i am waiting for May. That way i get a couple months extra on yearly updates. ;-)
/Pedro
I recommend Grisoft's AVG. It's doesn't seem to slow my XP at all. In comparison I installed Norton and my machine slowed to a crawl. It checks all email and can be intergrated into the shell making it very easy to scan files. I download sharware and other programs a lot so I need to scan them. You can download updates regularly also. I has so far found a couple infected files and let me delete them safely.
If you use Windows, you have to spend money to get some basic software products. One of these is a good antivirus utility. It sucks, but that's life for the Windows user.
I am not a lawyer.
I have used the e500 email/http scanning appliance, ePolicy orchestrator management tool and NetShield NT.
If you don't have the resources to manage all this yourself, there is a managed service called VirusScan asap.
Keep your systems patched, especially office and the browser, and don't run in the administrators account. If the user base is likely to run executables that they download, list the executables that can be run in a policy. Problem solved. I have not seen a virus on my workstation farm in over 2 years, even when they are floating the rest of the company like crazy, and yet the workstations don't run NAV etc. 'cos it gets in the way of AutoCAD and SAMBA.
If cost is not an issue, I would recommend Norton Antivirus Coperate Edition. It is totally managed from the server which makes it much easier to administer in a large (and even small) workplace. The server is setup to download the latest virus definitions on the schedule that you choose. The clients then update from the server.
From what I've seen of it, once it is installled there isn't anything you have to touch after. It just does its thing.
get the latestAntiVirus Software now!
if this is such a great product, why can't i just upgrade to the e-trust version they are offering now? It has the same charm as InoculateIT, and the price is a little less than $10 each year.
eTrust Antivirus ($19.95, $9.95 annual renewel) will give you what InoculateIT Personal Edition did. eTrust EZArmor ($49.95, $19.95 annual renewel) is a broader package providing the features of their Antivirus, Personal Firewall and Content Inspection offerings. I haven't worked with EZArmor, yet, but I've used Inoculan, InoculateIT and eTrust Antivirus, liked them all (and the improvements made over the years) and expect good things from Armor.
Unfortunately, I can't tell you what I think of it.
Uh oh, by telling you I use it you might assume that I think it's great, so let me tell you right now that may or may not be the case.
I've had annoying problems with McAfee "finding" viruses in files that contain digitized data from scientific experiments. Plus, it seems to be somewhat buggy, crashing when it gets confused.
Mea navis aericumbens anguillis abundat
The antivirus saved me quite a few times, but the firewall is not so great (lacks configuration).
But I had a lot of problems: I had troubles registering, their shop really sucks and I had to download different version of their registering software, after lots of mails with their support center. It took me a month to have a working version!! And a few days ago my subscription was over, well before the year I bought... but their support service wrote me that it was their fault and they will update my subscription period in a few days.
So: buy just the antivirus, it's great and doesn't bog your pc, but don't buy it online!
Yes, but the upgrade cost for current InoculateIT Personal Edition users is just $9.95 yearly.
/Pedro
Scanning for and removing mail viruses should be handled by your mail gateway (as well as your desktops for the following reasons).
1) This way viruses are removed from your network at first opportunity
2) You can bounce messages and let the sender / recipient / admin know the sender has a potential virus problem
3) One server is easier to maintain than a few hundred desktops
3) 2 layers provide more protection than one
4) Why waste resources getting virus laden enail to desktops? A mail gateway provides a convenient choke point to get this stuff out of your network ASAP.
With that in mind here's a guide I wrote for my employer for doing so at clients, using Red Hat Linux, Postfix, and Sophos MailMonitor.
In the setup outlined below,
1) Postfix accepts incoming mails on port 25 and leads them to a content_filter.
2) The content_filter is Sophos MailMonitor, which takes over the mails on port 10025. After the mails have been scanned, they are placed back to postfix on port 10026.
3) Finally postfix delivers the mails.
Anyway, you should be able to read the guide at my rather unfinished website in a short while. If it isn't there yet, it will be soon.
You might be looking more toward the at-home, small-shop virus scanning, so my comments might not apply, but here they are anyway :)
We use Trend Micro end-to-end. Officescan goes on the clients (Win95, 98, 2000, NT). ServerProtect goes on the servers (scan in+out or just one or the other). Scanmail runs on our Exchange servers. VirusWall will eventually go behind our firewall, particularly since they are a Cicso parter, and therefore allow only certain traffic to be filtered to the virus scanner inline. That's a big deal since your inline scanner can easily become a huge chokepoint (like McAfee... Network Associates is pretty clueless in this area).
A better option on the desktop would be PC-Cillin. Officescan works great, but the new patern files and engine updates are in the 4 MB area, which is pretty slow to move to our 40+ remote offices over the average and already stressed frame relay connections (256k in many cases). Officescan uses a centralized server to push the updates and record scan results, and it can really slow down a network at the worst time (during virus proliferation... McAfee is not clueless here since they only ship the update portion to their clients). PC-Cillin pulls just the new part of the pattern file, so it's more like 200k on average.
ServerProtect also runs from a central server (all of the consoles are web-based, requiring java). The update and reporting actions are similar, but it's not as big a hassle since bandwidth to them is not a problem. Scanmail updates directly from the internet, has options to scan smtp, mapi or both as well as block attachments by type.
Performance-wise, we're pretty happy with them. Scanmail adds the most overhead, but it is well worth the effort. We also had an unresolved issue with backup software (Veritas BackupExec) running amuck on one particular system during the nightly ServerProtect scan, but we think it was related to the install of that particular machine. Reporting could be a bit less cumbersome, but it's still useful.
Our solution wasn't cheap for a network our size, but all the players charge pretty much the same thing. Trend did miss Nimda until the second day after all the trouble, but Symantec and McAfee miss lots of other virii too (not to hear them tell it, but I'll attest to it), so you're in pretty much the same boat either way.
Amateurs discuss tactics. Professionals discuss logistics.
Of course, all of you can say that is NOT an infalible procedure... but what the hell, none is ! Having dozens of desktops with anti-virus is not infalible also. Sure there are some very fine packages but if you co-ordenate your traffic in a good combination of redirectors for SQUID, disabling file-tranfers through messengers and having your gateway pretty much tied up, I believe that you can have some relaxation time!
- STATS :
- 5Gb net traffic (mail+web) per day
- 3 virus caught in 27 days
- 0 infections
Hope advises helped !I work with a virus removal group on the undernet that works from the channel #dmsetup. We often locate new stuff all the time. Below Im pasting all my links I usually give out to users. Included are keepers of the gates of hell (stuff you use before you get infected.) and some stuff that gets out out of hell (what you use after your girlfriend opened that attachment)
Cleaners and virus scanner suites
Housecall online antivirus scanner
PC-Cillin virus scanner suite
Central command Virus Scanner Suite
Puppet's Cleaner
Puppet's Cleaner Alternate Site
Mcafee virus removal suite
Norton Antivirus, virus removal suite
Frisk software's f-prot antivirus suite for windows dos and linux
Firewall software
Zone Alarm Firewall
Conseal Firewall
Various tools used to get out of hell or figure out what hell you are in.
Boot disk images
Dmsetup.org
Common port usage/abuses
Consider yourself blessed if you are sneezed on by a dragon and only get wet, it could have been a fireball.
BTW: I like Sophos too, but a personal licence is around A$295.