Slashdot Mirror
Virus Prevention in the Small/Medium Business?
Morti asks: "I've been asked to select a virus scanner to be installed on the network at work. It's only a small office with six Windows XP PCs, two Linux servers and any number of Windows XP laptops that random people bring in. And I'm wondering, not just in this case but generally, what is the virus scanning / Internet security solution of choice for the small business these days? Costs need to be kept at a minimum, particularly because this business is a registered charity (a church, no less). We used to have Norton Internet Security but I'm not really keen to keep it. Besides Linux (which I've been pushing but nobody's interested), what is the most cost-effective and generally 'best' virus prevention and Internet security solution for the small/medium business?"
Small, reliable and free.
Linux, you magnificent bastard, I read the fucking manual!
...no one wants to preach two different religions :)
*ducks*
ClutterMe.com - easiest site creation on the Net. Just click and type.
you can read a spirited discussion on the pros/cons of OS X as a virus deterrent. You said that you have tried Linux to little avail--maybe they'd be happier with a non-Windows machine that can still run Microsoft Office?
--
$tar -xvf
You could install an active scanner, like mcaffee or norton, on all of the machines, though this can become a headache with the machines not updating often enough. This should be done anyway. You could also use passive scanners that are stand-alone apps that you click on and run periodically to clean viruses. This is typically the cheapest, and also by far the least reliable as it requires users to do it every once in awhile (assuming of course that you don't ant to run around to all the machines yoruself). You could also use clamav to filter just about anywhere. Squid has a plug-in for monitoring web-traffic, amavisd-new uses it for mail filtering, and Samba can use it for scanning incoming files on file shares (this catches a lot of viruses that try to copy themselves to available shares, ie Klez).
/* oops I accidentally made a comment, sorry */
Oy! I understand that /.ers might not always RTFA, but can't you at least read the goddamn summary? It's a friggin' paragraph, it's not like you need to be in Mensa to understand it.
Another one bites the dust
The laptops are going to be the biggest hassle, as people tend to take them home and who knows what crap they do there. Set up a NATD gateway with DansGuardian, ClamAV, Squid, and whatever other proxies for your systems to direct their traffic out. The NAT will protect them from worms and viruses randomly scanning for IP addresses and the other programs will filter for viruses if they check Hotmail, POP, or whatever else they might use. You can set up SMB-scanning with ClamAV to randomly check the computers on your network for viruses. If you have the option, I'd recommend Deep Freeze for your Windows XP computers. If more information is desired about anything I've said, please leave a message and I'll dig up information on how to configure said programs.
Remember that there are many different types of antivirus solutions out there. I assume that you're looking for a basic desktop virus scanner. I've heard all kinds of great things about AVG, which is supposedly free, but have no experience with it. If they are ever planning on growing their network/userbase, a managed AV client/server is the way to go. Otherwise, you have to worry about different configurations and whether or not systems are being regularly updated with the latest definitions.
If you're looking for something on the mail gateway side, I would highly recommend looking into ClamAV. The price is certainly right (free/free). Supposedly, ClamAV gets definitions for the latest and greatest viruses before commercial vendors are able to...although I have no evidence to back this claim up. The main selling points for me are first, that works. Second, it's free - there are no per-seat license fees. Third, there are no subscription models to deal with.
I'll close with a short on-topic rant. I can't stand antivirus subscriptions. Having to track, budget for, and renew subscriptions is a huge PITA. It's not a service - it's software. I'm sort of bummed that so many people have accepted this subscription BS, enabling the vendors to keep pulling it.
-Turkey
1: I recently switched from Norton to F-Prot, as it did a better job of finding malware than Norton/Symantec. (Though, allegedly, Kaspersky has a better detection rate) ... you should ask about low-cost non-profit pricing. It's free for personal use on Linux.
2: f-prot pro is $44 per "user"
3: consider running one network for the desktops, and a separate network with a firewall/dansguardian/snort for laptops so the nasty visitors don't plague your permanent machines
I've heard a lot of good things about NOD32 http://www.nod32.com/. Its a product you gotta pay for, and it runs on windows. It doesn't seem to have the bloat that Symantec or Mcafee has. They have a free trial, so it may be worth looking at. Another good one is Panda http://www.pandasoftware.com/. You will definately want to check out what they have for management options.
Now someone mod me down cause I didn't tell them to switch to linux.
Your primary danger is the laptop users. A laptop will get infected at home, the luser will bring it in and jack into your network, and the infected laptop will infect all the other windows hosts if you haven't been regularly patching them, or at least some other laptops (which were out of the office when you applied the latest patch)...
Ideally make windows clients perform a virus definitions update and then a virus scan as part of your Windows domain logon script. Make them install any outstanding Microsoft patches on logon too. Anything not on the domain doesn't get access to anything.
Keep laptops on an entirely separate subnet from your permanently resident machines and firewall all traffic between the two, whitelisting only the ports/protocols you absolutely need.
Then it goes without saying that you need active firewalling on the main internet gateway/router, email scanning/cleansing software on the mail server, and anti-spyware, anti-virus and maybe personal firewall software on each individual machine, as a start. Block dangerous filetypes at the web proxy. Disable any and all unnecessary Windows services, and don't let your users run with as administrators. Disable IE (don't just remove the icon - actually block it at the firewall) and Outlook (Express), install Firefox and Thunderbird or similar and keep them fully patched too.
All of the above won't guarantee the safety of your network, but it'll help. Remember that your lusers will actively attempt to circumvent all of your security policies however they can, and that they're all pathological liars.
As for what specific software you should use, I'd lean heavily towards Linux on all servers/routers, but can't help you on the Windows stuff. The last virus I got on an Amstrad 386 running DOS. I've been careful since then, but your users won't be - because they simply don't care.
v4sw6HPU$hw5ln6pr5$ck4ma8u7LMO$w2m6l7DL$i2e3t4MWb9AHKMRTen5a29s0r1p-5.88/-8.36g5CST
We are a school, and pay about $17/year per machine for Corporate Edition 10. A non-profit church should be similar.
Pluses are, it now scans for malware, (thank god!), and is pretty automated.
Minuses, I spent 35 minutes on hold on their "Enterprise support line" to get a guy to give me a username/password to download the newest build, as the one we are using crashes randomly. (why on earth do they not have an automated update functionality for the program itself?) Also requires a server, and can slow down systems quite a bit.. (uses 25MB of Ram, and 27MB of swap just sitting Idle right now on my box)
What are we going to do tonight Brain?
Surely the Lord will keep your laptops virus free?
Thank you. I'm here all week.
PocketGamer.org - For the gamer on the go!
After looking at several options (including trendmicro, norton, etc) I finally went with Sophos. Their AV line covers servers (NT, Novell, Linux, etc) through desktops, and has central management of all installations. Auto update (hourly, if you want) and all the features the other corporate editions of virus software had.
In either case, all these companies will give you trial software. Try each one out and find the one that you feel comfortable dealing with. In a small company it might be fine to use individual licenses (such as a bunch of boxed mcaffees) but when users start getting messages about expiration, or errors about incomplete updates it only makes your job harder. My setup involved 14 licenses (a few servers and a bunch of workstations) and the users never needed to deal with the software. I was also able to prevent them from turning it off or uninstalling it as well (for all but the most determined, anyway) and if they did mess with it I was alerted.
Your situation may be different, so try out several different companies. As a point of reference, my 14 licenses cost about $1,100 for two years. $40/year/computer may seem excessive, but when you start looking at corporate licensing from some other companies and the cost of recovery from a major virus break because a user disabled theirs to install a flash game then it is favorable by comparison.
As a non-profit, AVG might still be free for you (requires payment for commercial use). You may also find that other companies have discounts for non-profit or charitable entities, especially those located in your own country as they can deduct taxes.
Good luck.
-Adam
Basically, I am doing the exact same thing. Currently, they have 8 systems, 1 server, no wireless. I installed Norton AV on all of them last year, for around $100. Worked out fairly nice, Norton was offering 3 user packs for 19.99 after rebates. So it was like $6.00 per installation.
However, since norton has not released 2006 before the subscriptions on these systems were up, and $35 per machine was a little too much, I have been looking into CA eTrust. We already use it at one site, and it works really well. Great thing about eTrust, is that the installation is the same, regardless of the OS level. It works with just about everything. And if you have tried to install Norton Home edition or Pro on a Windows 2003 server, you know what I mean. Its rediculus to have to purchase a server and client copy for $400 to just protect one server.
Check out eTrust. Been pretty happy with it. The other option is doing shares, and run clamscan across the network to protect those machines.
I used to recommend McAfee. And then they started writing crap software. So I started recommending Norton. And then THEY started writing crap software. I use AVG at home and I'd recommend it without hesitation to home users. But the best Anti-virus on the planet at the moment is humble NOD32. It consistently scores above all the others, catches more viruses and returns fewer false positives. It's not too expensive, either. About $35-$40 a seat (US).
On the Linux side, I'd recommend AntiVir. It works. You might be asking why you'd need anti-virus on a Linux box. If it's serving files to Windows clients, it can still CARRY the viruses even if it can't be infected. It's best to have the server side covered if at all possible in case a workstation misses something.