Slashdot Mirror
Alternative Enterprise Anti-Virus Solutions?
Darth_brooks asks: "I admin for a great non-profit organization that has spent the last year rebuilding after a massive fire. We've got a pretty tight system running now, especially compared to the unmanaged chaos that existed before the fire. Firefox for surfing and T-bird for for e-mail, WSUS for updates, and we're slowly replacing Office with OpenOffice. But out anti-virus solution (command AV, a holdover from our old system) is not cutting the mustard. Specifically the management console isn't exactly reliable, and we just don't feel like we're getting our money's worth. What alternatives can the Slashdot crowd suggest?"
"The two obvious names that come to mind are Norton and Mcafee. Since all of our machines are donated, we really don't have the resources for Norton (who does?) and Mcafee's just been dealt a black eye. In addition, we're on a limited budget. Our machines are mostly P2 & P3's, and we're an XP / Active Directory shop with some scattered Fedora & BSD boxes scattered about for non-desktop tasks.
The biggest features we're looking for are the ability to centrally manage updates (which rules of AVG's free edition), and a reasonable price tag for licenses for 50-60 machines. Our current solution is only in place because we signed a long term licensing agreement, and I don't want to see us get into another deal for a product that doesn't turn out to be as god as advertised. I'd also like to hear some of the Horror / Success stories from users."
The biggest features we're looking for are the ability to centrally manage updates (which rules of AVG's free edition), and a reasonable price tag for licenses for 50-60 machines. Our current solution is only in place because we signed a long term licensing agreement, and I don't want to see us get into another deal for a product that doesn't turn out to be as god as advertised. I'd also like to hear some of the Horror / Success stories from users."
http://www.nod32.com.sg/home/home.php
techsoup.org - donated and discount technology equipment products. We support a local Boys and Girls Club, and they got their software through there.
Good luck!
I would highly recomend checking out Clam AV.
It comes in both *nix and Windows varients and works pretty well for system scanning. It also works very well in a mail server tool-chain.
MTW
Two year licenses are incredibly useful and their software doesnt suck like Norton.
AVG takes the approach of just working behind the scenes and doing it well...Norton takes the approach of "I need to constantly justify my existance by letting the user know I am doing...something"
AVG works great, so go with it. Their support is pretty good too from the couple of times when I needed to contact them.
It sounds like you pretty much said AVG is good and reasonable so just go with it.
The phrase "more better" is acceptable English. suck it grammar Nazis
ClamAV might work. THe only downside is that it doesn't yet have a real-time process scanner. If you can keep people from executing what they download before scanning it for viruses, ClamWin might do the job. You could manage the virus updates via your logon script, or just use the normal internet update. Plus ClamAV works on your Linux boxen too!
I am MuchTall
F-prot from Frisk software. http://www.f-prot.com/
I just checked, and a 60 seat corporate license with full updates would run you $240 a year.
chown -R us.
actually, wouldn't the license agreement rule out AVG FREE edition in your situation?
however, they do have a fairly decent commercial product for the price. look at their network edition http://www.grisoft.com/doc/Networks/lng/us/tpl/tp
Your problem is Microsoft. Your solution is Linux.
Why are you paying for this software if you're a non profit? On, or before your mail server, chain together ClamAV and Bitdefender using Mailscanner or Amasis-new - have a cron updating each of these daily (or hourly if you're a tin foil hat type)
Do you have any specific requirements that would not allow this to work?
fak3r.com
It wouldn't hurt to call up Grisoft and explain that you're a non-profit looking for a good AV solution. You might get a pretty sweet deal if you talk to them.
My Sysadmin Blog
AVG has a enterprise version that's much cheaper than norton. You should check it out.
We just switched to it after battling the behemoths, and it's been a real boon to me. Management console works well, the product has been catching a ton of stuff that Symantec didn't, price was good, and it does a nice job of push installation (even here - we've got Samba domain controllers - it didn't care). I've had good experiences with their phone jockeys also. Downside - simple file sharing has to be turned off on winxp clients, but if you're on AD that's easy enough to fix.
political_news.c: warning: comparison is always true due to limited range of data type
Although it has great corporate management capabilities, like a centralized program/dictionary update server and permissions on settings (so end users can't stop/break it), it's better than your average ghoul at sucking the life out of your desktop computers.
I would invest in Sophos Antivirus. I am using it in our office and the program is great. Install the enterprise manager on the server and it will automatically download new versions when available and all the desktops will then download them from there.
Setup MailMonitor on a Linux box for incoming email scanning and you will end up with a solid AV solution.
(\(\
(^.^)
(")")
*This is the cute bunny virus, please copy this into your sig so it can spread
trend micro. We used it at my high school on about 300 PCs. It worked flawlessly and everything was so easy to manage remotely.
I've had pretty good luck with SAV, it doesn't have the same problems that Norton (the consumer product) does. Both resource utilization hasn't been an issue even on our sloweest Celeron 500 running XP and it keeps getting AV updates perpetually.
Cost will still be an issue though.
I only use ClamAV at home, but if I was compelled to buy some anti-virus software, Bitdefender is the software I would get. http://www.pcmag.com/article2/0,1895,1850851,00.as p shows how it detected 6 viruses, without signatures. For home use it is cheap, and for corporate use it seems to have reasonable prices as well.
I don't know much about enterprise AV, however a friend of mine is the IT manager for a decent sized food packing plant and I know he runs the corporate PCCillin (from TrendMicro) and raves about it.
I use their personal edition and have been very happy about it (doesn't feel nearly as bloated as symantec and mcafee will often feel). However this is all based on feel... I don't have any benchmarks or evidence for you...
http://www.andrewsmcmeel.com/godsdebris/
I would highly suggest you try out Trend Micro. Centrally managed scans and updates, installs across a web-browser, and it works. They sell by block, so if you need 60 licenses you get each license for cheaper than if you needed 50 or less. It also keeps a good watch on spyware.
= 639856
http://www.cdw.com/shop/products/default.aspx?EDC
Try Avast Antivirus. It's got a far more powerful and configurable network manager than Symantec's, costs about half as much (for 3 years!), and updates MUCH more frequently, using smaller updates. It also automatically uses a local mirroring system so that your clients don't hog the bandwidth trying to get updates from the internet. The client has a smaller memory footprint than Symantec's client.
The best part is you can download it and run it completely unrestricted for 60 days to see if it works for you.
End of lesson. You may press the button.
But they lost their focus. The AV definition files are pushing 15MB, the new spyware tool isn't great, and their anti-spam offering is terrible.
Try AVG.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
But I will second the reccomendation for Tech Soup, they have NAV enterprise edition with bulk licenses and all that server based virus administration goodness that Windsows people seem to need. Plus there are a bunch of other non-profit items you can get (MS Licensing is dirt cheap).
Big tip though - read the fine print on 'donatioon' limitations and plan your orders accordingly. Some of them limit to which types of NPs they will 'donate' to (Macromedia), some tie in annual maintenence/warranty costs for the life of the product you get (cisco), or put very specific ordering restrictions/guidelines (MS). But it is worth the effort.
"Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
Use Linux and be done with it. No need for AV software.
I'll probably be modded down for this...
What's a "reasonable" price? Sophos Small Business is a good product, and less than $50 a head. That's reasonable for not having the machines get eaten alive by viruses - but if you're a non-profit I'm disappointed you're paying all that money to Microsoft in license fees instead of putting it into your core mission. Go Linux and the price will be very "reasonable". Anti-everything software is just part of the cost of running a Windows shop. Microsoft also specifies server-based imaging software now as essential, so add that in too.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Kaspersky has good multi-year and multi-PC discounts, and central-administration options. It also does a MUCH better job than Norton or (God-forbid) McAfee do.
Hit their website and you can even get a 1-month demo from them to see if it'll work for you.
McAfee with EPO server to manage deployment and updates works very well. It might be overkill for a small place such as yours, but if you want to maintain a 'tight shop', EPO is a good fit. Besides updating clients, it also collects data on any infections, and the clients with the "rougue system sensor*" installed can notify you of clients on the network who don't have AV installed or don't have the "Epo agent*" (the client part) installed.
*Note to open Source software makers - this is a good example how to name your wares. Names like "Rogue System Sensor", though sensationalistic and irrelevant in themselves, sound better than names like "GIMP".
I assume by McAfee hvaing a "black eye", you meant the recent definition fiasco. We were not affected by it. We've been with McAfee since 3.x and have never been compelled to switch to anytyhing else. McAfee has always has good business support - for example, starting way back with 4.x, their installer has been msi based and has fully supported being deployed via AD group policies.
Ok, enough pimping McAfee. I sound like a f--ing salemans here.
Some others are recommending Avast. I really like Avast and use it at home, but when the time came to renew our McAfee license, I went out and priced Avast's Enterprise solution and it was actually more expensive than McAfee for the number of license we needed. Maybe their pricing is better now, or better for smaller number of clients.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Last year, I replaced an old NT4 server with Linux in a small business with around 20 XP clients. I hoped to find a Linux solution to manage antivirus and replace the very expensive Symantec Enterprise licenses, but I didn't.
...
I do have ClamAV scanning incoming emails, but it is still necessary to have a local AV on the machines. I don't like Symantec and find it too expensive, but I must say it really works. So I did a fresh minimal install of Win2K on the old server box, and setup Symantec Enterprise on that. You can install the AV on the clients from the server, and it keeps them updated.
The licenses were just renewed, because I still have not found something else.
The problem is that, to manage the clients, the server needs to be Windows. Samba does not offer remote registry access to the clients, and it's RPC capabilities are not sufficiently developed for such tasks.
But you seem to have a Windows AD server anyway, so I would say go with Symantec. (And either find an acceptable deal with Symantec, or cheat a little on the number of licenses: the server doesn't seem to mind if there are a few more clients).
An alternative would of course be to switch all machines to Linux and/or Mac, but
Relatively few people have heard of them, but it is by far the best antivirus software I've ever used (and most reviews agree).
Uses even fewer resources than AVG (they claim to work with Pentium Is, but I've never used with anything lower than a 500 MHz P3), and far better at actually stopping viruses.
Their info can be found here: http://www.kaspersky.com/kav6
Corporate SAV is great after you get it running.
You'll have to twist a few arms to get there if you have systems with an Intel chipset that is less than two years old because the patch that corrects the startup CPU utilization killer is still classified as beta. I recommend searching for the issue on Google and asking for the patch by name or they'll deny you need it. Oh...and you'll have to really dig for it on Google because Symantec pulled that page about a year ago. Google cache is very useful.
And the client update is great but it doesn't always work and it's been a problem since at least 7.x. The work-around--version specific uninstall program--doesn't always take care of the problem and, for that, Symantec recommends a manual uninstall. I can assure you, though, that I've never seen a manual uninstall work where the uninstall program didn't. If doing a system reinstall isn't to your liking--it's a pain but it does solve the problem--then the best solution is to uninstall and do a local install over and over and over again until it works. I'd estimate a random 5% of the systems on my network experience upgrade issues every time there is a new SAV update.
Oh...and it's best to pray to your god that Symantec doesn't screw up their DNS or servers because they've done it twice in the past three years. I know you're probably thinking that managed clients should only talk to the host server--that's what I thought, too--but nope.
Oh...and don't think about skipping upgrades. When Symantec abandons an older version by turfing a server(see previous paragraph) then you are screwed.
Other than that...it's all good.
I'm a really big fan of Trend Micro ever since installing it a year and a half ago at a small business I consulted with. Their CSM solution covers all the bases for a small company (includes a very effective spam blocker at the Exchange level), their web-based management interface is great, updates are quick and painless, and remote managment is a breeze.
Before that I'd used Norton's solution, and while it worked, I never want to go back. In that version (7-something, I think, maybe 8) it was a real pain to try to configure central updates to save bandwidth (less of an issue now, admittedly).
Short version: give Trend Micro a try. I think they have demo licenses available.
No, really, why?
If you are letting users download random EXEs off the Internet and running them... ugh. Well, you could always set up a proxy to run them through ClamAV...
Personally, I use ClamWin on my Windows desktop, and I scan maybe once or twice a year. Other than that, I just keep things sane -- no random downloads of EXEs, no running EXEs from email attachments...
And how do you know it really works? Maybe Symantec just "finds" something now and then in order to keep you scared...
Don't thank God, thank a doctor!
I wasn't affected by McAfee either, but I sure won't recommend McAfee to anyone.
;).
The fact is that McAfee allowed that to happen. For something like that to pass their internal (nonexistent?) testing procedures means their processes are really _crap_.
Sure most companies have crap processes, but when it comes to mass deletion of files crap, it's time to walk away and not look back (unless you're going to sue them).
A few other AV companies also have had similar problems: Sophos had a false positive for Mac OSX system files and seems Trend was quarantining all emails containing the letter P at one point
And Norton is pretty crap too: the email scanner used to crash pretty often - to me crashing indicates poor quality software - probably has buffer overflows etc. Such problems are not acceptable in AV software since they usually run with higher privileges.
I installed AVG for a few of my relatives because its free, and I don't see it as being much worse than McAfee or Norton (heck seems a lot less of a resource hog than those two). It's not that great, but oh well... If you are going to get crap, its better not to have to pay for it AND not get any compensation when they screw up.
I just want to know. If you're using recent Firefox/Thunderbird/OpenOffice, then how would a virus even get onto your machine?
ClamWin may be all the AntiVirus you need, if you need any at all. You're already scanning incoming email, after all...
Nevermind. I use Linux, I obviously will never fully get the stupidities of Windows Malware Control.
Don't thank God, thank a doctor!
...that no one loves them, so there's no need to click that file.
As with most solutions to these situations you may find yourself needing a -mix-.
Personally, I use ClamAV on the mailserver (incombination with Xamime - http://xamime.com/ works well and keeps a majority of the things out.
However, you really need an orthagonal approach too, that includes banning things that aren't meant to be coming into your network in the first place, as well has having perhaps a different branded AV agent on the client machines.
Getting rid of (if possible) the vectors used by the viruses on the workstations helps a lot too. ActiveX, Macros (okay, not many people can live without those in office I suppose).
The full not-free AVG has all the features you need, and they have a generous discount for nonprofits, and are generally nice and flexible. Sure, it's not free, but it's not as expensive as you might think.
Stasis is death. Embrace change.
http://www.f-prot.com/
$5 per PC/yr, less in volume. At >100 it goes down to $2/yr.
A bit of a clunky interface, but the users will never have to bother with it. Set it to auto-update from a server (which updates from f-prot), tell it to mail you when a virus hits the real-time scanner. Simple, cheap, fast, and effective. The updater and real-time scanner take less than 1MB memory.
Try the free trial, keep the (free) DOS scanner on a bootable CD with your tools, even if you don't buy the GUI version.
The latest Slashdot meme.
n/t
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I work for a charity and we use http://www.norman.com/.
We have about a dozen offices around the UK and this does everything we need. It is running on Win98, Win2k and WinXP and on our servers which run SUSE.
It has proven itself time and again and it's ridiculously cheap for a three year licence.
There is no centralised console - but why do you need one when it does everything you need automatically ?
Don't rely on a virus scanner since they are usually bloated and there is no guarantee they catch the latest malware. Windows provides a mechanism called Software Restriction Policies that allows you to prevent the execution of unknown programs. Might be a bit difficult to configure but eliminates the possibility of running a virus or other malware.
OS Reviews: Free and Open Source Software
F-Prot is piss poor. I work for a company that was using it only to find out that it wasn't detecting 50% of viruses and of the remaining 50% that it did find it was unable/refused to remove 30% of them. Absolutly useless.
To err is human. To forgive is not company policy.
Norman is pretty decent. It's good at being quiet and sitting in the background without bothering the user. The central managing service is also quite good. The main server distributes updates via the LAN so clients don't have to hit the net for updates. It's pretty easy to set up multiple configuration and scheduling groups. Even installing and uninstalling clients from the main server is easy as pie.
I suggest you take a look at it. I have no idea how much it costs, but it "just works" pretty well.
...but many of the smaller and some of the larger organizations have a program for donating software to non-profit organizations. I don't have the details on me, but about four years ago, I helped a non-profit law firm get either 100% free donations from companies like Symantec, or nearly free.
So before suggesting features, he did ask in his post about price and I think he was hoping someone would have a free workgroup level AV program, but I think he should actually ask if any of the major and maybe even minor AV companies donate software to NPOs.
Absolutely great AV. It consistently cleans up after the competitors on my clients' computers. I've set up a church network with it, and it was completely free. The minimum requirement of a 486DX should give an idea how little resources it uses.
I used to recommend Norton, then recommended McAfee. Obviously, I recommend Avast! now.
-Benjamin Vander Jagt
The management console is the best and most useful I have seen. We have used it all of our clients for the last 4-5 years. Version 10.X also now includes spyware protection. Unfortunately, Techsoup does not carry it from what I understand.
As an employee of CA I am financially obligated to point out that we want you to buy our AV software. Pretty please.
I really like the 'admin secure' package, it's what I use in my small 40 seat shop. The central administration part is nice, fully supports AD and can install itself via group policy. It take updates to the admin server and pushes them out from there. It's install packages are great, has a POP3 proxy and can tie right into outlook. It has windows xp, windows server, exchange, lotus, and linux versions... All in all a great package.
It seems to be very easy on a machines resources, and is very unobtrusive (other than the cute little panda guy there even befor login, you hardly know it's running).
Check it out. http://www.pandasoftware.com/
I haven't seen any BitDefener recommendations yet. I will be considering it along with Kaspersky, F-Secure and NOD32.
6 3,pg,3,00.asp
BitDefender
http://www.bitdefender.com/
The New Virus Fighters: Our Antivirus Picks
http://www.pcworld.com/reviews/article/0,aid,1241
You also can trial AVG for a month I believe (even for the corporate edition)
Professor Karmadillo Songs of Science
Kaspersky's latest software is great, I've been testing them for several months. They're also the highest rated virus checker on virus.gr, if you want some independent validation. They have a corporate edition called Kaspersky Antivirus for Workstations that has a centralized control panel for managing all of the installations on the network. Talk to them about the fact that you are a not-for-profit organization and see if they'll give you a discount.
Damien
Just awful, awful stuff. Wanna pay for support? Wanna have your workstation grind to a halt? Wanna have excesive licensing? Then Symantec is your answer!
I live and die by AVG and have been a loyal customer for 4 years on a 20 workstation environment. I have the network edition which runs from the server and also includes licenses for the workstations. Get it and your homework is done.
I too work for a non profit, and here in house we use Trend Micro's Small Business AV suite.
We have had good luck with it, and I believe has the management features you are looking for.
Additionally when we were shopping around for new Antivirus Software, we found out that Trend
has a pretty cheap licensing for Non Profits.
While I have the luxury of fast desktops, so I can't really comment on how bad it is on the desktops re: performance,I have been EXTREMELY happy with OfficeScan. It keeps everything up to date with virtually no involvment on my part. And it is reasonable safe from end user removal. I have it setup to automatically install on any machine that logs into my domain.
It has not failed me in over 2 years, and I have had users that have tested it. You know the type.
So I think it is a great product, worth checking out, but as stated, we have fast desktops, so I may not notice that negative.
As another alternative, check out Panda Security. I've used their software on a couple of small networks and found it stable and effective. Their managment software easily allows remote installation as well as signature distribution.
t
http://www.pandasoftware.com/home/empresas/defaul
-- "Never underestimate the power of human stupidity." - R.A.H.
not i just use it, i sell it.
the enterprise full feature management console is awesome, you can repack the AV solution and use just the modules you need. besides, it is cheap, and the management console does not cost a dime.
Really, there's one solution to the virus problem that will be far more comprehensive, effective, long-lived, and affordable than any anti-virus software ever will be: don't use Windows.
Linux has some limitations as a desktop platform, but it's still a vastly better choice than Windows ever has been. And considerably better than either one would be macosx; you get the accessibility and interface consistency of a good desktop environment, and the manageability, automation, and security of a good unix environment.
The only real argument for using Windows in any context is gaming. I assume that's not a motivator for your non-profit organization, so there's really no reason to set yourself up for failure by relying on so delicate and limited a tool as Windows.
Looks like the backdoor you are referencing is three years old: Secunia Advisory 7881. That said, vulnerabilities like this tend to get fixed quickly. The 2003 advisory linked above mentions that up-to-date versions at the time were already immune to these problems.
Use my userscript to add story images to Slashdot. There's no going back.
Are there any OSS distros that are specifically made for scanning email for viruses and flagging spam? Something akin to say Smoothwall or IpCop for firewalls.
At work we have a 30 seat license to SAV w/server based email scanning. I'd happily switch to something cheaper than SAV; however, once I price in the server based email scanning, there hasn't been much savings in the past. The email scanning is pretty much half the cost, but it is something that could be done well by an OSS disto. I am NOT willing to go dinking around with more than a handful of config files and packages to get this working, however. At some point it's just not worth the time.
I've heard some good things about CA's eTrust antivirus (that it's a good virus catcher and has low resource usage), although I have not used it myself, so would be curious to see what folks here think.
Regarding costs, they claim on their page that: "Affordability. eTrust Antivirus gives you industrial-strength protection at a low price. We guarantee a lower price over the cost of renewing your current antivirus subscription, and we offer the lowest total cost of ownership of any antivirus software solution on the market today." Sounds pretty good to me.
First and foremost, thanks for all of the responses! Lots of information and (so far) no suggestions that I just [freaking] google it. My faith in slashdot has been revived.
:). We concern ourselves with WW2 Aircraft, Radial engines, things of that nature. Technology didn't play a big role for the masses pre-fire. We wanted to change that, but never had a good starting point. When the rebuild started, we had to get the organization up and running in some capacity *YESTERDAY*. We had the proverbial chance to "strike while the iron was hot" and there wasn't time to hem and haw about the possiblity of mass migration. Right now, the machine that sees the most use by our least technical users (the Museum docents) is a Fedora Core box. The logic being that it would be the hardest for them to break. So far that has proven true. But our users that had experience had it using windows so, in order to aid in our evolution from "a couple machines here and there connected by coax (yes, coax. at the end of 2004.) with no real network connection" to "50-ish machines, ethernet, on a domain, network storage, off site backup, and an honest to god professional grade network that I would be proud to show off, and that moves this organization from 1993 to 2006 and beyond" we sacrificed and opted to stick with windows. Linux keeps coming up, but it's going to be a slow move.
Second: cripes, I've finally developed computer user grammer. It passes spell check but not basic grammar.
Third: some clarifications. The reason we keep AV running is that is because it's the right thing to do. Firefox, T-bird, and the firewall keep most of the bad stuff out. OpenOffice will cut down the risks even further, but we've still got a couple of points of entry to worry about. One is laptops. Even though no one has admin except those who need it (me and the other members of the tech. group), users can still install some simple programs. It's only a matter of time before somebody gets a network aware worm and brings the machine on site. Another point of entry is USB drives. We're pushing people towards those instead of floppies for the sake of relieability. In order to balence safety with usability, we add the layer of protection offered by AV.
In addition, WSUS isn't always on the ball. Occasionally you get a machine that quits grabbing updates, or one that never showed up in the first place. It's nice that I can keep those machines somewhat better protected with an additional program. On top of all that, we're an all volunteer group, so AV software gives us an addition layer of "false sense of security." I know that I can count on the firewall, the patch server, AND AV to buy me 48 to 72 hours of safety should the crap hit the fan like it did with Sasser or Blaster. Anti-virus, like any single layer of protection, isn't infallable, but it damn sure helps.
Linux: We're doing that in some areas, but the whole site isn't an option right now. Most of our users are technophobes, usually retirees. Actually, recovering technophobes now
Thanks again for the responses. I've gotten exactly what I wanted, solid reading material for a few days and some worthwhile points to ponder.
There are some people that if they don't know, you can't tell 'em.
I recommend CA eTrust antivirus, easy to manage, remote install on all workstations and upates and configuration is simple.
Has anyone reported on an antivirus performance shootout lately?