Slashdot Mirror
Central Anti-Virus For Small Business?
rduke15 writes "I'm trying to find a centrally managed anti-virus solution for a small business network, which has around 20 Windows XP machines with a Linux server. It is too big to manage each client manually. However, there is no no full-time IT person on site, and no Windows Active Directory server — just Linux with Samba. And the current solution with Symantec Endpoint Protection seems too expensive, and too complex for such a simple need. On the Linux server side, email is handled by amavisd and ClamAV. But the WinXP clients still need a real-time anti-virus for the USB disks they may bring to work, or stuff they download from their personal webmail or other sites. I'm wondering what others may be using in similar situations, and how satisfied they are with it."
It works well, you just need a windows server/workstation to push it to clients and for clients to get updates from.
It's also not very resource hungry.
I think 30 seats was around $1000
What about http://www.clamwin.com/ ?
At least, we do at the school. That's a 50-station network, and amounts to about $10 a year per station after the educational discount. $20/year per station without, but you get cut rates for longer terms. I'm quite happy with Avast. At the business (20 stations, no AD when it was installed aeons ago) we used Trend Micro ServerProtect, which is no longer supported. That one was $800/25 stations flat fee and is still being updated. Neither one of those needs an AD server for its console, though they are both Windows based.
Do it without the server, and install NOD32 antivirus on the clients, with NOD32 Remote Administrator to manage them. We put this system in recently and it's very very effective. Synchronized our antivirus product and definitions quickly, and reported infections that had slipped past the unmanaged installation on one machine (it hadn't been updated for a while...). No, you don't have to install it on a Windows Server OS (although we did).
Forget thrust, drag, lift and weight. Airplanes fly because of money.
That's sexual harassment. And no, it doesn't matter if you work in the fashion industry.
How we know is more important than what we know.
Ive installed AVG with the central control module just setup an old workstation to look after this easiest software ive ever installed, also allows you to change keys and do remote installs takes about an hour to install on machine then remotely load up 20-30 computers.
A decent router, regular Windows security updates, Firefox and user education are out of the question, right?
Both my university and workplace (of similar size to yours) use Sophos. They provide a number of centralised management tools, centralised update servers etc. Check them out, www.sophos.com.au.
Kaspersky Enterprise Space Security is comprised of components for the protection of Linux and Windows workstations, file servers and mail systems.
Samba File Servers are also fully supported!
More Information -- http://usa.kaspersky.com/products_services/business/open_space_enterprise.php
Im security admin for a fortune 500, posting anonymous coward. Ill tell you what not to use. Don't use Panda. We have it at a european subsidiary, and I have never seen anything so crap. Never.
Now for the advice - Use something you recognise and trial it do death, antivirus detection rates are not so important as product robustness, and console usability. It's no use having something with a 99% detection rate if the 1% it doesnt detect are things like virut and conficker, and the product falls over every time you look at it. Coporate antivirus arent so much about detecting 100% of virus as reliably reporting the viruses they have found, and robustly maintaining communications with the management console so you can deploy updates.
These days no antivirus is really very good, I came to the conclusion a while ago that AV is an obsolete technology. The malware writers are just taking the piss, and Windows can never be virus free.
How about HAVP? Scans all your traffic in and out. It won't stop the bug catching a ride on a USB stick until it actually hits the wire, but heckuva thing being able to monitor the pipe from a single seat. Also available as a PFSense package.
I am literally 3000 tokens away from the chaotic crossbow --Stephen
McAfee Total Protection is web-based... All clients grab configuration info and updates from the web. You can manage AV from a web portal, run reports from there, etc.
Prices have come down recently, so it's not a terrible idea... As long as the apps you need are available.
And we have clamx av.
I am sounding smug right now after talking to three people today I moved over to Mac OS and they're all happy.
I had a sucky sig.
Antivirus suits are the last line of defense. Not the first!
The first is the user and sensible usage policies. When people can download and execute arbitrary software and plug in USB sticks at random, you have bigger problems than the choice of your AV.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If you run a basic HUB network, with one Linux Server as your gateway. You can do several things.
I will give you small modifications ideas that you yourself can adjust to your Server, or your clients.
Restrict sites with your Linux server and only give access to sites you approve.
Open up the policy settings on your clients computer restrict installation, to only be able to use programs that are already installed onto that computer.
Doing one or the other, will eliminate intrusion onto your server. Simply, just by limiting accessibility to/from your small network.
I "administer" our small business IT infrastructure (well, it's just 10 computers) and our solution was to assess who needs internet access. As it turned out, the boss and the secretary need web, email and access to the accounting software on the remote side of a VPN, and the other guys don't because they use only internal documents. But they do need Windows because we use Windows-only software (SolidWorks and MasterCAM). So I've setup a fast Linux box that's on the internet, that provides web and email access through NX servers and clients (that is, the clients run on the linux box and display on the Windows workstations). USB ports are also disabled on all Windows boxes, and people who really want to see what's in a USB key have to plug it on the Linux box and have the content checked before it's transfered to a Samba share for Windows consumption. Same thing for CDs. None of the Windows boxes ever see the internet.
None of our Windows boxes are patched, updated or fitted with antivirus software, and we're doing just fine. The Windows boxes are super-fast as a result too.
But that's *our* solution. Your mileage may vary, but I think you should make a reasonable assessment of workers' need for internet access. You may be surprised how few actually need it to do their work (IM isn't a valid reason) and you may be able to rearrange your infrastructure to make it very easy and manageable like ours.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
What it does is provide a simple GUI for clamscan/freshclam,
and nothing more. Its a memory hog (written in wxPython).
Its consistently outdated, and has been abandoned a couple of times.
Its clumsy (installs freshclam/clamscan commandline clients, but makes it practically impossible to use them -- you have to do everything from GUI).
The only thing it has going for it, its the only relatively recent win32 binary version being released (compiling clamav for win32 is really a PITA, and clamwin guys manage to do it).
1) You need an anti-virus solution in the Linux box. Assuming that is your only gateway to the external internet, putting up a anti-virus enabled firewall and stopping unwanted protocols is enough to filter out most stuff.
2) Disable USB and DVD drives on every PC. Physically. Period.
Its cheap and fast.
"Doing what i can, with what i have." ~ Burt Gummer
run Linux on all your machines.. and keep a good XP VM image on each machine...if it gets nasty.. delete and start over..that is standard Windows IT procedure anyhow you know.. just wipe the machine and reinstall.
I have AVG 8.5 on our workstations, it's about 30 of them now. Regular AVG, not Internet Security. But the Network Edition, which has a management console. My guess is that as long as you have something you can't really go wrong. AVG works fine for me. The weird thing is that you can usually deploy AVG for the first time without rebooting the station, but every so often there will be a program update to AVG that needs a reboot to take effect.
It's about about $25 a seat I think. I've only ever bought 1 year at a time. I'm on my second year.
I don't install the link scanner, browser plugin, etc. (we have some web filtering at the router anyway). Just the antivirus/spyware/rootkit and the email and MS Office plugins. I was toying with the idea of using the firewall, since we've essentially paid for it, but I think the Windows firewall + Group Policy is probably enough for intra-LAN security.
We use bit defender, but it gives me the shi^s.
You manage all the client via an MMC snap in, but like other MMC snap ins, it just doesn't really work that well.
eg. The computer names get mangled when DHCP reassigns, so you need to view clients by IP rather than name, but the mangled name is the only reference in the reports.
Everything is done by assigning policies, but there is no easy way to see what clients licenses have expired.
I intend to change to something else when licencing comes up again.
46137
Thats like saying a house needs to be demolished because theyd like a new door
And i dare say it will raise enormus compatibility problems and costs would be astronomical compared to solving the small problem at hand.
I thought it was funny.
I'd love to be able to use osx on our network, but there are some serious roadblocks. #1 is the price of the workstations. when you need 300 bog standard desktops on a tight budget, your options from apple are... lacking to say the least. #2 is compatibility. entourage is very weak as an exchange client in a business environment. OWA on non-IE browsers is not great either. CAD and ERP software is limited. #3 is the cost of (re)training employees. with windows you get the benefit of your users having the same system at home/previous job/etc. even very simple differences in the ui require real support resources. some people just don't get it, no matter what "it" is.
also, while i am a fan of osx and use it personally, i don't put any faith in the "macs are more secure" arguments. every security analysis I've seen shows that macs are actually easier to exploit (probably will improve in 10.6). maybe the small installed base just isn't worth the effort to malware creators (yet), but if you use security as justification for switching to the PHB, I think you're setting yourself up to look really bad.
-Lod
McAfee offer a nice solution - yourasp, which is quite good. Offers a really nice web interface for central reporting and policy configuration etc. At first I thought it would be total crap but now recommend it to our clients, some 6 - 30 PCs. Not sure about the licensing though. But just use what you know, no point spending 20hours trying to figure out some xyz app when you could be doing better things (read beer).
You said you don't have full time IT. Maybe you should re-think that since you are asking this question.
In my personal experience, I found mcafee asap (mcafeeasap.com) the easiest to use in such a small business. This software has "agents" which report their status back to the mcafeeasap.com website, from which the administrator can monitor all pcs.
This idea is great for small companies. The implementation however had a few problems:
- Over time, I've installed all "agents" at least twice. They just stop working for no reason at random moments
- Some agents 'do' have a reason to stop: they think the license has expired, while it's definitely not.
- And mcafee is bloated + it uses mshtml for every single dialog and even for invisible actions like downloading updates. This eats cpu power.
.sig: No such file or directory
FUD
FUD
FUD !
We're using F-Secure Client Security. ;)
The reason: The central server can be run under linux...
The drawback: F-Secure consumes comparatively much resources on the clients...
At least we had no virus (or similar) on our machines in the past years.
?
Profit!
...may be your most secure bet. No matter what antivirus solution you implement, given enough exposure to the Internet, one of the machines will eventually get infected in the end. So, unless you're willing to migrate your entire office to Linux, the safest solution would be frequent volume shadowing, maybe combined with a good antivirus such as AntiVir (which even has a Linux version IIRC).
Intellectual Property: an immaterial non-entity, most fiercely contended by those with no proper intellect to speak of.
Our company uses Sophos products and manages some 300-400 computer connections via the Sophos Enterprise Console. This solution is far from perfect though. On the plus side, we are able to tell at a glance which computer on our network is infected or suspected and be able to act accordingly. We have Sophos configured to warn the user of possible threats and to call the helpdesk for assistance with removing these threats. On the down side, we have to constantly add new app. chksums whenever a new version of software comes up. We have one person in our IT department dedicating about half his work day to "Sophos duties." http://www.sophos.com/products/enterprise/
Our company has decided to invest into managed routers that will limit the amount of spam/wurms, etc. Currently we are looking into Fortinet's line of routers.
Regardless of which security software you go with, implementing best security practices is really the only way to go. Locking down the computer, restricting or limiting admin access, applying automatic updates, user education, etc. http://www.google.ca/search?q=best+security+practices
Thats like saying a house needs to be demolished because theyd like a new door
More like "soon their house will be demolished, better not invest in a new door now".
Within 2 years they probably have to migrate to Vista or Win7 anyway, they also need to buy and maintain AV software, why not invest in something else instead? Or at least look at alternatives and do the maths.
For our little business of around ~35 people, we use Trend Micro OfficeScan. You need to check out what it costs, but I can tell you it works well here. To uninstall/configure the program on each client there's a central password and every noticed virus gets e-mailed to the sysadmin. The program is very stable too, and doesn't noticeably slow the system down.
Ooooh, you are awful!
[flounces out]
You thought my name meant what? How very dare you!
I personally have great experiences with the trendmicro solution. I love the central web interface from where you can view reports, scheduele updates, view infections and unprotected PC's, etc..... All of these clients use the Mircosoft Small Business Server 2003. So I have no experience with Linux clients.
I installed it with various small business clients. Never had any problems with it in the last 4 years.
http://emea.trendmicro.com/emea/home/small-business/index.html
http://www.f-secure.com/en_EMEA/products/business/desktops-laptops/client-security/ Sold that to a few clients.
That, that really grinds my gears!
Now we're very happy with the solution.
Does OSX have a better security record?
After having managed three major products in the past years (EPO + McAfee, Trend OfficeScan, SEP, on various directories ranging from 120 to 6000 boxes) I would definitely vote for Trend.
Where I used to work there was nod32, and scheduled clamAV scans was the 1-2 combo. Techs would again use a further package for troubleshooting only (I will decline to name, the EULA didn't allow this use). Most AV packages seem to let some infections through, it's a given in the security world, but it spooked me how prevalent it was. The solution was to use two, thus what defeats a major package will be picked up on by the alternative.
confirm nod32 sucks balls in real work (Y/N): Y
ClamAV was good at catching things that slipped past the goalie. Where multiple scans were used, I don't recall any incident that wasn't satisfactorily cleaned up.
We also had a proprietary recovery tool that could basically rebuild a system with fresh md5-checked binaries, thus a reasonable guarantee of virus-free executables.
As for the unix and open systems floating about, not a single virus of course, however they would get hacked directly by meat popsicles. The assumption of security leads to serious pwnage when root is obtained on a major box.
Aside from big holes nod32 has good usability and didn't blow system performance back to 2002, two essential things in enterprise equipment.
Anyway, my kingdom for a freakin open-source realtime scanner.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
Thank me later.
McAfee is horrendously insidious. Should you ever want to use a different product, it is damn near impossible to remove. After the IT guy at a job spent 7 hours trying to get rid of it (he did, mostly) when they switched to Kaspersky, I spent another three with regedit and a few Cygwin tools hunting down the rest. I think I got it all, since Outlook has finally quit trying to use it.
Avoid it like the plague.
I am currently testing Viper Antivirus http://www.vipreantivirus.com/ in a similar sized group. So far it seems very fast to scan, none of the users are complaining about extra load and it is easy to administer.
--- Who put this sig here? ---
I took AV management upon myself when I upgraded from SAV 10 to SEP 11. It's very simple to set up the basic stuff, just the management server with the built-in database. Sure you can stack on LiveUpdate, redundant management servers, SQL databases, Quarantine servers, etc, but none of that is needed most of the time.
I have since set up a geographically seperate management server/database and set it to provide only fault-tolerance, not load balancing. I'm in the process of updating all of the existing SEP clients to the latest Maintenance Release, which is nearly as easy as dropping the install package onto the group that all of the machines are in. Even updating the old SAV 10 clients is easy, just let the SEP management server search for all machines that don't have SEP already installed. It performs the SAV 10 uninstall and then installs SEP11. Very slick.
lastly, SEP seems to be less resource hungry then the aged SAV 10.
That being said, I haven't used any enterprise-grade AV products outside of symantec, so maybe others are even easier?
AV-Comparatives recently released their May 2009 Corporate AV Report, which sounds like it may be right up your alley.
It's fairly large, but reviews a large number of AV products with a corporate focus, contains lots of screenshots, and even grades them on their appropriateness for Small, Medium and Large networks. Sounds like it would definitely be worth a look in your case.
Since my company doesn't have the budget, I have tried to find something free but I failed, in the end I installed comodo av which is free, it can't be remotely managed, but it's far better than clamav, I've scheduled an automatic scan at 1pm during launch break, and it does automatic updates too, if you need to administer it remotely just install vnc on each client, 20 aren't that much
OK, first let me explain my assumptions, based largely on what you've said in the summary:
1. Only 20 or so PCs, no full-time admin.
It's probably a small company, so there's a strong chance that individual staff don't have roles sufficiently specialised that you can simply disable removeable media and block internet access to 90% of staff. Even if you did that, one of the other 10% would probably let something in and as soon as they do everyone else is vulnerable because there's no AV.
2. Need centralised management.
I can relate to that. Unfortunately, as I'm sure you've discovered, an awful lot of people seem to think "centralised management" means "can push it out remotely, though that may mean visiting each machine logically rather than physically".
Free Clue: The OP can have centralised management like that by enabling remote desktop on every PC. At the very least, s/he needs an interface that presents a list of machines found on the network and offers the option to select which machines on that list need to have the software installed.
3. Having trouble justifying the money for Symantec Enterprise.
Ah.
Hate to break it to you, but I think you're asking for the moon. Most of the free products I can think of do offer the features you require - but only in a souped-up commercial version of their product.
You could (if you haven't already) set up an LDAP server, have Samba act as a domain controller and then push everything out that way. However, you'll only get the equivalent of an NT4 domain, which is very primitive compared to AD in terms of remote management of groups of computers. You'd almost certainly spend any money you saved on the time it would take to lash something together yourself - which will still not be anything like as sophisticated as AD.
...then use group policies to push out AV updates automatically & lock down the desktops remotely and automatically. Samba is a half-cut replacement for a proper Windows Server when it comes to Windows workstations (sorry samba guys; samba is good, but ultimately lags far behind what it's trying to imitate)
Windows XP is only really so vulnerable to viruses because normally it runs in "everything as root" mode; which, if you had a proper Windows server you could change in seconds (not that you couldn't do this manually, but with AD it's automatic network-wide).
throw new NoSignatureException();
I use DF on all my workstations. Although not full proof and some fairly knowledgeable IT people can circumvent the security, the normal employee will not be able. It also has a management console where you can freeze/unfreeze workstations or update DF clients.
This is not AV, but this may work for you.
Just replaced our antivirus software (Kaspersky) on 15 XP machines (no Active Directory, 2003 Server) with G-Data. Has an admin app that runs on the 2003 Server (won't run on Linux, but could be installed on one of the clients) that pushes definitions and updates to the clients as well as handling alerts and surveillance. Not the cheapest antivirus out there but I've been very impressed so far, worth a look. The day it was installed it turned up all kinds of viruses that Kaspersky seemed not to have been bothered with.
Avoid AVG.
It's the only anti-virus that I've seen has prevented multiple (or any) windows machine from getting past the BIOS at boot.
I dealt with that episode by calmly mentioning to the 'clever teacher' who I knew had stuffed it up (installed AVG when SAV was our solution already installed) that: "some tool has installed a second anti-virus application. Who'd be so stupid to do that..."
As for locking stuff down: in schools we need almost anything to run, to enhance L.E.A.R.N.I.N.G. And yes, it's completely unsupportable then.
and disable the cdrom and usb disks in windows. Thats the best you can probably do
He could provide a single computer with CDROM and USB access, running one copy of an AV with realtime scanning, to enable people to transfer files to their computer via Windows filesharing AFTER the AV has scanned the files.
The Windows machine have no direct access to the internet. Email is fetched by the Linux server and filtered by spamassassin and users access their mailboxes via IMAP and Thunderbird is used as the email client. Internet access is via the squid proxy server and Firefox with IE TAB for some IE only sites. Squid can be configured to allow or deny access to certain sites if you want. No virus detection programs on the Windows boxes. Software may only be installed after aproval. This way the users retain much of their freedom and the Windows boxes their speed. Only had one incident in many years because someone clicked on a 'bad' link on an infected IE only site of our municipality.
Perhaps there is no single AV solution?
Seems to me that each product has "something" to offer and spreading multiple products or free tools throughout your network will catch the different infections.
Or having 5 different AV tools could just make your life as an admin harder.
oh.
no ones listening.
I don't mean this to be smug or smartass
This works only if your core business apps are available for OSX.
But I have to ask why it makes sense to leave the door wide open to the installation of any random piece of software.
F-Secure has the PSB product (Protection Service for Businesses), which is meant for 10-100 seat small companies. FSAV PSB is centrally managed via an admin webpage and offers remote installation for Windows workstation clients. It contains antivirus, anti-spyware, personal firewall and DeepGuard 2.0 a kind of behaviour-based system control and network control.
F-Secure's admin and user interfaces are easy to use and logial and protection level is really good, but the protection modules have higher than average CPU/RAM resource consumption, so its recommended for modern machines, like 1,6-2GHz CPU minimum and ideally 768MB-1GB RAM or up.
http://us.trendmicro.com/us/products/sb/index.html
Trend micro has a management server and linux clients, too.
OSX is supposedly getting exchange support, on the other hand is Apple really the problem?
We have a similar situation where i work, exchange doesn't interoperate with the increasing number of linux and mac workstations... The problem is exchange not interoperating with anything else (as well as having a whole host of other problems and hidden costs), which is why it's being replaced.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I run a small IT department (15 box's in total with 3 servers). I find that NOD32 is a decent solution, its cheap and it has a management studio that lets you run scan and update remotely.
Perl scripting is the answer. Install a free anti-virus, and setup a script checking. Check the anti-virus files and registry entry. You can get all the information you need, program virus version, database version, and use a central server to store the logs. Using scripts you can force anti-virus updates and restart. I have a lot of experience with Trend Micro and all the anti-virus parts are daily checked with Perl scripts (during the night), to make sure the clients behave.
Love many, trust a few, do harm to none.
You could just use ClamWin on the Windows computers. I put it on all my Windows machines (2) and all my clients machines. You'll notice an incredible speed boost, because Symantec and McAfee tend to be resource hogs, and you can set it up to email you if it gets infected. You can also set it up to run regularly scheduled scans. It's really a beautiful piece of software, and the cost is FREE!
"If you can't dazzle them with brilliance, baffle them with bullshit."
We have Trend-Micro Worry-Free Business Security. Really nice software.
http://us.trendmicro.com/us/home/small-business/?WT.mc_id=2008HP_SB_tab
I've used Avast Pro with ADNM at work for the last 2 years now without a hitch: replaced this god-awful Norton setup that was expired and poorly maintained. As long as the clients are installed with our internal DNS name for the AV server, they get updated and we get a running inventory of all our Windows machines. The machines I expect to get hit the most, I use Ubuntu on: hard to load malware from Myspace or some offhand foreign site.
Life is irony, and nothing ever goes as planned.
With twenty machines, I'm going to go out on a limb and say don't! You have a large enough user base that you should use a hard disk image backup system, yet a small enough base that the infections would be manageable. Since your primary server isn't windows you may want to set up your network so each user workstation cannot connect to the others, then let them be on their way. The CPU usage of constant disk scanning is a drag on the user's machine. Weighed 20 of them versus the time for you to recreate an image of a particular users disk then swap them out. Besides, if one particular user is a problem it will play out as negative reinforcement for whatever they are doing to get infected.
My reasoning is that users often disable the scan anyway, so you would be trying to combat that behavior by tweaking the application/system security policies. Don't waste your time, if they get infected waste theirs. They won't do it again....
You are checking your backups, aren't you?
Where I used to work we had about 400 employees and workstations for each, along with about 6 Linux servers, and a smattering of Win2003 for things here and there. We eventually went with Sophos and their Enterprise Manager software. Centrally administratable, auto updating, pretty much "set and forget." Still expensive, but well worth the initial setup.
Vipre by sunbelt software is the only AV/AS software i will use today.
so lightweight you wont even know it is running and so good it has detected and removed everything i have thrown at it to date.
What about a managed service from someone like Perimeter USA? It's relatively inexpensive and managed.
I've been using NOD32 as the sole AV for my customers since 2004. Just about in the last year I have seen MANY different spyware packages get right by it. All those fake antivirus programs? Nod is the last to get updates to detect them.
Because of this I have been switching everybody to Avira. Nod may still be the best for "classic" viruses; but the other stuff seems to go right through it.
Humor from a Genetically Molested Mind
F-Prot for Windows has a corporate version which keeps itself up-to-date. The updates are pulled automatically from a central Windows/Samba whenever it notices that a new version exists. Another nice feature is that F-Prot is a cross-platform application- the AV definitions are compatible across all versions. This is nice because the AV definitions are compatible across all OSs. I have mine setup for a Linux computer to check for new AV definitions every hour, and then share the resulting downloads with other workstations on the network. It works as advertised.
The F-Prot corporate license is available at very reasonable cost; $5/year per workstation, IIRC.
We provide technical support to a number of clients... Most of them in the 20-30 workstation range... Some with more, some with less. And what we typically sell them is Panda.
Obviously it isn't perfect. Even the best antivirus is only going to catch what it knows about most of the time. Sandboxing and heuristics and whatnot only go so far in protecting you from new stuff. And viruses learn how to disable your protection or hide or whatever. So I'm not going to tell you that Panda will catch everything, every time.
But Panda has one hell of an administration console. You can manage absolutely everything from one central location. I've worked with Symmantec's, Kasperskys, and BitDefender's administration consoles... They've got nothing on Panda.
You can roll out antivirus protection to an entire network with just a couple clicks of the mouse. Can quickly see which computers are up-to-date and functioning, and which ones need to be looked at. Viruses are reported back to the administration server. You can configure it to send you email alerts. You can configure all of its assorted settings from one place. Much, much better than any of the competing products I've used.
Again, it isn't perfect. But I'll tell you we get fewer calls from the folks running Panda than those running Kaspersky or Symmantec.
The biggest issue I have is that it doesn't do anything against those rogue anti-malware scanners - things like "Super AntiSpyware 2009" and their ilk. Doesn't detect them, doesn't disinfect them, nothing. From what I've seen the competition (Symmantec, Kaspersky, McAfee, NOD32) don't do much either. Any time we have one of those beasties crop up we're having to grab some tools specifically designed for dealing with the rogue anti-malware crap. Does anyone know of a good centrally-managed solution that actually protects/prevents/disinfects those rogue anti-malware scanners?
"Work is the curse of the drinking classes." -Oscar Wilde
Last October I deployed Untangle gateway - www.untangle.com - in our office, which has multiple security solutions, including AV and spyware blocking. There is a free package which would serve a small business very well, and there are subscription packages available if necessary. Granted, I run AVG 8.5 on the client side as well, but since deploying Untangle, I have had zero virus infestations, and spyware incidents have dropped to almost zero. Further suggestions, and forgive me if these are repeats, because I simply skimmed the other comments, include disabling the Windows Autoplay feature for CD & USB drives, and blocking all executable downloads at the server level to prevent that &##$(#*@^%!-ing XP AntiVirus 2009 from installing itself. Definitely check out Untangle; I can't recommend it highly enough.
SEP is the best protection you can buy and comes with excellent support. The higher price pays off in the time that you don't have to spend to administer your security (or remove threats). Regardless of the security solution you chose: keep all software patched and up to date, secure your shares, kill auto-run, firewall the perimeter of your network, and please don't give your users admin access ...
----
Q: how much damage could any threat do?
A: none if you're patched ;)
I'm using Sophos http://www.sophos.com/ in an 60-70 machine environment, and have had good luck with their products. They don't seem to be the insane memory hogs that Mcafee and Symantec are.
Some of the other posters are correct, a 'proper' AD server that you can push policy from gives you a nice set of options for managing machines. 20 doesn't sound like that many systems, until you're the guy supporting them.
There are some people that if they don't know, you can't tell 'em.
check out http://untangle.com/
It is a security gateway that is used as a router or sitting behind your router bridged to your LAN.
Their free version contains some of the best open source anti-malware packages like SpamAssassin, snort, etc. You still need to mind thumb drives, DVDs and any other sources that don't pass through Untangle.
Comment removed based on user account deletion
We have done a cost/efficiency analysis and when you take into account IT services and back log time, the price of buying Mac instead of PC turn out to be the same. So we are encouraging people to migrate (we are small subsidiary but the analysis was compared with our big mother)
I'm a Unix engineer who happens to handle a small office also. I cannot stress enough about the right tool for the job. If you have a bunch of Windows workstations and need Anti-Virus, go Symantec End Point Protection or the older Symantec Corporate 10.x. You get the Symantec server with it. You are basically just paying for the licenses for each desktop. Our Windows domain controller is a VMWare VM that runs on our Linux server. Backups are simply. At night, it shutdown and rsyncs to a different server then restarts. Windows file sharing (and even Linux develop's use it) is done with the Windows VM. Simple management of centralized authentication, file sharing and Anti-virus.
We all know that antivirus is a reactive process. First the threat is identified, then it is defended. It is rare when new malware is stopped first. Ultimately, it comes down to this:
The workstation at the office is a business tool. It's a tool for business. Let that settle in. Now, if the user does something that mucks the tool up, the user mucked up his business tool cutting into productivity. Running personally installed software comes with risk. Even hitting web sites comes with risk (regardless of which browser is used but CLEARLY less chance of a problem not using MSIE). And yes, getting email poses risks as well. But in all my experience, it is the people who never do anything personal on their work machines who run the cleanest and the safest. They never get anything and never have a problem. It's always the jackasses who compulsively feel the need to install every software do-dad under the sun that has the problems. It's time that business hold the user responsible.
Now with that said, some very basic things should be done by IT:
1. Effective email filtering.
2. Clean system software images for quick/clean restore
and for those sites that refuse to hold their SUPPOSEDLY ADULT users responsible for their work tools
3. Set up Deep Freeze on those computers
This rant is all about holding mature working adults responsible for their actions while supplementing with preventative and recovery measures. Perhaps some antivirus software should be run, but good habits and handling usually makes that irrelevant. So when bad things happen, the procedure would be to report it (to business management), do a bit of analysis, re-image the system and move on. Once again, the people who keep their personal crap out of their business stuff are the same ones who are trouble-free. I have yet to see an exception to that rule.
Trend Micro Office Scan
Inexpensive and very effective. Works for desktops,laptops, remote users, in house users, linux and windows.
Has a centrelly managed web dashboard interface and very, very good stuff
My workplace does actually have a lot of users who need the web for work reasons. What just occurred to me is to set up everyone with software for running virtual machines, then put one on each of their machines that has a web browser on it which refreshes and exports it's bookmark file to each user's network share. Is there any free software that can run a virtual machine from inside XP like this, or is that a pay only product? ... Bitchin! Looks like VMware player does just this.
Samba also do the have the AD mode, central authentication and profiles, no need to run samba as workgroup... so no need for a windows server for AD
- Have easy central printer queues
useless... its faster and safer to directly use a printserver and configure the clients to use it.
If the server goes down, you can still print... but if you really want centralized queues, cups already do that, no need for a windows server
- Have easy central file shares with easy to apply security
ooh good... samba do this since... ever... no need for a windows server
- Install WSUS on the server. It's a free addon. Poof! Microsoft patch management! (...) Works well and can't beat the price.
yes you can... you still have to pay for a windows server... this ones are free:
depending on what you want, just save bandwidth? try http://update-accelerator.advproxy.net/ or even a plain squid with lots of HD space. this is what most small companies want.
want full control of patchs and all packages/updates installed? check the http://wpkg.org/
as a bonus, something that windows doesnt give you, unattended windows installations, with full patchs and software:
http://unattended.sourceforge.net/
beat this price!
- Group Policy (install/update software, apply software settings, lock down security on all systems, etc.)
Ok, this one you cant still do with samba3, but samba4 will have this.
if you really need this, check the http://www.nitrobit.com/grouppolicy.html, it can be configures to use samba and a openldap server, but it costs money (but hey, still less than a windows server)
most small companies dont use GPO anyway and most of the more important things can be controled by the local policy (and pushing the .pol file to each client)
- Login scripts (and have install or apply updates to any updates to programs that don't do updates via WSUS and Group Policy, e.g. Firefox, Java, etc.)
ooh good again... check above... no need for a windows server
- Oh, and yeah, install your antivirus server here too.
most of then can be installed in any windows, no need for a windows server
So no, there is no need for a AD server
Higuita
I hope your windows updates are running on each system also if you just use windows update and not microsoft update you are not getting all the updates. You need to install MS update one time to get it to show all of of them and if you don't have the time to go to each system then maybe you should set up a wsus server.
4 Moderators marked this 'Troll'... Really?..., for just someone's honest opinion?.... Seams more like censorship of anything positive to do with Apple. I wonder if the parent comment spoke of '...Migrated the office to Unbuntu..', it would have received the same hostility?
Just configure things locally as if standalone, and use robocopy to sync the latest signatures and software?
Take a look at the Trend WorryFree managed service. Doesn't need a central server on-site and you still get a centrally managed solution.
20 Machines is _not_ a lot. Just buy 20 seats of FOOBAR, set each instance of your chosen AV product to update itself automatically, run autoscans overnight or at lunch, and proactively quarantine/delete and loudly announce when events occur. Even if everyone's not in the same building, this is good enough for just 20 machines. Heck, it's good enough for 100 machines.
Seriously? I don't remember the exact figures, but I believe we're paying under $30/seat for 50 licenses. It's really hard for me to believe it's not worth somewhere in the $1000/yr ballpark to have decent AV protection for your company.
Most definetly. CanSecWest only allows exploits of unknown flaws.
actualy it's people not taking the time to work with exchange..
to be honest there is nothing out there that compares feature wise with exchange - sure exchange has ALOT of issues - but so does everything else.
It isn't hard to talk to exchange and to talk to it in a very usable manner - just MS isn't helpful in posting a lib for people to just import and walk with - but it is fully documented how to talk with exchange - and just take time to implement - so far i've just seen other mail clients say "hey imap works we will just use that for exchange" but you know what? imap doesn't do alot of what exchange can do.
and if you start pointing to other venders products - take a look at client compatibility - other than the vendor's client very few have full feature compatibility.
so many people knock exchange - but in reality it is quite nice if you know how to manage.
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
We use Trend Micro Officescan here. Looks like the pricing is around $25/user/year and it does a really good job of keeping out malware of any sort. It is all centrally managed and can be pushed out across the domain if you like and you can also implement content filtering. Of course, the downside to this is that you have to install the server part on a Windows server, but picking up a Win2k3 SMB license is only a few hundred dollars.
I can persoanally vouch for Avast! as well. They have really good catch-rate and you should be able to cover yourself for around $1000, both Windows and Linux.
Loading...
Avast offers a Linux version for centralized filesystem and mail protection. Pricing is $9.69/year per licenses for 20-49 licenses. There's one license per mailbox. Here's the full pricelist: http://www.avast.com/eng/pricelist-avast-for-linux-unix-server.html
Sophos is what you need! Check it out at www.sophos.com
http://www.avg.com/business-security
I've installed in several environments of multiple WinXP Pro workstations.
Put the "server" part on one ocmputer; let it do the updating and provide for central configuration.
You still have to install clients on each computer. I like to use InstallRite (http://www.epsilonsquared.com/installrite.htm): Run the "before setup" part of InstallRite, do the full install and configuration, then run the "after startup" part of capture a single file "Install Kit" that you can then run on the rest of the computers to get it fully installed. It saves lots and lots of time.
In the AVG Network Edition, the "server" contacts AVG's update server, then acts as a local proxy for that update information to the clients.
I BAN Symantec and Norton products from all computers we maintain under contract: Great advertising, but lousy products that can't be uninstalled: There are lingering traces that require Unlocker (http://ccollomb.free.fr/unlocker/) and a high-quality registry cleaner (I like jv16 Power Tools, http://www.macecraft.com/jv16powertools2009/) to root out all of the junk Symantec leaves behind. Not worth the effort when I can install a better, cheaper and more-reliable product (AVG).
For the central administration features, Symantec Endpoint works well. Our shop just moved to Endpoint from Symantec Corporate AV 10, and I was surprised to find that the new product identified threats on machines that had been running Corporate. All sigs were current. It just seems that Endpoint has a better engine.
I use irony whenever I can, but my shirts are still wrinkled...
Try EdgeGuard or AppGuard. They provide protection against malware from USB drives or zero-day web site exploits. (Full disclosure: I work for the company that produces these.)
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
Before you make any decision, take some time to sit down with the president of the company, the management committee, or other head honchos to find out what their outlook is for the next few years. Yes, even with the economy down there are some companies that are planning to grow. The place I'm at now sits at about 100 employees today, but was just at 35 employees five years ago (with most of those being shop employees). We went from about 15 PCs (and two servers) to an environment with about 60 PCs (and five servers). I came on-board a little over a year ago, and have been dealing with an IT environment that did not anticipate the growth. My advice to you: do whatever you can now to make your job (or your successor's job) easier five years down the road. It is much easier to get things in place now, before you are dealing with rampant growth.
We just opted for Symantec's Endpoint Protection after considering numerous options. Yes, the price tag seems significant, but the management tools work well (the deployment package creator alone saved me much time). For us, a significant factor was to select an AV tool that plays nice with some of our 3D design tools. Be sure to check with your power users regarding their software, and make sure whatever you select will play nice with your critical business apps.
I use irony whenever I can, but my shirts are still wrinkled...
> Thats like saying a house needs to be demolished because theyd like a new door
>
> And i dare say it will raise enormus compatibility problems and costs would be astronomical compared to solving the small problem at hand.
No. It's like saying a house needs demolished because it's infested with termites.
This (your) moronic attitude about security is what leads to the problem.
A Pirate and a Puritan look the same on a balance sheet.
Symantec for Small Business (Multi-Tier, or Endpoint) is super affordable...
If you guys aren't willing on spending any money on your infrastructure why use anti-virus at all?
So what policy would you advice for organisations where people need to be able to download and execute arbitrary software in order to get their work done?
Run all software not approved by the IT department in a sandbox. These can range from Sandboxie or FreeBSD's jail all the way up to full-scale virtualization such as Xen or VirtualBox.
I run an IT department in a non-profit school for autistic children. In our world, non-profit means very little money, especialy for IT, and so we have had to make some very creative solutions at times. Right now our network is primarily windows machines for the end users, Linux on all the servers, and one Mac. We have threatfire (free) on all of our windows machines along with malware bytes (also free) and our firewall (untangle, Linux, also free) has antivirus software that protects the traffic. It seems to do very well for us, and our problems are minimal. Threatfire seems to do a pretty good job with usb drives as well. our Linux machines, virus free since day one (naturaly) -Chase
I have had the same experience with AV as many others. No matter the product, there's infected machines.
None of this can be done without meaningful support from the entire executive staff because it will cause some disruptions.
The DIY solution goes something like this,
HTTP Antivirus Proxy: http://www.server-side.de/
Switching users to Firefox. (I know, I know, the IE users will cry like babies. So this one will probably not fly.)
Tighten up your firewall rules. You can't allow any connection outbound. Allow specific ports.
You are running snort right???? This is a very, very useful tool to track what's going outbound.
Get your win32 users out of Admin mode if possible.
I test machines by running xubuntu in live CD mode, installing java, then finding an online AV scanner that uses java to do their scanning. Time consuming, but they chose the enormous hidden costs of adopting Windows.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
We were recently in the same position. We were running Symantec Endpoint protection and it was expensive and a pain to manage. After doing some research we switched to Trend Micro and like it so far. There is a Linux client and everything, including installs, can be managed from the server. TM is a little quirky at first, but once you get the hang of it it is a very cost effective and manageable solution.
Outstanding product, low footprint, works with Windows, UNIX, Linux, AIX, Solaris, MAC OSX, etc. etc.
A true B2B product. No I dont work for Sophos, but I have supported it for the past 5 years and it ROCKS!
How about F-Secure, their management runs on Linux and detection is great.
Everything I've ever read tells me that I can't do anti-virus work from a single point of defense. That's like building a wall to stop and invasion; you can't possibly build enough of it to stop everything. :-)
First, route EVERYTHING coming in through a single gateway and put a virus scanner on that. Make sure it is updated as often as possible and remember to check it regularly. This is your castle guard.
Second, take away as many rights as you can from your users. Keep stripping rights off until they complain, then ask them what single right ALL of them need back and give it to them. Not a 100% percent solution but you deal with people, not abstract ideas. This is like putting bars on windows and locks on doors.
Third, install an AV solution that you can set to auto-download virus defs from a remote server. This is the guard at the door of every building.
Fourth, and last, use a good stand-alone malware scanner to clean infected computers. We use MalwareBytes Malware Scanner. It is very effective and so simple a user can run it.
You won't stop everything but with all of these in place you'll stop most things. The one problem you will have are the laptops. Anyone with a laptop WILL be infected about once every six months. Its the price you pay.
By the way, my company runs Symantic Corporate. It catches maybe 90% of the stuff that sneaks through the portal.
Here will be an old abusing of God's patience and the king's English.
As sibling states, a forced upgrade in the next year or two is likely anyway. The real question is compatibility. Depending on what they do, Macs could be completely compatible with their current system. Normally one of the biggest compatibility nightmares with migrating a shop to a different OS (OS X or Linux) from Windows is replicating all of the stuff that AD does for you. These guys already don't use AD, so Macs (or Linux workstations for that matter) could work for them depending on the application software they use. Hell, by using a Unix based workstation OS, they could GAIN a lot. Suddenly OpenLDAP and NFS become easy solutions to solve many problems that AD normally solves in pure Windows Domains. Since their server is Linux already, (again depending on application support) Mac OS or Linux could make their whole system much more compatible.
Now if AutoCAD is a requirement for business, then the whole idea falls apart. Certainly switching operating systems and/or systems is not always a great solution, but especially given Microsoft's big push to get people off of XP, it's worth consideration at least. It may not works for the questioner, but it may, and now is a pretty good time to consider it.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
Possibly a valid response from your point of view, but note that the original questioner doesn't have Windows servers so no AD/Exchange. It doesn't negate your point, but it does say that your point is not applicable to the original question.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
I'm a sysadmin at a company thats grown from 10 users to 100. We are using Trend currently and it doesn't seem to be doing the job thoroughly.
When I worked at MIT we used McAfee... I worked there for two years and managed thousands of machines and rarely saw any Virus problems. When I did see them they were on outdated computers which hadn't been updated or maintained... Luckily for me if it was beyond a certain time period I could just have it replaced :-p. (note: almost everyone at MIT had admin rights)
Here with Trend I'm seeing 3-4 computers per month on computers on which the users have no admin rights... what would you recommend? I'm thinking of using McAfee here... I have the corporate demo version 8.7i on my laptop now and I want to put it on a few things.
They've disabled ALL USB access, and will terminate your user account if they find logs proving you tried using a USB device. As for AV, it is the users responsibility to keep the governments machines up to date on virus definitions...
???? I think you need to define what part of the answer you are saying is sexual assault :P maybe it got deleted
There is no 1 good answer to which produc you should use, yeah I use Symantec Corporate, its light weight, fast and it updates like a charm. But the best anti-virus still is the fact that you must not get one in the first place. So user awarness and give them a class on best practices. Im sure you can meet everyone at your compagny and tell them that the best thing is to always be suspicious on the internet. Dont trust emails, NEVER, even if you know the person, double check if you have any little doubts. But for the AV solution well I dont have suggestion beside the "dont": Dont use AVG it sucks bad.. dont use Panda (if it even exist anymore) its the worst, its even harder to remove than a virus itself. I heard good thing about Nod32 but never used it. I like Symantec but i guess its not cheap
If you want to get rid of most malware issues setup the host file to block malicious hosts and add servers on the net. This works very well for me along with using clamwinav on the xp boxes. I also make sure that spybot is installed as well. All 3 work great together. You can get the modified host file here http://www.mvps.org/winhelp2002/hosts.zip
Isn't this a good reason to use virtualization?
Step 1: Have a centralized, protected, backed up file server.
Step 2: Create a standard clean OS and application installation image.
Step 3: Daily or weekly flash back to the clean installation (since all user data will be on the file server see step 1 - if its not they'll learn very quickly)
Step 4: Profit.
#1 Exchange does have loooooots of features...but very few are actually used.
#2 Stating that few options are available to replace Exchange is not true.
- MailSite
- Kerio MailServer
- Apple's Mail Server
Just to name a few, and they all support Outlook, Mail and Thunderbird at the very least.
"so many people knock exchange - but in reality it is quite nice if you know how to manage"
Exactly...Exchange is a pain in the neck to manage and has (IMO) one of the worst management console of all MS Server Side product.
AVAST! has been a great solution for my firm.
We have used it as a replacement for Symantec at multiple sites. SEP seems like bloatware and isnt as intuitive as it should have been.
AVAST! also has a totally free home user version, which i have to say is extremely nice.
http://www.vipreenterprise.com/
I've had unpleasant experiences with Norton and Avast in the past.
Friends sent me Trojan horses and they were not detected at all. However when I installed Nod32 they were detected and blocked automatically.
So since then I am using Nod and I am very happy with it.
I've found Panda very good also but it eats more resources (however it has firewall integrated).
Okay, so you are in a unique situation. You've got no investment yet, and a small number of machines to manage. Why use antiquated software that at best will detect non zero day viruses and almost no malware (seriously, does any AV vendor find a significant amount of malware???). The solution is to switch from a blacklisting approach, and move to a white list approach. Instead of using a piece of software to look for bad stuff, just tell your computer what good stuff can be run. There are a ton of vendors that sell white listing apps. I don't know if there is one that is scaled for your size. Lumension has a decent product, as does core trace. Those may be overkill. Faronics has a simpler solution that may be worth looking at. I'm sure there are dozens more out there, but those are just the ones I've looked at.
I've been testing AV solutions for the same setup; Windows clients, samba server, no AD or domain. AVG worked great for the first couple years, but sometime in 2008 they took a huge turn for the worse. Their support, even enterprise, is abysmal and absurd (email only!) Their more recent products are such huge resource hogs that most of my users just uninstalled it as it made their workstations unusable. Month's of round and round with email support and no solution.
I've tested most of the products mentioned here, nod32, Avast, Kaspersky, etc. I finally stumbled on a pretty new entrant to the space, Vipre, by sunbeltsoftware, http://www.sunbeltsoftware.com/ . Support has been fantastic, and I'm just using a trial version. The admin interface is modern, quick, and well thought out. Most of the other admin interfaces seem like an afterthought or an engineering prototype. The test users are happy so far. And it's cleaned up a few severe threats that were not found by AVG.
Disclaimer - I am not affiliated with these guys at all. I am just a happy trial user, so far.
I have 40+ workstations and 15+ servers and we use TrendMicro. We're a Microsoft shop so I'm not sure if it will work on your Linux box, but it's the ONLY AV that I've been happy w/ for any length of time.
The hardy survive, and the weak don't.
I view viruses as the normal and expected end of any windows installation, and welcome said end. (Needless to say, I don't run windows for anything except for playing a few old games on machines that *never* connect to the Internet.)
yes, thats why it wasn't posted in response to the original question. context is everything.
We recently purchased about 750 licenses from Kaspersky after testing it out and being dissatisfied with Macafee. It has been a nightmare. I've deployed it to about 200 machines and ever since I've had users begging me to make their machines faster. I don't know how or why, but it is just not liking about 20-30% of our workstations (decent HP desktops and laptops)
Their tech support, while being mostly attentive, has been completely useless. They also have us doing pointless system info scans on the same machines over and over even though they have the previous 10 scans and nothing has changed on the machine. Kind of like when you call your ISP to see if there is a service outage and they keep telling you to reboot your model like you are some sort of moron. Also any kind of escalation is handled overseas, I would guess, so any urgent developments have about a 1 day turnaround time at best.
Kaspersky looked great on paper for us but actual execution has been horrendous.
The decision to purchase Kaspersky was mostly mine, a young recent IT grad's first real decision out in the world with impact, and I can see now that it was a huge mistake. In fact every day I wonder if/why I will be fired for it. We are in the process of trying to get a refund for it since I can't justify rolling this unstable software out world wide. I also now see why more established IT pros usually never want to make any kind of change unless it is absolutely necessary (if its mostly working don't mess with it).
I wish I could go back in time and tell myself to keep my mouth shut about how "average" Macafee performance was. The issues with Kaspersky are in a whole different league to the point of a person affected is unable to work normally until I remove the AV. The worst part now is if we do get a refund we have to decide weather its best to just go back on Macafee or find something else; either way I look like a complete moron and worst of all this experience will probably cloud my judgment and tendency to overuse caution in future decisions; I will make the safest/easiest/most secure play as to not put my job in danger instead of going for something with ambition and potential that will be most beneficial for my users and company.
Whatever. The planet's getting demolished in two hours to make room for a new hyperspace bypass.
At my work place we call it Anti-trust or E-trust me.
20 machines and a server is too big to manage manually?
Slap a free AV on there with automatic updates and scheduled scans. When users complain of spyware and viruses and such, you go in and fix it.
NO ANTIVIRUS SOFTWARE is worth a damn in terms of prevention. They are ALL absolute garbage. You only install to cover your ass.
Sophos will give you a good price, and the contract includes free licenses for the home computers of all of your employees.
Use Avast's Distributed Network Management (ADNM)
Works like a champ and is centrally managed.
Will deploy without the need of Active Directory, or if you do upgrade to AD, you can easily create an MSI file to deploy.
You might consider VMware view. Each person has a thin client on their desk which controls a VM on a centralized cluster. You can centrally manage everyones' VMs and control things like updates and anti-virus.
http://www.vmware.com/products/view/
No, I will not work for your startup
You're making this too difficult. Just pick a rarely used workstation to act as an AV server and install SEP. It takes very little proc/mem to run SEP and you will never find a more complete, tested or trusted suite... particularly when it comes to granular control of the workstations including locking down USB access.
I work as a security consultant for fortune 100 finance firms and some smaller hedge fund firms as well. From large environments (1000+ users) to small (~5 users), you simply can't beat SEP. Yeah, the server GUI is a little annoying and not very intuitive, but once you understand how it works, you're set. Not to mention... they have fantastic support. Say what you will about having to deal with India for tech support (and of course the hold times)... their techs are knowledgeable and have been able to solve our problems every time.
I have worked with:
- Trend (sucks... their updates frequently break environments)
- ClamAV (great for linux mail servers)
- SAV (tried and true, but somewhat resource hungry)
- Panda (JUNK! AVOID!)
- AVG (one step above spyware scam software... junk)
- Avast (great for home use)
- Mcafee (ugh)
- Antivir (good for home use, but I prefer Avast).
The biggest piece of advice I have for anyone thinking of installing SEP... make sure you're using the latest release (Currently MR4). Do NOT install an older version and upgrade. The other very important detail is don't install the network threat protection package in SEP. It breaks DFS file servers and Windows domain controllers. Just stick to the Antivirus/Antispyware software and you're all set.
Face it... you're running a Windows environment and happen to have one Linux box on the network. One Linux server does not make it worth your while to go about stuffing some Linux based solution that requires weeks of tinkering to make it work with Windows machines, just so you can save a buck. Trust me... you get what you pay for. Stick to the software designed for professional windows environments and disregard the Linux fanboys(and girls) on here who tell you otherwise. Linux is fantastic at what it does and I certainly have my share of *nix servers in my environments... but you're trying to stick a square peg in a round hole. Stop that! ;-)
Antivirus? Sure, but don't expect it to work all by itself. Desktop security is never going to be 100%, far from it. IMO, the best you can do is combine policy with good systems, and edumcate your users. Lock down your I/O, some sort of end-point security product that'll lock/audit USB and DVD drives. Filter mail and strip dangerous attachments - park attachments for 24 hours if possible. Turn on auditing with group policy, and check the damn logs. Run some sort of IDS, Snort can be tuned to monitor the LAN for malware trying to propagate. Have good enforceable policies, and educate your users to the reasoning and consequences. Get management on-board. Having the top dog issue a broadcast email is always more effective than the IT guy doing the same.Follow through when you find someone in breach of policy. It only takes one or two cases before word gets around and users realise you're serious. Try to get onside with users, but it's not your job to be liked. Your job is to protect the data and systems.
It gripped her hand gently. 'Regret is for humans,' it said.
It's complicated, but it runs on Windows XP. It pushes out the programs to the client PCs (if they're Windows XP, Home is a no-go due to the Guest account force), as well as updates. Downloads updates from the KAV servers, caches them, pushes them out. Has all kinds of reports on detected infections, machines that haven't been updated lately or are off the network, etc.
Comes with the business version of the AV product, server or workstation, no extra charge. Just download it.
I've used it on two clients now. There are some gotchas you have to look out for when machines change machine names or IP addresses if they're out of control of the kit (basically you have to delete and re-add them so it assigns new security certificates that control secure commo between client and Admin Kit), but basically it's not that hard for somebody with a clue to work with. You have to install either MSDE 2000 (preferred) or Microsoft SQL Server Express (free shrunk down SQL Server from Microsoft) to use the Admin Kit, but you don't have to administer the database, the Kit does that. Kit alows you to back up the database on a scheduled basis as well so you can recover if something gets screwed up.
Compared to Symantec and others, it's a good deal. The KAV AV itself for small business is not that expensive, either.
KAV as an AV has its annoyances, though nothing compared to Norton. It tends to pick up every exe in a zip file as a "Trojan something or other", especially anything packed with UPX. So if you have a lot of third party Windows utilities laying around, you'll get false positives and sometimes KAV will delete them unless you specify them as safe - which you can do by applying "policy" from the Admin Kit to all your machines.
On one of my clients, they got hit with a particularly nasty virus which KAV detected, but not before it infected a critical Windows system file, which KAV then "disinfected", destroying Windows which had to be re-installed by the IT guy on site. But this sort of thing happens with any AV - none of them are fool-proof.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Try F-Prot corporate. http://f-prot.com/ 10 licenses/year is $50US. We had it at work for a couple of years for 20 seats at $90 /year
I'm back with it after 1/2 year of Spybot S&D. It found a couple of things that ENOD32 missed.
It also doesn't lag, even on old VIA Centaur cpu's.
Nice central administration console - you can push out the installation to your workstations it even (supposedly) removes any existing anti-virus software. (It was unable to cope with Norton AV which is notoriously difficult to remove). The whole package (we have 27 licenses) cost less than the individual subscriptions we used to have and servers are just another license (we have 4). We are quite happy with it.
Take a look at Sophos Antivirus. It's worked well for my clients in Reno and support most OS's including Mac's.
Executable white-listing has been built into Windows Group Policies since 2001. If you have a windows server domain, XP and later clients can be made to run only executables signed with certain certificates, and/or executables with specific hashes. We have used this for kiosk machines at trade shows.
The problem is that maintaining the database of "allowed executables" is horrifyingly complicated. Every patch, DLL, printer driver, language variant, Flash plugin, Adobe Reader, etc. needs to be in the database. There are some 3rd party management tools for that, I think, but we never even got that far before we gave up. It was simply too much to manage even in a 200-workstation network.
I work with a German-owned company that uses Norman Virus Control. From time to time it kills machines, but its biggest offense is the frequent false positives. When your antivirus deletes user32.dll on half a dozen remote machines without a remote option to restore the file, and the mothership tells you to just deal with it, you lose all good will.
Also, it's named like a bootleg ripoff of my other favorite cpu-hog and randomly pops up a splash screen over the middle third of your monitor.
coffee | nose > keyboard
Yes, it's effective but too complicated and therefore difficult to manage... A lot of the problem with windows security features is that the more useful ones are far too complex and therefore very rarely get used.
A much better approach, is the trusted path execution implemented by the grsecurity patch for linux.. This works by only allowing binaries owned by root and inside of directories which are also owned by root, to be executed. Something similar could be applied to windows, only allowing binaries installed by the admin to be run and not anything owned by unprivileged users. Ofcourse if you want complicated, linux also implements selinux. /tmp etc) with the noexec flags.
Some degree of protection can also be achieved simply by mounting any user writable areas (/home,
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
But migrating to OSX requires a whole new computer. Hardware and software. An anti virus solution wouldnt cost that much. And look, i got modded a troll! i still stand by what i said, regardless of being called a troll i think my answer is not apple bashing. its a fact an OSX migration will cost a lot more than an AV solution.