Central Anti-Virus For Small Business?

rduke15 writes "I'm trying to find a centrally managed anti-virus solution for a small business network, which has around 20 Windows XP machines with a Linux server. It is too big to manage each client manually. However, there is no no full-time IT person on site, and no Windows Active Directory server — just Linux with Samba. And the current solution with Symantec Endpoint Protection seems too expensive, and too complex for such a simple need. On the Linux server side, email is handled by amavisd and ClamAV. But the WinXP clients still need a real-time anti-virus for the USB disks they may bring to work, or stuff they download from their personal webmail or other sites. I'm wondering what others may be using in similar situations, and how satisfied they are with it."

NOD32 Antivirus and NOS32 Remote Administrator

[BiggerIsBetter]

Do it without the server, and install NOD32 antivirus on the clients, with NOD32 Remote Administrator to manage them. We put this system in recently and it's very very effective. Synchronized our antivirus product and definitions quickly, and reported infections that had slipped past the unmanaged installation on one machine (it hadn't been updated for a while...). No, you don't have to install it on a Windows Server OS (although we did).

Re:We use Nod32

I would have to agree with this recommendation.

I've been installing NOD32 at several sites recently. The Business version of their antivirus/antispyware package does include a Management Console feature.

You'll end up paying about $39/seat for a 2 year subscription.

Also, NOD32 just won a Consumer Reports award this year.

Ill tell you what *not* to use

Im security admin for a fortune 500, posting anonymous coward. Ill tell you what not to use. Don't use Panda. We have it at a european subsidiary, and I have never seen anything so crap. Never.
Now for the advice - Use something you recognise and trial it do death, antivirus detection rates are not so important as product robustness, and console usability. It's no use having something with a 99% detection rate if the 1% it doesnt detect are things like virut and conficker, and the product falls over every time you look at it. Coporate antivirus arent so much about detecting 100% of virus as reliably reporting the viruses they have found, and robustly maintaining communications with the management console so you can deploy updates.
These days no antivirus is really very good, I came to the conclusion a while ago that AV is an obsolete technology. The malware writers are just taking the piss, and Windows can never be virus free.

Re:We use Nod32

[FRiC]

I don't know about other people, but around where I work, the joke is that whichever computer has Nod32 installed, it also has tons of viruses installed. Nod32 never seems to work in real life, eventhough it consistently scores high in reviews and have lots of recommendations.

(We use avira.)

It depends

[Rosco+P.+Coltrane]

I "administer" our small business IT infrastructure (well, it's just 10 computers) and our solution was to assess who needs internet access. As it turned out, the boss and the secretary need web, email and access to the accounting software on the remote side of a VPN, and the other guys don't because they use only internal documents. But they do need Windows because we use Windows-only software (SolidWorks and MasterCAM). So I've setup a fast Linux box that's on the internet, that provides web and email access through NX servers and clients (that is, the clients run on the linux box and display on the Windows workstations). USB ports are also disabled on all Windows boxes, and people who really want to see what's in a USB key have to plug it on the Linux box and have the content checked before it's transfered to a Samba share for Windows consumption. Same thing for CDs. None of the Windows boxes ever see the internet.

None of our Windows boxes are patched, updated or fitted with antivirus software, and we're doing just fine. The Windows boxes are super-fast as a result too.

But that's *our* solution. Your mileage may vary, but I think you should make a reasonable assessment of workers' need for internet access. You may be surprised how few actually need it to do their work (IM isn't a valid reason) and you may be able to rearrange your infrastructure to make it very easy and manageable like ours.

Re:It depends

[Rosco+P.+Coltrane]

nobody aside from the boss and secretary need email?

Well, I didn't count myself in :) We're a small firearms manufacture, so the boss and the secretary need email to answer customers, and the boss needs the web to check on the competition (he's not into porn at all, not the type). The secretary doesn't need the web, but I left it for her because she sometimes has no work for hours and she doesn't really like to read. She also does the accounting, so she needs her distributed accounting software client. As for the other guys, they work mostly at the workbench, mounting the guns. They need PCs to consult technical documents such as plans, steel compositions or art drawings, and they also need them to work with 3D models of parts, to feed the milling machine. None of these computers need to be on the internet, they are just glorified document viewers and machining tools.

As I said, every situation is different. In a software development outfit, the sort of solution we have here wouldn't work at all, but for us it works. The OP says he manages a "small business network": for all I know, it could be a printing shop, or a garage, not necessarily all white collars. That's why I mentioned what we implemented here at my company.

Re:We use Nod32

[LodCrappo]

a couple years ago i worked at a company the used NOD32 and they were often bringing infected machines in to the IT dept despite the software being updated and supposedly working. now I work at a company that used symantec, and they were often bringing infected machines in to the IT dept despite the software being updated and supposedly working. One of my current coworkers used to work at place where they used Panda. They were often bringing infected machines in to the IT dept despite the software being updated and supposedly working.

WTF?

Re:We use Nod32

[Bert64]

AV is inherently a flawed idea... As you've found out, not every AV picks up every *known* piece of malware, and none of them will pick up new malware that has only just been developed (and people are developing new stuff all the time)...

Take some of the files that avast found and upload them to virustotal.com, and see just how many other AV products don't find it... You will also find that there is plenty of other malware out there which avast won't find... Anything that's missed by both avast and avg could potentially still be sitting on your machine.

Also, malware authors don't just sit still, malware is big business and the people writing it are constantly looking for new ways to avoid detection, and that often involves specifically targeting the most popular types of AV in order to find effective ways to bypass them. AV by it's very nature will always be one step behind the authors of malware... AV will always just be a low hanging fruit exercise, it will never be able to get anything...
The only place i use AV is on my email server, not because i'm especially concerned about the actual malware itself, but because malware detection works as another method to remove some unwanted junk mail.