Slashdot Mirror
Central Anti-Virus For Small Business?
rduke15 writes "I'm trying to find a centrally managed anti-virus solution for a small business network, which has around 20 Windows XP machines with a Linux server. It is too big to manage each client manually. However, there is no no full-time IT person on site, and no Windows Active Directory server — just Linux with Samba. And the current solution with Symantec Endpoint Protection seems too expensive, and too complex for such a simple need. On the Linux server side, email is handled by amavisd and ClamAV. But the WinXP clients still need a real-time anti-virus for the USB disks they may bring to work, or stuff they download from their personal webmail or other sites. I'm wondering what others may be using in similar situations, and how satisfied they are with it."
It works well, you just need a windows server/workstation to push it to clients and for clients to get updates from.
It's also not very resource hungry.
I think 30 seats was around $1000
At least, we do at the school. That's a 50-station network, and amounts to about $10 a year per station after the educational discount. $20/year per station without, but you get cut rates for longer terms. I'm quite happy with Avast. At the business (20 stations, no AD when it was installed aeons ago) we used Trend Micro ServerProtect, which is no longer supported. That one was $800/25 stations flat fee and is still being updated. Neither one of those needs an AD server for its console, though they are both Windows based.
Do it without the server, and install NOD32 antivirus on the clients, with NOD32 Remote Administrator to manage them. We put this system in recently and it's very very effective. Synchronized our antivirus product and definitions quickly, and reported infections that had slipped past the unmanaged installation on one machine (it hadn't been updated for a while...). No, you don't have to install it on a Windows Server OS (although we did).
Forget thrust, drag, lift and weight. Airplanes fly because of money.
That's sexual harassment. And no, it doesn't matter if you work in the fashion industry.
How we know is more important than what we know.
Both my university and workplace (of similar size to yours) use Sophos. They provide a number of centralised management tools, centralised update servers etc. Check them out, www.sophos.com.au.
Those are all great things. But A) they won't actually stop people from bringing viruses into the office. They might *help*, but you'll still need an A/V client from time to time and B) those things are not going to happen reliably someplace that doesn't even have a full-time IT guy.
Kaspersky Enterprise Space Security is comprised of components for the protection of Linux and Windows workstations, file servers and mail systems.
Samba File Servers are also fully supported!
More Information -- http://usa.kaspersky.com/products_services/business/open_space_enterprise.php
From clamwin.com website:
Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.
This assumes that the users remember to scan everything before they run.
(I personally do the clamwin thing for my personal machine, haven't found anything yet)
Im security admin for a fortune 500, posting anonymous coward. Ill tell you what not to use. Don't use Panda. We have it at a european subsidiary, and I have never seen anything so crap. Never.
Now for the advice - Use something you recognise and trial it do death, antivirus detection rates are not so important as product robustness, and console usability. It's no use having something with a 99% detection rate if the 1% it doesnt detect are things like virut and conficker, and the product falls over every time you look at it. Coporate antivirus arent so much about detecting 100% of virus as reliably reporting the viruses they have found, and robustly maintaining communications with the management console so you can deploy updates.
These days no antivirus is really very good, I came to the conclusion a while ago that AV is an obsolete technology. The malware writers are just taking the piss, and Windows can never be virus free.
Terrible detection rate. Sorry, but when an AV suit finds about 2/3 of the threats, you can just as well go without one.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Antivirus suits are the last line of defense. Not the first!
The first is the user and sensible usage policies. When people can download and execute arbitrary software and plug in USB sticks at random, you have bigger problems than the choice of your AV.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I "administer" our small business IT infrastructure (well, it's just 10 computers) and our solution was to assess who needs internet access. As it turned out, the boss and the secretary need web, email and access to the accounting software on the remote side of a VPN, and the other guys don't because they use only internal documents. But they do need Windows because we use Windows-only software (SolidWorks and MasterCAM). So I've setup a fast Linux box that's on the internet, that provides web and email access through NX servers and clients (that is, the clients run on the linux box and display on the Windows workstations). USB ports are also disabled on all Windows boxes, and people who really want to see what's in a USB key have to plug it on the Linux box and have the content checked before it's transfered to a Samba share for Windows consumption. Same thing for CDs. None of the Windows boxes ever see the internet.
None of our Windows boxes are patched, updated or fitted with antivirus software, and we're doing just fine. The Windows boxes are super-fast as a result too.
But that's *our* solution. Your mileage may vary, but I think you should make a reasonable assessment of workers' need for internet access. You may be surprised how few actually need it to do their work (IM isn't a valid reason) and you may be able to rearrange your infrastructure to make it very easy and manageable like ours.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
1) You need an anti-virus solution in the Linux box. Assuming that is your only gateway to the external internet, putting up a anti-virus enabled firewall and stopping unwanted protocols is enough to filter out most stuff.
2) Disable USB and DVD drives on every PC. Physically. Period.
Its cheap and fast.
"Doing what i can, with what i have." ~ Burt Gummer
In migrating from AVG free to AVG corp, the push never worked and we had to end up manually uninstalling on every workstation before we could push the corp version and have it actually work properly.. if we tried to push the newer version over the free version, it just disabled any sort up updates and made things worse
yes, free should never have been installed in a corp environment, but that's how it was when i was hired.. licensing was the least of my problems by far.
I'd love to be able to use osx on our network, but there are some serious roadblocks. #1 is the price of the workstations. when you need 300 bog standard desktops on a tight budget, your options from apple are... lacking to say the least. #2 is compatibility. entourage is very weak as an exchange client in a business environment. OWA on non-IE browsers is not great either. CAD and ERP software is limited. #3 is the cost of (re)training employees. with windows you get the benefit of your users having the same system at home/previous job/etc. even very simple differences in the ui require real support resources. some people just don't get it, no matter what "it" is.
also, while i am a fan of osx and use it personally, i don't put any faith in the "macs are more secure" arguments. every security analysis I've seen shows that macs are actually easier to exploit (probably will improve in 10.6). maybe the small installed base just isn't worth the effort to malware creators (yet), but if you use security as justification for switching to the PHB, I think you're setting yourself up to look really bad.
-Lod
Moonsecure is an AV based on clamwin: it actually employs a real-time scanner. clamwin offers no active protection, so it is pretty much useless for most user scenarios.
In all honesty, I've given both Moonsecure and clamwin many chances over the past couple of years. I don't want to admit it, but I feel as though I've been largely disappointed with the detection rates, the interface and the speed of both AVs. I've used them mostly in a 'workbench' setting though, scanning client drives outside of the system. In comparison to the other (commercial) scanners I use regularly, I've not been impressed.
Fact: Everything I say is fiction.
In my personal experience, I found mcafee asap (mcafeeasap.com) the easiest to use in such a small business. This software has "agents" which report their status back to the mcafeeasap.com website, from which the administrator can monitor all pcs.
This idea is great for small companies. The implementation however had a few problems:
- Over time, I've installed all "agents" at least twice. They just stop working for no reason at random moments
- Some agents 'do' have a reason to stop: they think the license has expired, while it's definitely not.
- And mcafee is bloated + it uses mshtml for every single dialog and even for invisible actions like downloading updates. This eats cpu power.
.sig: No such file or directory
I see you already placed the biggest point I could make out there. It does it also if the old version is too old or isn't a networked version.
I actually had the same problem at a site with a laptop that somehow slipped through the cracks and didn't get updated to the latest version of AVG. In my case, it was a corporate version (network edition, but it was severely outdated) and I had to manually uninstall before being able to install the new client. I think the laptop ended up on a shelf in one of the partners closet so while we thought he was working with it periodically which should have already updated it if it was on the network. When we ended up seeing a version 7 in the management console after it hit the network fir the first time in over a year, and we were one 8.5, our eyes lit up.
I'm not sure I would consider a one time walk around in order to set things up as a big negative. Especially when the case is as you mentioned. All future pushes should work pretty well. I went from 8 to 8.5 buy upgrading the console machine first and then pushing it our to everyone else. Well, everything but the one laptop I mentioned earlier.
I'm assuming from your post that you aren't running AV? That's how I read it anyway, as you don't include an AV solution (which is what this post is all about)
Security Lesson #1: Usability, Secure, Cheap - pick any two.
Anyone can put up a solution that provides two of these, however I think the solution you have put together provides only one.... Cheap!
Working from a VM? Not usable - at least not for typical office workers. No AV protection? Insecure
Allow me to elaborate on insecure...
Fair enough, you 'reset' your virtual machines when shit happens, but what about when a virus sends out spam from one of your IPs and gets your blacklisted? What about when a virus/trojan/whatever leaks confidential business information? and how do you know if things get nasty if you aren't running AV?
The viruses you need to worry about, are the ones you probably wouldn't detect without AV protection, as these are the ones most likely to do your business harm.
Thats like saying a house needs to be demolished because theyd like a new door
More like "soon their house will be demolished, better not invest in a new door now".
Within 2 years they probably have to migrate to Vista or Win7 anyway, they also need to buy and maintain AV software, why not invest in something else instead? Or at least look at alternatives and do the maths.
For our little business of around ~35 people, we use Trend Micro OfficeScan. You need to check out what it costs, but I can tell you it works well here. To uninstall/configure the program on each client there's a central password and every noticed virus gets e-mailed to the sysadmin. The program is very stable too, and doesn't noticeably slow the system down.
After having managed three major products in the past years (EPO + McAfee, Trend OfficeScan, SEP, on various directories ranging from 120 to 6000 boxes) I would definitely vote for Trend.
McAfee is horrendously insidious. Should you ever want to use a different product, it is damn near impossible to remove. After the IT guy at a job spent 7 hours trying to get rid of it (he did, mostly) when they switched to Kaspersky, I spent another three with regedit and a few Cygwin tools hunting down the rest. I think I got it all, since Outlook has finally quit trying to use it.
Avoid it like the plague.
AV-Comparatives recently released their May 2009 Corporate AV Report, which sounds like it may be right up your alley.
It's fairly large, but reviews a large number of AV products with a corporate focus, contains lots of screenshots, and even grades them on their appropriateness for Small, Medium and Large networks. Sounds like it would definitely be worth a look in your case.
Since my company doesn't have the budget, I have tried to find something free but I failed, in the end I installed comodo av which is free, it can't be remotely managed, but it's far better than clamav, I've scheduled an automatic scan at 1pm during launch break, and it does automatic updates too, if you need to administer it remotely just install vnc on each client, 20 aren't that much
...then use group policies to push out AV updates automatically & lock down the desktops remotely and automatically. Samba is a half-cut replacement for a proper Windows Server when it comes to Windows workstations (sorry samba guys; samba is good, but ultimately lags far behind what it's trying to imitate)
Windows XP is only really so vulnerable to viruses because normally it runs in "everything as root" mode; which, if you had a proper Windows server you could change in seconds (not that you couldn't do this manually, but with AD it's automatic network-wide).
throw new NoSignatureException();
MANAGEMENT SUMMARY: AVG will cost more in workhours and years of your life than it will ever save you! USE WITH CAUTION!
AVG network is a huge mistake I made as an admin... Sure the cost is low, the central management is OK, and the virusscanner was pretty decent... Only with newer versions you get these free bonus PITA's:
- Bloat like the Linkscanner that 'enhances' your webbrowser by making it slower or freeze and crash
- Firewall that will sometimes lock for no reason at all (making me have to go to the server to reset it since remote management is made impossible)
- Updates that automatically f**k the PC, there was one well known AVG-update-crash that you'll probably remember but beside that there have been numerous other updates that have a success rate of installing of less than 50%, so you'll have to fix half the PC's manually.
- Updates that will turn the real-time-protection off automatically and not turn it on again (WTF, is this a 'pro' version used in networks and on servers?)
In the end, if you configure AVG to *only* install the AV part (only thing Grisoft is somewhat good at), and stay as far away from the crappy firewall and other bloat you'll save yourself a lot of trouble (and headache).
OSX is supposedly getting exchange support, on the other hand is Apple really the problem?
We have a similar situation where i work, exchange doesn't interoperate with the increasing number of linux and mac workstations... The problem is exchange not interoperating with anything else (as well as having a whole host of other problems and hidden costs), which is why it's being replaced.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I've not found any other AV to really be much better, i've seen machines installed with up to date mcafee which are spamming the users with ads... went through the box manually to find what was doing it and uploaded the binaries to virustotal.com, less than 10% of the av engines detected it even tho the programs hooks itself into ie and displays unwanted popup ads constantly (for typical spamvertised things like penis enlargement pills etc)
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Perl scripting is the answer. Install a free anti-virus, and setup a script checking. Check the anti-virus files and registry entry. You can get all the information you need, program virus version, database version, and use a central server to store the logs. Using scripts you can force anti-virus updates and restart. I have a lot of experience with Trend Micro and all the anti-virus parts are daily checked with Perl scripts (during the night), to make sure the clients behave.
Love many, trust a few, do harm to none.
What about users who get hit by drive by infections on websites that should be trustworthy (because the sites got owned, or malware is delivered through third party ads)?
What about users who open pdf files or msoffice documents containing exploit code and malware?
What about users who simply insert media infected with autorun malware?
How about malware emails coming from trusted senders (either because those people are infected themselves, or because the mails are spoofed)
There are plenty of infection vectors which don't involve users doing things they're not supposed to be doing.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
AVG was lightweight until version 8.5. Now the footprint is as bad as McAfee or Symantec (around 100MB of memory used by each).
Big! Strong! Wow! Tada-O!
Take a look at the Trend WorryFree managed service. Doesn't need a central server on-site and you still get a centrally managed solution.
Isn't this a good reason to use virtualization?
Step 1: Have a centralized, protected, backed up file server.
Step 2: Create a standard clean OS and application installation image.
Step 3: Daily or weekly flash back to the clean installation (since all user data will be on the file server see step 1 - if its not they'll learn very quickly)
Step 4: Profit.