Central Anti-Virus For Small Business?

← Back to Stories (view on slashdot.org)

Central Anti-Virus For Small Business?

Posted by kdawson on Tuesday June 16, 2009 @05:52PM from the keeping-them-safe-despite-everything dept.

rduke15 writes "I'm trying to find a centrally managed anti-virus solution for a small business network, which has around 20 Windows XP machines with a Linux server. It is too big to manage each client manually. However, there is no no full-time IT person on site, and no Windows Active Directory server — just Linux with Samba. And the current solution with Symantec Endpoint Protection seems too expensive, and too complex for such a simple need. On the Linux server side, email is handled by amavisd and ClamAV. But the WinXP clients still need a real-time anti-virus for the USB disks they may bring to work, or stuff they download from their personal webmail or other sites. I'm wondering what others may be using in similar situations, and how satisfied they are with it."

22 of 359 comments (clear)

We use Nod32 by Mark19960 · 2009-06-16 17:59 · Score: 5, Informative

It works well, you just need a windows server/workstation to push it to clients and for clients to get updates from.
It's also not very resource hungry.
I think 30 seats was around $1000
1. Re:We use Nod32 by Ethanol-fueled · 2009-06-16 18:03 · Score: 5, Funny
  
  Uh, Linux bro. On all the workstations. That's what you were supposed to say.
  
  Sheesh. Now if you'll excuse me, I have to boot back into my XP partition so that I may run all of my expensive, legitimate software.
2. Re:We use Nod32 by Anonymous Coward · 2009-06-16 18:08 · Score: 4, Interesting
  
  I would have to agree with this recommendation.
  I've been installing NOD32 at several sites recently. The Business version of their antivirus/antispyware package does include a Management Console feature.
  You'll end up paying about $39/seat for a 2 year subscription.
  Also, NOD32 just won a Consumer Reports award this year.
3. Re:We use Nod32 by FRiC · 2009-06-16 18:33 · Score: 4, Interesting
  
  I don't know about other people, but around where I work, the joke is that whichever computer has Nod32 installed, it also has tons of viruses installed. Nod32 never seems to work in real life, eventhough it consistently scores high in reviews and have lots of recommendations.
  (We use avira.)
4. Re:We use Nod32 by JWSmythe · 2009-06-16 18:57 · Score: 4, Informative
  
  I hear and find the same thing true with AVG. :) People bring me malware infested machines, so I uninstall AVG and install Avast Home (Free), which takes care of the problems, and protects them in the future.
  I'd highly recommend Avast. It does have a management tool which is what the article is seeking (avast! Distributed Network Manager). The server is free, but it requires a paid version of their software to use with it. Bulk pricing information is here: http://www.avast.com/eng/pricelist-avast-professional.html
  
  --
  Serious? Seriousness is well above my pay grade.
5. Re:We use Nod32 by LodCrappo · 2009-06-16 19:16 · Score: 4, Interesting
  
  a couple years ago i worked at a company the used NOD32 and they were often bringing infected machines in to the IT dept despite the software being updated and supposedly working. now I work at a company that used symantec, and they were often bringing infected machines in to the IT dept despite the software being updated and supposedly working. One of my current coworkers used to work at place where they used Panda. They were often bringing infected machines in to the IT dept despite the software being updated and supposedly working.
  WTF?
  
  --
  -Lod
6. Re:We use Nod32 by Mordok-DestroyerOfWo · 2009-06-16 19:54 · Score: 5, Funny
  
  Same issue here with Symantec. I used to get angry but now I just consider it job security. Plus they gave me these really nice pills to calm me down. Oooh a unicorn!
  
  --
  "Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
7. Re:We use Nod32 by Bert64 · 2009-06-16 22:19 · Score: 4, Interesting
  
  AV is inherently a flawed idea... As you've found out, not every AV picks up every *known* piece of malware, and none of them will pick up new malware that has only just been developed (and people are developing new stuff all the time)...
  Take some of the files that avast found and upload them to virustotal.com, and see just how many other AV products don't find it... You will also find that there is plenty of other malware out there which avast won't find... Anything that's missed by both avast and avg could potentially still be sitting on your machine.
  Also, malware authors don't just sit still, malware is big business and the people writing it are constantly looking for new ways to avoid detection, and that often involves specifically targeting the most popular types of AV in order to find effective ways to bypass them. AV by it's very nature will always be one step behind the authors of malware... AV will always just be a low hanging fruit exercise, it will never be able to get anything...
  The only place i use AV is on my email server, not because i'm especially concerned about the actual malware itself, but because malware detection works as another method to remove some unwanted junk mail.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
8. Re:We use Nod32 by Bert64 · 2009-06-16 22:30 · Score: 4, Insightful
  
  heuristics won't help either, malware authors will have pirate copies of all the latest av products and will tweak their malware until the heuristics no longer detect it before they start deploying it.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
9. Re:We use Nod32 by bflong · 2009-06-17 02:12 · Score: 4, Informative
  
  We did something close to this, actually. We run Linux on all our workstations (with NFS shared home directorys). Then we run VirtualBox with immutable hard drive images. Every time Windows is closed, all the changes made to the system are thrown out. All documents are stored on the server. When new software or updates are needed, the administrator can run the VM with a changeable disk.
  Now we're almost completely weaned off of Windows. The VM's are hardly ever used.
  
  --
  Why is it so hot? Where am I going? What am I doing in this handbasket?
NOD32 Antivirus and NOS32 Remote Administrator by BiggerIsBetter · 2009-06-16 18:04 · Score: 4, Interesting

Do it without the server, and install NOD32 antivirus on the clients, with NOD32 Remote Administrator to manage them. We put this system in recently and it's very very effective. Synchronized our antivirus product and definitions quickly, and reported infections that had slipped past the unmanaged installation on one machine (it hadn't been updated for a while...). No, you don't have to install it on a Windows Server OS (although we did).

--
Forget thrust, drag, lift and weight. Airplanes fly because of money.
Re:the problem is the OS by QuantumG · 2009-06-16 18:05 · Score: 4, Funny

That's sexual harassment. And no, it doesn't matter if you work in the fashion industry.

--
How we know is more important than what we know.
Sophos by nevhan · 2009-06-16 18:11 · Score: 4, Informative

Both my university and workplace (of similar size to yours) use Sophos. They provide a number of centralised management tools, centralised update servers etc. Check them out, www.sophos.com.au.
Kaspersky - Support for Windows & Linux by Swampcritter · 2009-06-16 18:12 · Score: 5, Informative

Kaspersky Enterprise Space Security is comprised of components for the protection of Linux and Windows workstations, file servers and mail systems.

Samba File Servers are also fully supported!

More Information -- http://usa.kaspersky.com/products_services/business/open_space_enterprise.php
Re:ClamWin by Anonymous Coward · 2009-06-16 18:14 · Score: 4, Informative

From clamwin.com website:

Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.
This assumes that the users remember to scan everything before they run.
(I personally do the clamwin thing for my personal machine, haven't found anything yet)
Ill tell you what *not* to use by Anonymous Coward · 2009-06-16 18:14 · Score: 5, Interesting

Im security admin for a fortune 500, posting anonymous coward. Ill tell you what not to use. Don't use Panda. We have it at a european subsidiary, and I have never seen anything so crap. Never.
Now for the advice - Use something you recognise and trial it do death, antivirus detection rates are not so important as product robustness, and console usability. It's no use having something with a 99% detection rate if the 1% it doesnt detect are things like virut and conficker, and the product falls over every time you look at it. Coporate antivirus arent so much about detecting 100% of virus as reliably reporting the viruses they have found, and robustly maintaining communications with the management console so you can deploy updates.
These days no antivirus is really very good, I came to the conclusion a while ago that AV is an obsolete technology. The malware writers are just taking the piss, and Windows can never be virus free.
Start with sensible policies. by Opportunist · 2009-06-16 18:32 · Score: 5, Insightful

Antivirus suits are the last line of defense. Not the first!
The first is the user and sensible usage policies. When people can download and execute arbitrary software and plug in USB sticks at random, you have bigger problems than the choice of your AV.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1. Re:Start with sensible policies. by GF678 · 2009-06-16 18:48 · Score: 4, Insightful
  
  The first is the user and sensible usage policies. When people can download and execute arbitrary software and plug in USB sticks at random, you have bigger problems than the choice of your AV.
  So what would you recommend?
  I don't disagree with you; smart and sensible policies are the best defense. But then again, I service schools, and schools have kids and parents (and teachers) who aren't going to follow the rules, so AV is still necessary. I can't lock down the USB ports (physically or otherwise); I'd have a rebellion on my hands.
  BTW - I'm an engineer by trade, just acting as an IT jockey in the meantime, so I don't know all the best tricks of the trade yet. But it'd be helpful to know. :)
2. Re:Start with sensible policies. by mlts · 2009-06-16 20:46 · Score: 4, Informative
  
  For a school setting, (and this is IMHO, so take it for what its worth), I highly recommend these tried and true protection mechanisms for a lab:
  1: DeepFreeze with the enterprise console to allow updating when the lab is closed to the public or students.
  2: Physical case locks.
  3: BIOS set to disallow booting from anything but the hard disk, and each box set with a different password (the list kept somewhere safe)
  4: An enterprise version of Norton Endpoint Protection configured to delete hacking tools (so someone can't load a popular serial number recovery program and have the organization's volume license keys to Office and other utilities.)
  5: 1-2 cameras on the lab.
  DeepFreeze isn't a silver bullet, but it at least makes people take an effort to bypass, even if they have administrative rights. The best advantage of this setup is that you can give users admin access to install whatever chat programs they use during a session, then a reboot cleans all their crap off.
It depends by Rosco+P.+Coltrane · 2009-06-16 18:36 · Score: 5, Interesting

I "administer" our small business IT infrastructure (well, it's just 10 computers) and our solution was to assess who needs internet access. As it turned out, the boss and the secretary need web, email and access to the accounting software on the remote side of a VPN, and the other guys don't because they use only internal documents. But they do need Windows because we use Windows-only software (SolidWorks and MasterCAM). So I've setup a fast Linux box that's on the internet, that provides web and email access through NX servers and clients (that is, the clients run on the linux box and display on the Windows workstations). USB ports are also disabled on all Windows boxes, and people who really want to see what's in a USB key have to plug it on the Linux box and have the content checked before it's transfered to a Samba share for Windows consumption. Same thing for CDs. None of the Windows boxes ever see the internet.
None of our Windows boxes are patched, updated or fitted with antivirus software, and we're doing just fine. The Windows boxes are super-fast as a result too.
But that's *our* solution. Your mileage may vary, but I think you should make a reasonable assessment of workers' need for internet access. You may be surprised how few actually need it to do their work (IM isn't a valid reason) and you may be able to rearrange your infrastructure to make it very easy and manageable like ours.

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
1. Re:It depends by Rosco+P.+Coltrane · 2009-06-16 19:16 · Score: 4, Interesting
  
  nobody aside from the boss and secretary need email?
  Well, I didn't count myself in :) We're a small firearms manufacture, so the boss and the secretary need email to answer customers, and the boss needs the web to check on the competition (he's not into porn at all, not the type). The secretary doesn't need the web, but I left it for her because she sometimes has no work for hours and she doesn't really like to read. She also does the accounting, so she needs her distributed accounting software client. As for the other guys, they work mostly at the workbench, mounting the guns. They need PCs to consult technical documents such as plans, steel compositions or art drawings, and they also need them to work with 3D models of parts, to feed the milling machine. None of these computers need to be on the internet, they are just glorified document viewers and machining tools.
  As I said, every situation is different. In a software development outfit, the sort of solution we have here wouldn't work at all, but for us it works. The OP says he manages a "small business network": for all I know, it could be a printing shop, or a garage, not necessarily all white collars. That's why I mentioned what we implemented here at my company.
  
  --
  "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
AV-Comparatives Corporate Report by Ralish · 2009-06-16 20:02 · Score: 4, Informative

AV-Comparatives recently released their May 2009 Corporate AV Report, which sounds like it may be right up your alley.
It's fairly large, but reviews a large number of AV products with a corporate focus, contains lots of screenshots, and even grades them on their appropriateness for Small, Medium and Large networks. Sounds like it would definitely be worth a look in your case.