Central Anti-Virus For Small Business?

rduke15 writes "I'm trying to find a centrally managed anti-virus solution for a small business network, which has around 20 Windows XP machines with a Linux server. It is too big to manage each client manually. However, there is no no full-time IT person on site, and no Windows Active Directory server — just Linux with Samba. And the current solution with Symantec Endpoint Protection seems too expensive, and too complex for such a simple need. On the Linux server side, email is handled by amavisd and ClamAV. But the WinXP clients still need a real-time anti-virus for the USB disks they may bring to work, or stuff they download from their personal webmail or other sites. I'm wondering what others may be using in similar situations, and how satisfied they are with it."

We use Nod32

[Mark19960]

It works well, you just need a windows server/workstation to push it to clients and for clients to get updates from.
It's also not very resource hungry.

I think 30 seats was around $1000

Re:We use Nod32

[caubert]

We have 25 computers in the office and also use Nod32. It features a centralized admin GUI, easy to use, effective and no viruses. Try it

Sophos

[nevhan]

Both my university and workplace (of similar size to yours) use Sophos. They provide a number of centralised management tools, centralised update servers etc. Check them out, www.sophos.com.au.

Kaspersky - Support for Windows & Linux

[Swampcritter]

Kaspersky Enterprise Space Security is comprised of components for the protection of Linux and Windows workstations, file servers and mail systems.

Samba File Servers are also fully supported!

More Information -- http://usa.kaspersky.com/products_services/business/open_space_enterprise.php [kaspersky.com]

Re:ClamWin

[Anonymous Coward]

From clamwin.com website:

Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.

This assumes that the users remember to scan everything before they run.
(I personally do the clamwin thing for my personal machine, haven't found anything yet)

Re:AVG

[wgoodman]

In migrating from AVG free to AVG corp, the push never worked and we had to end up manually uninstalling on every workstation before we could push the corp version and have it actually work properly.. if we tried to push the newer version over the free version, it just disabled any sort up updates and made things worse

yes, free should never have been installed in a corp environment, but that's how it was when i was hired.. licensing was the least of my problems by far.

Re:Ill tell you what *not* to use

[wgoodman]

fair enough.. as much is i hated symantec 11, after they finally released several bug fixes and it was able to at least run without crashing a machine, it was quite good as far as disallowing removable drives on a per workstation basis, and reporting anything that was found on any machine. (it was also good about re- hijacking a homepage after a user went to a questionable site that changed the homepage to farmsex.com or what not. a simple "your homepage was highjacked" page was FAR better than the support calls i'd get at 2am about a horse doing something to a midget.)

just saying..

Re:NOD32 Antivirus and NOS32 Remote Administrator

[RudeIota]

NOD32 works fantastically well, although the licenses are comparatively more expensive when compared to some of the competition that's in the 'same league' (Eg. Kaspersky)

I haven't used the remote administrator to manage NOD32 clients (We don't have enough here), but after scanning thousands of PCs, I can vouch for the quality of NOD32. It's anecdotal, but I concur with many of the online results which show NOD32 has near-perfect detection rates and very low false positives. We keep trying different scanners, but NOD32 seems to do the best job.

Re:Start with sensible policies.

[atraintocry]

I haven't used it since I'm in an office but since you mention a school, I hear good things about Windows SteadyState. Maybe for library computers or other kiosk-style machines.

Re:We use Nod32

[JWSmythe]

I hear and find the same thing true with AVG. :) People bring me malware infested machines, so I uninstall AVG and install Avast Home (Free), which takes care of the problems, and protects them in the future.

    I'd highly recommend Avast. It does have a management tool which is what the article is seeking (avast! Distributed Network Manager) [avast.com]. The server is free, but it requires a paid version of their software to use with it. Bulk pricing information is here: http://www.avast.com/eng/pricelist-avast-professional.html [avast.com]

mcafee

[fearlezz]

In my personal experience, I found mcafee asap (mcafeeasap.com) the easiest to use in such a small business. This software has "agents" which report their status back to the mcafeeasap.com website, from which the administrator can monitor all pcs.

This idea is great for small companies. The implementation however had a few problems:
- Over time, I've installed all "agents" at least twice. They just stop working for no reason at random moments
- Some agents 'do' have a reason to stop: they think the license has expired, while it's definitely not.
- And mcafee is bloated + it uses mshtml for every single dialog and even for invisible actions like downloading updates. This eats cpu power.

Re:the problem is the OS

[dna_(c)(tm)(r)]

Thats like saying a house needs to be demolished because theyd like a new door

More like "soon their house will be demolished, better not invest in a new door now".

Within 2 years they probably have to migrate to Vista or Win7 anyway, they also need to buy and maintain AV software, why not invest in something else instead? Or at least look at alternatives and do the maths.

Trend Micro

[clam0]

For our little business of around ~35 people, we use Trend Micro OfficeScan. You need to check out what it costs, but I can tell you it works well here. To uninstall/configure the program on each client there's a central password and every noticed virus gets e-mailed to the sysadmin. The program is very stable too, and doesn't noticeably slow the system down.

Trend OfficeScan

[Lcf34]

After having managed three major products in the past years (EPO + McAfee, Trend OfficeScan, SEP, on various directories ranging from 120 to 6000 boxes) I would definitely vote for Trend.

Re:We use Nod32

[jetole]

I have had to install AV for company and part of my task was figuring out which one was the most effective. Take a look at http://www.av-comparatives.org/ [av-comparatives.org] which is an excellent comparison site for AV products. Avira enterprise always came out on top. They have a enterprise client with centralized management etc etc and it works well. Of coarse I personally dislike windows a ton but it's part of the job. If you want a centrally managed AV solutions keep clamav on the mail server, install clam through squid for web access and disable the cdrom and usb disks in windows. Thats the best you can probably do since just about everything in the windows world costs an arm and a leg.

AV-Comparatives Corporate Report

[Ralish]

AV-Comparatives recently released their May 2009 Corporate AV Report [av-comparatives.org], which sounds like it may be right up your alley.

It's fairly large, but reviews a large number of AV products with a corporate focus, contains lots of screenshots, and even grades them on their appropriateness for Small, Medium and Large networks. Sounds like it would definitely be worth a look in your case.

comodo if you don't have the budget

[Verunks]

Since my company doesn't have the budget, I have tried to find something free but I failed, in the end I installed comodo av which is free, it can't be remotely managed, but it's far better than clamav, I've scheduled an automatic scan at 1pm during launch break, and it does automatic updates too, if you need to administer it remotely just install vnc on each client, 20 aren't that much

Get a proper AD server

[Toreo asesino]

...then use group policies to push out AV updates automatically & lock down the desktops remotely and automatically. Samba is a half-cut replacement for a proper Windows Server when it comes to Windows workstations (sorry samba guys; samba is good, but ultimately lags far behind what it's trying to imitate)

Windows XP is only really so vulnerable to viruses because normally it runs in "everything as root" mode; which, if you had a proper Windows server you could change in seconds (not that you couldn't do this manually, but with AD it's automatic network-wide).

Re:Trend Micro

[InterBigs]

I second that. I've managed a 150 computer network with OfficeScan and it worked terrific. Also it offers a lot of insight in what users are liabilities and whom are not :)

Re:Start with sensible policies.

[mlts]

For a school setting, (and this is IMHO, so take it for what its worth), I highly recommend these tried and true protection mechanisms for a lab:

1: DeepFreeze with the enterprise console to allow updating when the lab is closed to the public or students.
2: Physical case locks.
3: BIOS set to disallow booting from anything but the hard disk, and each box set with a different password (the list kept somewhere safe)
4: An enterprise version of Norton Endpoint Protection configured to delete hacking tools (so someone can't load a popular serial number recovery program and have the organization's volume license keys to Office and other utilities.)
5: 1-2 cameras on the lab.

DeepFreeze isn't a silver bullet, but it at least makes people take an effort to bypass, even if they have administrative rights. The best advantage of this setup is that you can give users admin access to install whatever chat programs they use during a session, then a reboot cleans all their crap off.

Re:Get a proper AD server

[Anonymous Coward]

I have to agree here. 20 systems are more than enough to justify the cost of one Windows 2003 (or 2008) server. The Small Business version might work great for you here. Check prices and do the math.

Heck, it doesn't need to be great. Get a cheap Dell server from Dell Outlet with RAID1 and a couple of SATA drives.

Install active directory. Convert all systems to AD. Why? Because workgroup mode sucks for any kind of centralized support. As an admin (or even a part time admin) you can't guarantee access to the system. And you can easily grant any user access to any particular system. You now have centralized usernames/passwords, instead of 20 different ones.

You can now do the following:
- Have easy central printer queues
- Have easy central file shares with easy to apply security
- Install WSUS on the server. It's a free addon. Poof! Microsoft patch management! (And if you aren't patching your systems, you are likely to get viruses with or without antivirus checkers!) Works well and can't beat the price.
- Group Policy (install/update software, apply software settings, lock down security on all systems, etc.)
- Login scripts (and have install or apply updates to any updates to programs that don't do updates via WSUS and Group Policy, e.g. Firefox, Java, etc.)
- Oh, and yeah, install your antivirus server here too. I'd recommend Nod32 -- fast and the price is cheaper than Trend, Symantec, McAfee. And I haven't had problems with it not catching items. (I've used Avast! and Sunbelt Vipre at home, and like both a lot, but haven't used their centralized server systems, so I can't totally recommend them. But they should probably be on your short list as well.)

After all of this, you can rest easier that the 20 workstations are actually patched, protected, and standardized.

As is, I bet they're a jumbled mess. (I know -- I've had to fix things just like this for clients before.)

Re:We use Nod32

[Anonymous Coward]

i can re-confirm the same. i was sitting pretty with a few trojans for as long as i used avg. the moment i switched over to avast...i was pretty much shocked to see a few trojans detected despite being militant abt cleaning up the system, keeping system up to date, etc. during the time i used avg

Re:Get a proper AD server

[rduke15]

Because workgroup mode sucks for any kind of centralized support.

Of course it does, but Samba works very well as a PDC

centralized usernames/passwords

Works fine with Samba on Linux

- Have easy central printer queues

Can also be done with Samba, but what's the point? All printers are TCP/IP network printers. I never quite understood why people would use print servers for network printers. (Except maybe in huge environments and/or with special printers having a high cost per page)

- Have easy central file shares with easy to apply security

Samba again...

- Install WSUS on the server. It's a free addon. Poof! Microsoft patch management!

As far as I know, that is not very different from automatic updates. But I may be wrong.

- Group Policy (install/update software, apply software settings, lock down security on all systems, etc.)

This definitely seems to be the main reason for Win. server. Application installs and configuration is a pain on 20 machines when you cannot just batch copy directories to the remote machines. I have been wondering for a while if the benefit would be worth the cost of an additional server + the time to learn using it correctly. I don't consider replacing Linux with a Win server, because Linux is just too good and easy to manage for firewall/email/rsync backups/cron jobs/bash and perl script/etc.

- Login scripts (and have install or apply updates to any updates to programs that don't do updates via WSUS and Group Policy, e.g. Firefox, Java, etc.)

Works with Samba

Sorry but I felt there were some misconceptions about Samba which were worth correcting.

Re:We use Nod32

[chapstercni]

A minor point but.... AVG free scans for viruses only. No Malware/Spyware/Etc is scanned/blocked.

I am curious if the malware infested machines people brought to you were running the free version, or the full version of AVG.

I have for years installed and recommended AVG free for viruses, and other software to be used for malware/spyware/etc. I am on the Avast site now, checking out the software- I'll see if I like it. Thanks for the heads up on it.

Re:Kaspersky - Support for Windows & Linux

[swb311]

We've been using the Kaspersky Enterprise Space Security suite for around 3 months and I'm very impressed. It's much better than the McAfee total protection plus we were using originally, and functions flawlessly with Windows workstations, Windows servers, terminal servers, linux servers, mobile devices, etc. However it's exchange anti-spam product sucks. balls.

Re:We use Nod32

[DEmmons]

we switched from AVG to Avast! also - our tiny nonprofit pretty much only considered the free options. I'm the only IT guy on staff and i'd been spending way too much time manually cleaning stuff that got through AVG using tools like Runalyzer and Spybot S&D. I don't remember any viruses getting through Avast! so far, and people bring in infected USB disks all the time (we're in the Philippines). Of course, we switched all workstations to Linux not terribly long after that except for the finance pc that needs to have Quickbooks and MS Office.

the only negative things I can say about Avast! are that the 'virus database has been updated' speech clip is annoying and almost gave my mother-in-law a heart attack once, and that it does make a noticeable impact on the performance on old machines (we actually still have pentium 3 boxes in use with 192mb ram). for a free product it does quite a good job.

Re:Start with sensible policies.

[fostware]

First line of defence?

Group policy (Software restriction policy) disallowing execution of code from anything but the windows (excl %temp%) and program files directory. Including dvd drives.

Closest kids get is embedding applications within Word, or debug modes of VS.

Re:We use Nod32

[bflong]

We did something close to this, actually. We run Linux on all our workstations (with NFS shared home directorys). Then we run VirtualBox with immutable hard drive images. Every time Windows is closed, all the changes made to the system are thrown out. All documents are stored on the server. When new software or updates are needed, the administrator can run the VM with a changeable disk.

Now we're almost completely weaned off of Windows. The VM's are hardly ever used.

Do what the U.S. Navy does.

[Anonymous Coward]

They've disabled ALL USB access, and will terminate your user account if they find logs proving you tried using a USB device. As for AV, it is the users responsibility to keep the governments machines up to date on virus definitions...

Re:Virtualization?

[sexconker]

Not all users need (or should have) the same software.
Not all users have the same preferences for the software they have.

You need 1 image per user. (Not an issue space-wise, but an issue maintenance-wise whenever someone wants something changed, there are updates to the OS/apps, etc.)