Become a fan of Slashdot on Facebook


Forgot your password?

Central Anti-Virus For Small Business? 359

rduke15 writes "I'm trying to find a centrally managed anti-virus solution for a small business network, which has around 20 Windows XP machines with a Linux server. It is too big to manage each client manually. However, there is no no full-time IT person on site, and no Windows Active Directory server — just Linux with Samba. And the current solution with Symantec Endpoint Protection seems too expensive, and too complex for such a simple need. On the Linux server side, email is handled by amavisd and ClamAV. But the WinXP clients still need a real-time anti-virus for the USB disks they may bring to work, or stuff they download from their personal webmail or other sites. I'm wondering what others may be using in similar situations, and how satisfied they are with it."
This discussion has been archived. No new comments can be posted.

Central Anti-Virus For Small Business?

Comments Filter:
  • We use Nod32 (Score:5, Informative)

    by Mark19960 ( 539856 ) <{moc.gnillibyrtnuocwol} {ta} {kraM}> on Wednesday June 17, 2009 @01:59AM (#28358087) Homepage Journal

    It works well, you just need a windows server/workstation to push it to clients and for clients to get updates from.
    It's also not very resource hungry.

    I think 30 seats was around $1000

    • by Ethanol-fueled ( 1125189 ) on Wednesday June 17, 2009 @02:03AM (#28358101) Homepage Journal
      Uh, Linux bro. On all the workstations. That's what you were supposed to say.

      Sheesh. Now if you'll excuse me, I have to boot back into my XP partition so that I may run all of my expensive, legitimate software.
      • Re:We use Nod32 (Score:5, Informative)

        by bflong ( 107195 ) on Wednesday June 17, 2009 @10:12AM (#28361113)

        We did something close to this, actually. We run Linux on all our workstations (with NFS shared home directorys). Then we run VirtualBox with immutable hard drive images. Every time Windows is closed, all the changes made to the system are thrown out. All documents are stored on the server. When new software or updates are needed, the administrator can run the VM with a changeable disk.

        Now we're almost completely weaned off of Windows. The VM's are hardly ever used.

    • Re:We use Nod32 (Score:4, Interesting)

      by Anonymous Coward on Wednesday June 17, 2009 @02:08AM (#28358135)

      I would have to agree with this recommendation.

      I've been installing NOD32 at several sites recently. The Business version of their antivirus/antispyware package does include a Management Console feature.

      You'll end up paying about $39/seat for a 2 year subscription.

      Also, NOD32 just won a Consumer Reports award this year.

    • Re:We use Nod32 (Score:5, Interesting)

      by FRiC ( 416091 ) on Wednesday June 17, 2009 @02:33AM (#28358273) Homepage

      I don't know about other people, but around where I work, the joke is that whichever computer has Nod32 installed, it also has tons of viruses installed. Nod32 never seems to work in real life, eventhough it consistently scores high in reviews and have lots of recommendations.

      (We use avira.)

      • Re:We use Nod32 (Score:5, Informative)

        by JWSmythe ( 446288 ) <jwsmythe@jwsmy[ ].com ['the' in gap]> on Wednesday June 17, 2009 @02:57AM (#28358427) Homepage Journal

        I hear and find the same thing true with AVG. :) People bring me malware infested machines, so I uninstall AVG and install Avast Home (Free), which takes care of the problems, and protects them in the future.

            I'd highly recommend Avast. It does have a management tool which is what the article is seeking (avast! Distributed Network Manager) []. The server is free, but it requires a paid version of their software to use with it. Bulk pricing information is here: []

        • Re:We use Nod32 (Score:4, Interesting)

          by rdnetto ( 955205 ) on Wednesday June 17, 2009 @04:13AM (#28358831)
          I can confirm this. Back when I ran AVG, I thought my system was clean and only downloaded Avast to see what it was like. I was pretty surprised to see how many viruses it found! AVG appears to work, but it doesn't come close to Avast.
        • Re: (Score:3, Interesting)

          by Sabriel ( 134364 )
          While I find Avast itself (Home/Pro) very nice, and reccommend it, my experience early this year with its central management tool was that it was very powerful but a severe pain in the backside to install and administer. Probably fantastic for hardcore sysadmins, but like wrestling with a greased tiger for this little grasshopper. It seriously needs some wizard-fu.
        • Re: (Score:3, Informative)

          by DEmmons ( 1538383 )
          we switched from AVG to Avast! also - our tiny nonprofit pretty much only considered the free options. I'm the only IT guy on staff and i'd been spending way too much time manually cleaning stuff that got through AVG using tools like Runalyzer and Spybot S&D. I don't remember any viruses getting through Avast! so far, and people bring in infected USB disks all the time (we're in the Philippines). Of course, we switched all workstations to Linux not terribly long after that except for the finance pc that
          • Re: (Score:3, Interesting)

            I work for an NGO in the Philippines as well. Similar situation as you - we're a Linux shop almost entirely now, spanning about a hundred machines or so and growing. People complained for the first few weeks, then got over it. Financially we drag in 8 or 9 digits a year (in Peso), though given our customers are in a situation where they need food, right the hell now, we tend not to have a whole lot left over for the IT budget. I'm ok with this. However! And you should take note. Whenever we use commercial s

      • Re:We use Nod32 (Score:5, Interesting)

        by LodCrappo ( 705968 ) on Wednesday June 17, 2009 @03:16AM (#28358535) Homepage

        a couple years ago i worked at a company the used NOD32 and they were often bringing infected machines in to the IT dept despite the software being updated and supposedly working. now I work at a company that used symantec, and they were often bringing infected machines in to the IT dept despite the software being updated and supposedly working. One of my current coworkers used to work at place where they used Panda. They were often bringing infected machines in to the IT dept despite the software being updated and supposedly working.


      • I've had just the opposite experience with Nod32 at my day job. It's picked up things some of the bigger players (McCaffee, Norton/Symantec) couldn't find. It's also been incredibly easy to manage. That said, I use Avira at my home based business and it's worked out really well for me. I've never tried to centrally manage it.
      • Re: (Score:2, Informative)

        by jetole ( 1242490 )
        I have had to install AV for company and part of my task was figuring out which one was the most effective. Take a look at [] which is an excellent comparison site for AV products. Avira enterprise always came out on top. They have a enterprise client with centralized management etc etc and it works well. Of coarse I personally dislike windows a ton but it's part of the job. If you want a centrally managed AV solutions keep clamav on the mail server, install clam through squid f
      • I ran a shop for 2 years with NOD32 with practically no infections and very little maintenance. Prior to NOD32 we used Symantec corporate version and had 1 or 2 outbreaks a year.

        No AV is invulnerable but NOD32 does a fine job of preventing most infections. It also is the least resource intensive product out there and will not noticeably slow your PCs. It's hooks into the TCP/IP stack go a long way in preventing web distributed malware. So far, it is NOT bloatware and I believe Eset prides themselves on

    • Another vote for NOD32. We use Shitmantec Corporate right now, and I am counting the days untill our updates expire so we can switch.

      Aloso, the price we were quoited is only a few dollars per client higher than just RENEWING Symantec.

  • by BabaChazz ( 917957 ) on Wednesday June 17, 2009 @02:04AM (#28358113)
    At least, we do at the school. That's a 50-station network, and amounts to about $10 a year per station after the educational discount. $20/year per station without, but you get cut rates for longer terms. I'm quite happy with Avast. At the business (20 stations, no AD when it was installed aeons ago) we used Trend Micro ServerProtect, which is no longer supported. That one was $800/25 stations flat fee and is still being updated. Neither one of those needs an AD server for its console, though they are both Windows based.
  • by BiggerIsBetter ( 682164 ) on Wednesday June 17, 2009 @02:04AM (#28358115)

    Do it without the server, and install NOD32 antivirus on the clients, with NOD32 Remote Administrator to manage them. We put this system in recently and it's very very effective. Synchronized our antivirus product and definitions quickly, and reported infections that had slipped past the unmanaged installation on one machine (it hadn't been updated for a while...). No, you don't have to install it on a Windows Server OS (although we did).

    • by RudeIota ( 1131331 ) on Wednesday June 17, 2009 @02:53AM (#28358407) Homepage
      NOD32 works fantastically well, although the licenses are comparatively more expensive when compared to some of the competition that's in the 'same league' (Eg. Kaspersky)

      I haven't used the remote administrator to manage NOD32 clients (We don't have enough here), but after scanning thousands of PCs, I can vouch for the quality of NOD32. It's anecdotal, but I concur with many of the online results which show NOD32 has near-perfect detection rates and very low false positives. We keep trying different scanners, but NOD32 seems to do the best job.
  • Sophos (Score:4, Informative)

    by nevhan ( 1422601 ) on Wednesday June 17, 2009 @02:11AM (#28358151)
    Both my university and workplace (of similar size to yours) use Sophos. They provide a number of centralised management tools, centralised update servers etc. Check them out,
  • by Swampcritter ( 1165207 ) on Wednesday June 17, 2009 @02:12AM (#28358155)
    Kaspersky Enterprise Space Security is comprised of components for the protection of Linux and Windows workstations, file servers and mail systems.

    Samba File Servers are also fully supported!

    More Information -- []
  • by Anonymous Coward on Wednesday June 17, 2009 @02:14AM (#28358165)

    Im security admin for a fortune 500, posting anonymous coward. Ill tell you what not to use. Don't use Panda. We have it at a european subsidiary, and I have never seen anything so crap. Never.
    Now for the advice - Use something you recognise and trial it do death, antivirus detection rates are not so important as product robustness, and console usability. It's no use having something with a 99% detection rate if the 1% it doesnt detect are things like virut and conficker, and the product falls over every time you look at it. Coporate antivirus arent so much about detecting 100% of virus as reliably reporting the viruses they have found, and robustly maintaining communications with the management console so you can deploy updates.
    These days no antivirus is really very good, I came to the conclusion a while ago that AV is an obsolete technology. The malware writers are just taking the piss, and Windows can never be virus free.

    • Re: (Score:2, Informative)

      by wgoodman ( 1109297 )
      fair enough.. as much is i hated symantec 11, after they finally released several bug fixes and it was able to at least run without crashing a machine, it was quite good as far as disallowing removable drives on a per workstation basis, and reporting anything that was found on any machine. (it was also good about re- hijacking a homepage after a user went to a questionable site that changed the homepage to or what not. a simple "your homepage was highjacked" page was FAR better than the suppor
      • by mlts ( 1038732 ) *

        I agree with you completely here. After Symantec fixed some CPU issues with earlier versions of Symantec Endpoint Protection, I highly recommend it. For something lighter weight, either VIPRE from Sunbelt Software, or Avast! have done well for me.

        Buying Antivirus protection does two things. The first is obvious... it mitigates a potential compromise. The second is that it provides legal CYA. Should a box get infected, there is a less chance people (like shareholders) would sue if it has a decent [1] AV

  • How about HAVP? [] Scans all your traffic in and out. It won't stop the bug catching a ride on a USB stick until it actually hits the wire, but heckuva thing being able to monitor the pipe from a single seat. Also available as a PFSense package. []
  • by Opportunist ( 166417 ) on Wednesday June 17, 2009 @02:32AM (#28358263)

    Antivirus suits are the last line of defense. Not the first!

    The first is the user and sensible usage policies. When people can download and execute arbitrary software and plug in USB sticks at random, you have bigger problems than the choice of your AV.

    • by GF678 ( 1453005 ) on Wednesday June 17, 2009 @02:48AM (#28358369)

      The first is the user and sensible usage policies. When people can download and execute arbitrary software and plug in USB sticks at random, you have bigger problems than the choice of your AV.

      So what would you recommend?

      I don't disagree with you; smart and sensible policies are the best defense. But then again, I service schools, and schools have kids and parents (and teachers) who aren't going to follow the rules, so AV is still necessary. I can't lock down the USB ports (physically or otherwise); I'd have a rebellion on my hands.

      BTW - I'm an engineer by trade, just acting as an IT jockey in the meantime, so I don't know all the best tricks of the trade yet. But it'd be helpful to know. :)

      • Re: (Score:3, Informative)

        I haven't used it since I'm in an office but since you mention a school, I hear good things about Windows SteadyState. Maybe for library computers or other kiosk-style machines.

        • by mlts ( 1038732 ) * on Wednesday June 17, 2009 @04:46AM (#28358965)

          For a school setting, (and this is IMHO, so take it for what its worth), I highly recommend these tried and true protection mechanisms for a lab:

          1: DeepFreeze with the enterprise console to allow updating when the lab is closed to the public or students.
          2: Physical case locks.
          3: BIOS set to disallow booting from anything but the hard disk, and each box set with a different password (the list kept somewhere safe)
          4: An enterprise version of Norton Endpoint Protection configured to delete hacking tools (so someone can't load a popular serial number recovery program and have the organization's volume license keys to Office and other utilities.)
          5: 1-2 cameras on the lab.

          DeepFreeze isn't a silver bullet, but it at least makes people take an effort to bypass, even if they have administrative rights. The best advantage of this setup is that you can give users admin access to install whatever chat programs they use during a session, then a reboot cleans all their crap off.

      • Since I don't know the company in question, I cannot make sensible recommendations. If there are valid and good reasons why it's necessary to have access toe USB ports and data exchange through them, I can't ask to lock down access to them, which I would if it isn't a requirement... etc.

        Also, I do not recommend not using an AV suit. In an environment with multiple users and lots of data exchange it's pretty much a necessity, if you ask me. I only say it's the last line of defense in the arsenal. Security is

        • by GF678 ( 1453005 )

          Schools are a tricky environment, I give you that. You can basically forget about usage policies, you can't really sensibly enforce them. Why is locking down USB ports not an option?

          I guess it's mainly because USB drives are seen as the modern equivalent of floppy disks. People might want to work on documents at home, or take data from home to use on school computers. In these cases it might be preferable to just throw the USB drive in and copy things across, rather than resort with emailing yourself the fi

      • by fostware ( 551290 ) on Wednesday June 17, 2009 @09:56AM (#28360945) Homepage

        First line of defence?

        Group policy (Software restriction policy) disallowing execution of code from anything but the windows (excl %temp%) and program files directory. Including dvd drives.

        Closest kids get is embedding applications within Word, or debug modes of VS.

    • by mwvdlee ( 775178 )

      When people can download and execute arbitrary software and plug in USB sticks at random, you have bigger problems than the choice of your AV.

      So what policy would you advice for organisations where people need to be able to download and execute arbitrary software in order to get their work done?

      • i'm genuinely interested.. what type of organization has this need? executing arbitrary software? seems unsupportable.

      • by drsmithy ( 35869 )

        So what policy would you advice for organisations where people need to be able to download and execute arbitrary software in order to get their work done?

        Throwaway VMWare machines and brutally restrictive firewalling.

      • If you're responsible for system security in such an environment, the best policy would probably be to study the classifieds and get a new job.

        But let's take up the challenge. Is virtualization an option? Do the users need administrator privileges to run the software? How much money is available?

    • I'm all with you but it isn't exactly that easy. Some software packages to this day still require root access to the local machine even though the domain user is restricted and it is designed to run on a domain. QuickBooks used to be really bad with that but I don't think it is anymore. You also have the problem with approved sites being compromised [] and using browser exploits to defeat security limitations. []

      You also have the problem of some sites that don't even have a full time sysadmin. It's difficult to r

    • by dbIII ( 701233 )
      People do that sort of crap and you can either have a pointless HR policy to point the finger at them after they do it or just assume that they will and plan accordingly. The new guy will forget the annoying lecture and plug his phone/mp3 player/usb vibrator into any socket that looks like it will recharge it without caring. We wanted a generation that was comfortable with new technology and we got one that is incredibly casual about it, so we need to assume that most security policies are going to be ign
    • Re: (Score:3, Insightful)

      True, true. However, there is one flaw in that argument, which is one that I used all the time: corner office syndrome. People who have "rank" and are things like "President of such-and-such" seem to think they are immune to policy. We had one who signed (I was a witness) the official PC and computer use policy agreement, where it said that not following directives would result in penalties, up to and including termination of employment. He was the President of the company and answered literally to only two
    • by klubar ( 591384 )
      I agree that sensible polices can avoid most viruses. Some policies can be enforce automatically, and others by management. Top of the list, is not to allow anyone to run as administrator on their machine. By now, all the software runs as a regular user--and giving employees administrator rights is just silly. Also on the list, is prohibiting employees from downloading or installing software--decide on a standard build and stick with it for everyone.

      Group policies (even without a domain controller) are
  • It depends (Score:5, Interesting)

    by Rosco P. Coltrane ( 209368 ) on Wednesday June 17, 2009 @02:36AM (#28358295)

    I "administer" our small business IT infrastructure (well, it's just 10 computers) and our solution was to assess who needs internet access. As it turned out, the boss and the secretary need web, email and access to the accounting software on the remote side of a VPN, and the other guys don't because they use only internal documents. But they do need Windows because we use Windows-only software (SolidWorks and MasterCAM). So I've setup a fast Linux box that's on the internet, that provides web and email access through NX servers and clients [] (that is, the clients run on the linux box and display on the Windows workstations). USB ports are also disabled on all Windows boxes, and people who really want to see what's in a USB key have to plug it on the Linux box and have the content checked before it's transfered to a Samba share for Windows consumption. Same thing for CDs. None of the Windows boxes ever see the internet.

    None of our Windows boxes are patched, updated or fitted with antivirus software, and we're doing just fine. The Windows boxes are super-fast as a result too.

    But that's *our* solution. Your mileage may vary, but I think you should make a reasonable assessment of workers' need for internet access. You may be surprised how few actually need it to do their work (IM isn't a valid reason) and you may be able to rearrange your infrastructure to make it very easy and manageable like ours.

  • One proposal (Score:4, Insightful)

    by freedom_india ( 780002 ) on Wednesday June 17, 2009 @02:44AM (#28358339) Homepage Journal

    1) You need an anti-virus solution in the Linux box. Assuming that is your only gateway to the external internet, putting up a anti-virus enabled firewall and stopping unwanted protocols is enough to filter out most stuff.
    2) Disable USB and DVD drives on every PC. Physically. Period.
    Its cheap and fast.

  • I have AVG 8.5 on our workstations, it's about 30 of them now. Regular AVG, not Internet Security. But the Network Edition, which has a management console. My guess is that as long as you have something you can't really go wrong. AVG works fine for me. The weird thing is that you can usually deploy AVG for the first time without rebooting the station, but every so often there will be a program update to AVG that needs a reboot to take effect.

    It's about about $25 a seat I think. I've only ever bought 1 year

  • We use bit defender, but it gives me the shi^s.
    You manage all the client via an MMC snap in, but like other MMC snap ins, it just doesn't really work that well.
    eg. The computer names get mangled when DHCP reassigns, so you need to view clients by IP rather than name, but the mangled name is the only reference in the reports.
    Everything is done by assigning policies, but there is no easy way to see what clients licenses have expired.

    I intend to change to something else when licencing comes up again.

  • mcafee (Score:3, Informative)

    by fearlezz ( 594718 ) on Wednesday June 17, 2009 @03:07AM (#28358491) Homepage

    In my personal experience, I found mcafee asap ( the easiest to use in such a small business. This software has "agents" which report their status back to the website, from which the administrator can monitor all pcs.

    This idea is great for small companies. The implementation however had a few problems:
    - Over time, I've installed all "agents" at least twice. They just stop working for no reason at random moments
    - Some agents 'do' have a reason to stop: they think the license has expired, while it's definitely not.
    - And mcafee is bloated + it uses mshtml for every single dialog and even for invisible actions like downloading updates. This eats cpu power.

  • Trend Micro (Score:2, Informative)

    by clam0 ( 1527499 )
    For our little business of around ~35 people, we use Trend Micro OfficeScan. You need to check out what it costs, but I can tell you it works well here. To uninstall/configure the program on each client there's a central password and every noticed virus gets e-mailed to the sysadmin. The program is very stable too, and doesn't noticeably slow the system down.
    • Re: (Score:2, Informative)

      by InterBigs ( 780612 )
      I second that. I've managed a 150 computer network with OfficeScan and it worked terrific. Also it offers a lot of insight in what users are liabilities and whom are not :)
    • Ditto for Trend here, we've not had any serious problems with viruses for a few years now.

  • Trend OfficeScan (Score:2, Informative)

    by Lcf34 ( 715209 )
    After having managed three major products in the past years (EPO + McAfee, Trend OfficeScan, SEP, on various directories ranging from 120 to 6000 boxes) I would definitely vote for Trend.
  • Where I used to work there was nod32, and scheduled clamAV scans was the 1-2 combo. Techs would again use a further package for troubleshooting only (I will decline to name, the EULA didn't allow this use). Most AV packages seem to let some infections through, it's a given in the security world, but it spooked me how prevalent it was. The solution was to use two, thus what defeats a major package will be picked up on by the alternative.

    confirm nod32 sucks balls in real work (Y/N): Y

    ClamAV was good at
  • Never McAfee (Score:4, Insightful)

    by dltaylor ( 7510 ) on Wednesday June 17, 2009 @03:57AM (#28358751)

    McAfee is horrendously insidious. Should you ever want to use a different product, it is damn near impossible to remove. After the IT guy at a job spent 7 hours trying to get rid of it (he did, mostly) when they switched to Kaspersky, I spent another three with regedit and a few Cygwin tools hunting down the rest. I think I got it all, since Outlook has finally quit trying to use it.

    Avoid it like the plague.

  • by Ralish ( 775196 ) <<ten.moixen> <ta> <lds>> on Wednesday June 17, 2009 @04:02AM (#28358779) Homepage

    AV-Comparatives recently released their May 2009 Corporate AV Report [], which sounds like it may be right up your alley.

    It's fairly large, but reviews a large number of AV products with a corporate focus, contains lots of screenshots, and even grades them on their appropriateness for Small, Medium and Large networks. Sounds like it would definitely be worth a look in your case.

  • by Verunks ( 1000826 ) on Wednesday June 17, 2009 @04:12AM (#28358825)
    Since my company doesn't have the budget, I have tried to find something free but I failed, in the end I installed comodo av which is free, it can't be remotely managed, but it's far better than clamav, I've scheduled an automatic scan at 1pm during launch break, and it does automatic updates too, if you need to administer it remotely just install vnc on each client, 20 aren't that much
  • OK, first let me explain my assumptions, based largely on what you've said in the summary:

    1. Only 20 or so PCs, no full-time admin.

    It's probably a small company, so there's a strong chance that individual staff don't have roles sufficiently specialised that you can simply disable removeable media and block internet access to 90% of staff. Even if you did that, one of the other 10% would probably let something in and as soon as they do everyone else is vulnerable because there's no AV.

    2. Need centralised

  • by Toreo asesino ( 951231 ) on Wednesday June 17, 2009 @04:21AM (#28358855) Journal

    ...then use group policies to push out AV updates automatically & lock down the desktops remotely and automatically. Samba is a half-cut replacement for a proper Windows Server when it comes to Windows workstations (sorry samba guys; samba is good, but ultimately lags far behind what it's trying to imitate)

    Windows XP is only really so vulnerable to viruses because normally it runs in "everything as root" mode; which, if you had a proper Windows server you could change in seconds (not that you couldn't do this manually, but with AD it's automatic network-wide).

  • Perl (Score:3, Interesting)

    by Krneki ( 1192201 ) on Wednesday June 17, 2009 @06:59AM (#28359565)
    Perl scripting is the answer. Install a free anti-virus, and setup a script checking. Check the anti-virus files and registry entry. You can get all the information you need, program virus version, database version, and use a central server to store the logs. Using scripts you can force anti-virus updates and restart. I have a lot of experience with Trend Micro and all the anti-virus parts are daily checked with Perl scripts (during the night), to make sure the clients behave.
  • With twenty machines, I'm going to go out on a limb and say don't! You have a large enough user base that you should use a hard disk image backup system, yet a small enough base that the infections would be manageable. Since your primary server isn't windows you may want to set up your network so each user workstation cannot connect to the others, then let them be on their way. The CPU usage of constant disk scanning is a drag on the user's machine. Weighed 20 of them versus the time for you to recreate an

  • Where I used to work we had about 400 employees and workstations for each, along with about 6 Linux servers, and a smattering of Win2003 for things here and there. We eventually went with Sophos and their Enterprise Manager software. Centrally administratable, auto updating, pretty much "set and forget." Still expensive, but well worth the initial setup.

"It takes all sorts of in & out-door schooling to get adapted to my kind of fooling" - R. Frost