Central Anti-Virus For Small Business? 359
rduke15 writes "I'm trying to find a centrally managed anti-virus solution for a small business network, which has around 20 Windows XP machines with a Linux server. It is too big to manage each client manually. However, there is no no full-time IT person on site, and no Windows Active Directory server — just Linux with Samba. And the current solution with Symantec Endpoint Protection seems too expensive, and too complex for such a simple need. On the Linux server side, email is handled by amavisd and ClamAV. But the WinXP clients still need a real-time anti-virus for the USB disks they may bring to work, or stuff they download from their personal webmail or other sites. I'm wondering what others may be using in similar situations, and how satisfied they are with it."
We use Nod32 (Score:5, Informative)
It works well, you just need a windows server/workstation to push it to clients and for clients to get updates from.
It's also not very resource hungry.
I think 30 seats was around $1000
Re:We use Nod32 (Score:5, Funny)
Sheesh. Now if you'll excuse me, I have to boot back into my XP partition so that I may run all of my expensive, legitimate software.
Re:We use Nod32 (Score:5, Informative)
We did something close to this, actually. We run Linux on all our workstations (with NFS shared home directorys). Then we run VirtualBox with immutable hard drive images. Every time Windows is closed, all the changes made to the system are thrown out. All documents are stored on the server. When new software or updates are needed, the administrator can run the VM with a changeable disk.
Now we're almost completely weaned off of Windows. The VM's are hardly ever used.
Re:We use Nod32 (Score:4, Interesting)
I would have to agree with this recommendation.
I've been installing NOD32 at several sites recently. The Business version of their antivirus/antispyware package does include a Management Console feature.
You'll end up paying about $39/seat for a 2 year subscription.
Also, NOD32 just won a Consumer Reports award this year.
Re:We use Nod32 (Score:5, Interesting)
I don't know about other people, but around where I work, the joke is that whichever computer has Nod32 installed, it also has tons of viruses installed. Nod32 never seems to work in real life, eventhough it consistently scores high in reviews and have lots of recommendations.
(We use avira.)
Re:We use Nod32 (Score:5, Informative)
I hear and find the same thing true with AVG. :) People bring me malware infested machines, so I uninstall AVG and install Avast Home (Free), which takes care of the problems, and protects them in the future.
I'd highly recommend Avast. It does have a management tool which is what the article is seeking (avast! Distributed Network Manager) [avast.com]. The server is free, but it requires a paid version of their software to use with it. Bulk pricing information is here: http://www.avast.com/eng/pricelist-avast-professional.html [avast.com]
Re:We use Nod32 (Score:4, Interesting)
Re:We use Nod32 (Score:5, Interesting)
AV is inherently a flawed idea... As you've found out, not every AV picks up every *known* piece of malware, and none of them will pick up new malware that has only just been developed (and people are developing new stuff all the time)...
Take some of the files that avast found and upload them to virustotal.com, and see just how many other AV products don't find it... You will also find that there is plenty of other malware out there which avast won't find... Anything that's missed by both avast and avg could potentially still be sitting on your machine.
Also, malware authors don't just sit still, malware is big business and the people writing it are constantly looking for new ways to avoid detection, and that often involves specifically targeting the most popular types of AV in order to find effective ways to bypass them. AV by it's very nature will always be one step behind the authors of malware... AV will always just be a low hanging fruit exercise, it will never be able to get anything...
The only place i use AV is on my email server, not because i'm especially concerned about the actual malware itself, but because malware detection works as another method to remove some unwanted junk mail.
Re: (Score:2)
i consider avast only for protection from viruses, and recommend MalwareBytes [malwarebytes.org] for protection from malware.
i've found that considering malware, spyware and viruses 3 different animals, and using different software to attack each type is the best defense solution. i recommend SuperAntiSpyware [superantispyware.com] as well.
Re: (Score:3, Interesting)
AV is inherently a flawed idea... As you've found out, not every AV picks up every *known* piece of malware, and none of them will pick up new malware that has only just been developed (and people are developing new stuff all the time)...
That's one reason why application whitelisting would work better. Only allow "good" known apps with a valid signature or saved CRC of some sort are allowed to execute. Any unknown apps either get canned, or request the user's permission to run -- these unknown apps can be added to the whitelist by the user.
Of course, you still have to worry about security flaws in the "good" apps allowing remote execution / etc so then you'd want to combine the whitelisting with some sort of sandboxing / limiting priv
Re: (Score:3, Interesting)
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
Re:We use Nod32 (Score:5, Interesting)
a couple years ago i worked at a company the used NOD32 and they were often bringing infected machines in to the IT dept despite the software being updated and supposedly working. now I work at a company that used symantec, and they were often bringing infected machines in to the IT dept despite the software being updated and supposedly working. One of my current coworkers used to work at place where they used Panda. They were often bringing infected machines in to the IT dept despite the software being updated and supposedly working.
WTF?
Re:We use Nod32 (Score:5, Funny)
Re: (Score:2)
Anytime new virus appears, there is lag before it is discovered, lag before it is dissected and lag before updates reach machines. There is zero chance that any AV will protect anyone from brand new virus (heuristics still being in "nice try" stage).
There is just no way around it.
AVs do not really protect you from bleeding edge attacks, they just make you feel fuzzy and safe while keeping you safe from threats that have already passed.
Re:We use Nod32 (Score:5, Insightful)
heuristics won't help either, malware authors will have pirate copies of all the latest av products and will tweak their malware until the heuristics no longer detect it before they start deploying it.
Re: (Score:2)
Re: (Score:2, Informative)
Re: (Score:2)
I ran a shop for 2 years with NOD32 with practically no infections and very little maintenance. Prior to NOD32 we used Symantec corporate version and had 1 or 2 outbreaks a year.
No AV is invulnerable but NOD32 does a fine job of preventing most infections. It also is the least resource intensive product out there and will not noticeably slow your PCs. It's hooks into the TCP/IP stack go a long way in preventing web distributed malware. So far, it is NOT bloatware and I believe Eset prides themselves on
Re: (Score:2)
Another vote for NOD32. We use Shitmantec Corporate right now, and I am counting the days untill our updates expire so we can switch.
Aloso, the price we were quoited is only a few dollars per client higher than just RENEWING Symantec.
We use Avast Corporate (Score:3, Interesting)
NOD32 Antivirus and NOS32 Remote Administrator (Score:5, Interesting)
Do it without the server, and install NOD32 antivirus on the clients, with NOD32 Remote Administrator to manage them. We put this system in recently and it's very very effective. Synchronized our antivirus product and definitions quickly, and reported infections that had slipped past the unmanaged installation on one machine (it hadn't been updated for a while...). No, you don't have to install it on a Windows Server OS (although we did).
Re:NOD32 Antivirus and NOS32 Remote Administrator (Score:4, Informative)
I haven't used the remote administrator to manage NOD32 clients (We don't have enough here), but after scanning thousands of PCs, I can vouch for the quality of NOD32. It's anecdotal, but I concur with many of the online results which show NOD32 has near-perfect detection rates and very low false positives. We keep trying different scanners, but NOD32 seems to do the best job.
Re: (Score:3, Insightful)
Suggesting: don"t use MS Windows.
Yes, and don't venture into the outer world either... You'll obtain the swine consumption.
Sophos (Score:4, Informative)
Kaspersky - Support for Windows & Linux (Score:5, Informative)
Samba File Servers are also fully supported!
More Information -- http://usa.kaspersky.com/products_services/business/open_space_enterprise.php [kaspersky.com]
Ill tell you what *not* to use (Score:5, Interesting)
Im security admin for a fortune 500, posting anonymous coward. Ill tell you what not to use. Don't use Panda. We have it at a european subsidiary, and I have never seen anything so crap. Never.
Now for the advice - Use something you recognise and trial it do death, antivirus detection rates are not so important as product robustness, and console usability. It's no use having something with a 99% detection rate if the 1% it doesnt detect are things like virut and conficker, and the product falls over every time you look at it. Coporate antivirus arent so much about detecting 100% of virus as reliably reporting the viruses they have found, and robustly maintaining communications with the management console so you can deploy updates.
These days no antivirus is really very good, I came to the conclusion a while ago that AV is an obsolete technology. The malware writers are just taking the piss, and Windows can never be virus free.
Re: (Score:2, Informative)
Re: (Score:2)
I agree with you completely here. After Symantec fixed some CPU issues with earlier versions of Symantec Endpoint Protection, I highly recommend it. For something lighter weight, either VIPRE from Sunbelt Software, or Avast! have done well for me.
Buying Antivirus protection does two things. The first is obvious... it mitigates a potential compromise. The second is that it provides legal CYA. Should a box get infected, there is a less chance people (like shareholders) would sue if it has a decent [1] AV
HAVP (Score:2)
Start with sensible policies. (Score:5, Insightful)
Antivirus suits are the last line of defense. Not the first!
The first is the user and sensible usage policies. When people can download and execute arbitrary software and plug in USB sticks at random, you have bigger problems than the choice of your AV.
Re:Start with sensible policies. (Score:5, Insightful)
So what would you recommend?
I don't disagree with you; smart and sensible policies are the best defense. But then again, I service schools, and schools have kids and parents (and teachers) who aren't going to follow the rules, so AV is still necessary. I can't lock down the USB ports (physically or otherwise); I'd have a rebellion on my hands.
BTW - I'm an engineer by trade, just acting as an IT jockey in the meantime, so I don't know all the best tricks of the trade yet. But it'd be helpful to know. :)
Re: (Score:3, Informative)
I haven't used it since I'm in an office but since you mention a school, I hear good things about Windows SteadyState. Maybe for library computers or other kiosk-style machines.
Re:Start with sensible policies. (Score:5, Informative)
For a school setting, (and this is IMHO, so take it for what its worth), I highly recommend these tried and true protection mechanisms for a lab:
1: DeepFreeze with the enterprise console to allow updating when the lab is closed to the public or students.
2: Physical case locks.
3: BIOS set to disallow booting from anything but the hard disk, and each box set with a different password (the list kept somewhere safe)
4: An enterprise version of Norton Endpoint Protection configured to delete hacking tools (so someone can't load a popular serial number recovery program and have the organization's volume license keys to Office and other utilities.)
5: 1-2 cameras on the lab.
DeepFreeze isn't a silver bullet, but it at least makes people take an effort to bypass, even if they have administrative rights. The best advantage of this setup is that you can give users admin access to install whatever chat programs they use during a session, then a reboot cleans all their crap off.
Re: (Score:2)
Since I don't know the company in question, I cannot make sensible recommendations. If there are valid and good reasons why it's necessary to have access toe USB ports and data exchange through them, I can't ask to lock down access to them, which I would if it isn't a requirement... etc.
Also, I do not recommend not using an AV suit. In an environment with multiple users and lots of data exchange it's pretty much a necessity, if you ask me. I only say it's the last line of defense in the arsenal. Security is
Re: (Score:2)
I guess it's mainly because USB drives are seen as the modern equivalent of floppy disks. People might want to work on documents at home, or take data from home to use on school computers. In these cases it might be preferable to just throw the USB drive in and copy things across, rather than resort with emailing yourself the fi
Re:Start with sensible policies. (Score:4, Informative)
First line of defence?
Group policy (Software restriction policy) disallowing execution of code from anything but the windows (excl %temp%) and program files directory. Including dvd drives.
Closest kids get is embedding applications within Word, or debug modes of VS.
Re: (Score:2)
When people can download and execute arbitrary software and plug in USB sticks at random, you have bigger problems than the choice of your AV.
So what policy would you advice for organisations where people need to be able to download and execute arbitrary software in order to get their work done?
Re: (Score:2)
i'm genuinely interested.. what type of organization has this need? executing arbitrary software? seems unsupportable.
Re: (Score:2)
So what policy would you advice for organisations where people need to be able to download and execute arbitrary software in order to get their work done?
Throwaway VMWare machines and brutally restrictive firewalling.
Re: (Score:2)
If you're responsible for system security in such an environment, the best policy would probably be to study the classifieds and get a new job.
But let's take up the challenge. Is virtualization an option? Do the users need administrator privileges to run the software? How much money is available?
Re: (Score:2)
I'm all with you but it isn't exactly that easy. Some software packages to this day still require root access to the local machine even though the domain user is restricted and it is designed to run on a domain. QuickBooks used to be really bad with that but I don't think it is anymore. You also have the problem with approved sites being compromised [techworld.com] and using browser exploits to defeat security limitations. [apcmag.com]
You also have the problem of some sites that don't even have a full time sysadmin. It's difficult to r
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
Group policies (even without a domain controller) are
It depends (Score:5, Interesting)
I "administer" our small business IT infrastructure (well, it's just 10 computers) and our solution was to assess who needs internet access. As it turned out, the boss and the secretary need web, email and access to the accounting software on the remote side of a VPN, and the other guys don't because they use only internal documents. But they do need Windows because we use Windows-only software (SolidWorks and MasterCAM). So I've setup a fast Linux box that's on the internet, that provides web and email access through NX servers and clients [nomachine.com] (that is, the clients run on the linux box and display on the Windows workstations). USB ports are also disabled on all Windows boxes, and people who really want to see what's in a USB key have to plug it on the Linux box and have the content checked before it's transfered to a Samba share for Windows consumption. Same thing for CDs. None of the Windows boxes ever see the internet.
None of our Windows boxes are patched, updated or fitted with antivirus software, and we're doing just fine. The Windows boxes are super-fast as a result too.
But that's *our* solution. Your mileage may vary, but I think you should make a reasonable assessment of workers' need for internet access. You may be surprised how few actually need it to do their work (IM isn't a valid reason) and you may be able to rearrange your infrastructure to make it very easy and manageable like ours.
Re:It depends (Score:5, Interesting)
nobody aside from the boss and secretary need email?
Well, I didn't count myself in :) We're a small firearms manufacture, so the boss and the secretary need email to answer customers, and the boss needs the web to check on the competition (he's not into porn at all, not the type). The secretary doesn't need the web, but I left it for her because she sometimes has no work for hours and she doesn't really like to read. She also does the accounting, so she needs her distributed accounting software client. As for the other guys, they work mostly at the workbench, mounting the guns. They need PCs to consult technical documents such as plans, steel compositions or art drawings, and they also need them to work with 3D models of parts, to feed the milling machine. None of these computers need to be on the internet, they are just glorified document viewers and machining tools.
As I said, every situation is different. In a software development outfit, the sort of solution we have here wouldn't work at all, but for us it works. The OP says he manages a "small business network": for all I know, it could be a printing shop, or a garage, not necessarily all white collars. That's why I mentioned what we implemented here at my company.
Re: (Score:2, Funny)
(he's not into porn at all, not the type)
So, your company runs Eunuchs?
One proposal (Score:4, Insightful)
1) You need an anti-virus solution in the Linux box. Assuming that is your only gateway to the external internet, putting up a anti-virus enabled firewall and stopping unwanted protocols is enough to filter out most stuff.
2) Disable USB and DVD drives on every PC. Physically. Period.
Its cheap and fast.
Re: (Score:3, Insightful)
Usability != USB Drives.
In most of the corporates i have worked for, my USB ports have been disabled and my DVD drive missing.
I didn't feel least constricted, if that is what you mean.
If i needed a software, i had to follow the stupid process, but i did not miss a USB drive or a DVD drive for work.
Minimalist physical configurations leave you less worrying about issues.
You are probably too young and inexperienced in the corporate world. That's why you seem to equate USB with PSU.
Re: (Score:2)
It didn't go over my head as you imply.
Am just saying the ground reality is not what you think.
Corporates have PCs whose USB ports are disabled, DVD disconnected and system literally locked (with a MasterLock).
Re: (Score:2)
All True.
Absolutely true and good.
BUT, who said corporate IT's were sensible???
My ex-employer had a corporate IT policy: Any complaint you make about your PC: whether it is Word not working or disk errors, their solution was simple: Wipe and Reimage.
Much like cutting off your head because you have a running nose and an earache: No head, No Complaints!
Corporates love those public kiosk machines: Absolute control.
Hell, one bank i worked for didn't even allow IE to store cookies! Policy.
Re: (Score:2)
No offense taken.
I have seen my share of IT policies and policy makers.
I don't judge them nowadays: just accept the situation and work within its limitations.
And Ghosting the machine? That was done by my ex-esteemed majesty: the CTO. He had a doctorate in Computer Science which was ironical and comical.
And that policy was one of the better ones.
The worst ones were those when entire machines were condemnded and destroyed just because they were not needed (never been used at all). And places where the firewal
Re: (Score:2)
people is aware that they shall only use trusted usb sticks and open trusted email
I don't know whether to laugh or cry at your naive quote.
You just summarized a network administrator's worst nightmare: Trusted USB sticks and Trusted email.
Tell me, how do you "trust" a USB stick? Put a stamp on it?
We use AVG (Score:2)
I have AVG 8.5 on our workstations, it's about 30 of them now. Regular AVG, not Internet Security. But the Network Edition, which has a management console. My guess is that as long as you have something you can't really go wrong. AVG works fine for me. The weird thing is that you can usually deploy AVG for the first time without rebooting the station, but every so often there will be a program update to AVG that needs a reboot to take effect.
It's about about $25 a seat I think. I've only ever bought 1 year
Re: (Score:2, Interesting)
Bit Defender (Score:2)
We use bit defender, but it gives me the shi^s.
You manage all the client via an MMC snap in, but like other MMC snap ins, it just doesn't really work that well.
eg. The computer names get mangled when DHCP reassigns, so you need to view clients by IP rather than name, but the mangled name is the only reference in the reports.
Everything is done by assigning policies, but there is no easy way to see what clients licenses have expired.
I intend to change to something else when licencing comes up again.
mcafee (Score:3, Informative)
In my personal experience, I found mcafee asap (mcafeeasap.com) the easiest to use in such a small business. This software has "agents" which report their status back to the mcafeeasap.com website, from which the administrator can monitor all pcs.
This idea is great for small companies. The implementation however had a few problems:
- Over time, I've installed all "agents" at least twice. They just stop working for no reason at random moments
- Some agents 'do' have a reason to stop: they think the license has expired, while it's definitely not.
- And mcafee is bloated + it uses mshtml for every single dialog and even for invisible actions like downloading updates. This eats cpu power.
Trend Micro (Score:2, Informative)
Re: (Score:2, Informative)
Re: (Score:2)
Ditto for Trend here, we've not had any serious problems with viruses for a few years now.
Trend OfficeScan (Score:2, Informative)
confirm Nod32 sucks balls in real world (Y/N): Y (Score:2)
confirm nod32 sucks balls in real work (Y/N): Y
ClamAV was good at
Never McAfee (Score:4, Insightful)
McAfee is horrendously insidious. Should you ever want to use a different product, it is damn near impossible to remove. After the IT guy at a job spent 7 hours trying to get rid of it (he did, mostly) when they switched to Kaspersky, I spent another three with regedit and a few Cygwin tools hunting down the rest. I think I got it all, since Outlook has finally quit trying to use it.
Avoid it like the plague.
AV-Comparatives Corporate Report (Score:5, Informative)
AV-Comparatives recently released their May 2009 Corporate AV Report [av-comparatives.org], which sounds like it may be right up your alley.
It's fairly large, but reviews a large number of AV products with a corporate focus, contains lots of screenshots, and even grades them on their appropriateness for Small, Medium and Large networks. Sounds like it would definitely be worth a look in your case.
comodo if you don't have the budget (Score:3, Informative)
I've got some bad news for you (Score:2)
OK, first let me explain my assumptions, based largely on what you've said in the summary:
1. Only 20 or so PCs, no full-time admin.
It's probably a small company, so there's a strong chance that individual staff don't have roles sufficiently specialised that you can simply disable removeable media and block internet access to 90% of staff. Even if you did that, one of the other 10% would probably let something in and as soon as they do everyone else is vulnerable because there's no AV.
2. Need centralised
Get a proper AD server (Score:4, Informative)
...then use group policies to push out AV updates automatically & lock down the desktops remotely and automatically. Samba is a half-cut replacement for a proper Windows Server when it comes to Windows workstations (sorry samba guys; samba is good, but ultimately lags far behind what it's trying to imitate)
Windows XP is only really so vulnerable to viruses because normally it runs in "everything as root" mode; which, if you had a proper Windows server you could change in seconds (not that you couldn't do this manually, but with AD it's automatic network-wide).
Re: (Score:3, Informative)
Because workgroup mode sucks for any kind of centralized support.
Of course it does, but Samba works very well as a PDC
centralized usernames/passwords
Works fine with Samba on Linux
- Have easy central printer queues
Can also be done with Samba, but what's the point? All printers are TCP/IP network printers. I never quite understood why people would use print servers for network printers. (Except maybe in huge environments and/or with special printers having a high cost per page)
- Have easy central file shares with easy to apply security
Samba again...
- Install WSUS on the server. It's a free addon. Poof! Microsoft patch management!
As far as I know, that is not very different from automatic updates. But I may be wrong.
- Group Policy (install/update software, apply software settings, lock down security on all systems, etc.)
This definitely seems to be the main reason for Win. server.
Re: (Score:2)
"I don't consider replacing Linux with a Win server, because Linux is just too good and easy to manage for firewall/email/rsync backups/cron jobs/bash and perl script/etc."
You don't REPLACE the Linux server. You drop the AD Management box NEXT TO the Linux server, and just move the AD stuff to it. Continue using the Linux box for the samba shares/backup/everything else.
Remember REAL operating systems ship with Perl pre-installed. So consider this Microsoft stuff like a canned business machine, and adop
Perl (Score:3, Interesting)
Unorthodox solution (Score:2)
With twenty machines, I'm going to go out on a limb and say don't! You have a large enough user base that you should use a hard disk image backup system, yet a small enough base that the infections would be manageable. Since your primary server isn't windows you may want to set up your network so each user workstation cannot connect to the others, then let them be on their way. The CPU usage of constant disk scanning is a drag on the user's machine. Weighed 20 of them versus the time for you to recreate an
Sophos Enterprise Manager (Score:2)
Re:the problem is the OS (Score:4, Funny)
That's sexual harassment. And no, it doesn't matter if you work in the fashion industry.
Re: (Score:2)
Prices have come down recently, so it's not a terrible idea... As long as the apps you need are available.
And we have clamx av.
I am sounding smug right now after talking to three people today I moved over to Mac OS and they're all happy.
Re: (Score:3, Interesting)
I'd love to be able to use osx on our network, but there are some serious roadblocks. #1 is the price of the workstations. when you need 300 bog standard desktops on a tight budget, your options from apple are... lacking to say the least. #2 is compatibility. entourage is very weak as an exchange client in a business environment. OWA on non-IE browsers is not great either. CAD and ERP software is limited. #3 is the cost of (re)training employees. with windows you get the benefit of your users havi
Re: (Score:3, Insightful)
OSX is supposedly getting exchange support, on the other hand is Apple really the problem?
We have a similar situation where i work, exchange doesn't interoperate with the increasing number of linux and mac workstations... The problem is exchange not interoperating with anything else (as well as having a whole host of other problems and hidden costs), which is why it's being replaced.
Re: (Score:2)
Now we're very happy with the solution.
Does OSX have a better security record [macworld.com]?
It's all about the apps (Score:2)
I don't mean this to be smug or smartass
This works only if your core business apps are available for OSX.
But I have to ask why it makes sense to leave the door wide open to the installation of any random piece of software.
Re: (Score:3, Informative)
Thats like saying a house needs to be demolished because theyd like a new door
More like "soon their house will be demolished, better not invest in a new door now".
Within 2 years they probably have to migrate to Vista or Win7 anyway, they also need to buy and maintain AV software, why not invest in something else instead? Or at least look at alternatives and do the maths.
Re: (Score:3, Insightful)
Those are all great things. But A) they won't actually stop people from bringing viruses into the office. They might *help*, but you'll still need an A/V client from time to time and B) those things are not going to happen reliably someplace that doesn't even have a full-time IT guy.
Re: (Score:3, Insightful)
What about users who get hit by drive by infections on websites that should be trustworthy (because the sites got owned, or malware is delivered through third party ads)?
What about users who open pdf files or msoffice documents containing exploit code and malware?
What about users who simply insert media infected with autorun malware?
How about malware emails coming from trusted senders (either because those people are infected themselves, or because the mails are spoofed)
There are plenty of infection vectors
Re: (Score:2)
As well as windows update, don't forget to keep all the other applications on your workstations up to date...
WSUS will handle msoffice and other ms apps, but you'll need to buy an expensive management application if you want to keep things like adobe reader updated (which makes them a perfect malware target)... You can't use the update functions inside these third party apps, you have to manage it centrally.
Firefox is all well and good, except that a lot of malware these days targets other apps, like msoffi
Re:ClamWin (Score:4, Informative)
From clamwin.com website:
Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.
This assumes that the users remember to scan everything before they run.
(I personally do the clamwin thing for my personal machine, haven't found anything yet)
Re: (Score:3, Insightful)
Terrible detection rate. Sorry, but when an AV suit finds about 2/3 of the threats, you can just as well go without one.
Re: (Score:3, Insightful)
I've not found any other AV to really be much better, i've seen machines installed with up to date mcafee which are spamming the users with ads... went through the box manually to find what was doing it and uploaded the binaries to virustotal.com, less than 10% of the av engines detected it even tho the programs hooks itself into ie and displays unwanted popup ads constantly (for typical spamvertised things like penis enlargement pills etc)
Re:ClamWin (Score:4, Interesting)
In all honesty, I've given both Moonsecure and clamwin many chances over the past couple of years. I don't want to admit it, but I feel as though I've been largely disappointed with the detection rates, the interface and the speed of both AVs. I've used them mostly in a 'workbench' setting though, scanning client drives outside of the system. In comparison to the other (commercial) scanners I use regularly, I've not been impressed.
Re: (Score:2)
I second AVG.
Not only are the licenses cheaper then the Symantec corporate edition, we got 2 years instead of one for about 2/3 the cost per seat. The management console seems to be better oriented and it can even force a reboot to remove an infection if needed. They even have Linux support.
Re: (Score:2, Informative)
yes, free should never have been installed in a corp environment, but that's how it was when i was hired.. licensing was the least of my problems by far.
Re: (Score:3, Interesting)
I see you already placed the biggest point I could make out there. It does it also if the old version is too old or isn't a networked version.
I actually had the same problem at a site with a laptop that somehow slipped through the cracks and didn't get updated to the latest version of AVG. In my case, it was a corporate version (network edition, but it was severely outdated) and I had to manually uninstall before being able to install the new client. I think the laptop ended up on a shelf in one of the part
Re: (Score:2, Interesting)
AVG network is a huge mistake I made as an admin... Sure the cost is low, the central management is OK, and the virusscanner was pretty decent... Only with newer versions you get these free bonus PITA's:
- Bloat like the Linkscanner that 'enhances' your webbrowser by making it slower or freeze and crash
- Firewall that will sometimes lock for no reason at all (making me have to go to th
Re: (Score:2)
I think you might be confusing the internet protection suit with just the AV protection. I don't use the firewall BS and I always disable the link scanner (although it is working smoothly nowadays). Never had real-time-protection turned off either.
Anyways, I don't remember the one update that screwed everything. Actually, I remember the reports of it but none of the 150 instances across 7-8 sites I manage with AVG as the Antivirus had the issue. However, deleting innocent files [symantec.com], system files [sadasystems.com], email [bit-tech.net], Program [bitdefender.com]
Re: (Score:2)
None of them have a perfect detection rate...
The more popular ones are likely to be explicitly targeted by authors of malware...
So cost, convenience and performance become very important...
Re: (Score:3, Insightful)
Security Lesson #1: Usability, Secure, Cheap - pick any two.
Anyone can put up a solution that provides two of these, however I think the solution you have put together provides only one.... Cheap!
Working from a VM? Not usable - at least not for typical office workers. No AV protection? Insecure
Allow me to elaborate on insecure...
Fair en
Re: (Score:2)
My gripe with GDATA is the fact that it doesn't detect the stupid autorun.inf + *.com + *.exe. I can see it hidden. If I try to delete it it gives me shit about it. But after a while I find it again.
Re: (Score:2)
Yeah, you'll notice "an incredible speed boost" because it's not actually running most of the time, it doesn't check every file that moves, which is what "Symantec and McAfee" and every other anti-virus program for Windows does and needs to do.
Re: (Score:3, Informative)
Not all users need (or should have) the same software.
Not all users have the same preferences for the software they have.
You need 1 image per user. (Not an issue space-wise, but an issue maintenance-wise whenever someone wants something changed, there are updates to the OS/apps, etc.)