AnimeSuki Forum - Recomend Antivirus for Business

AnimeSuki Forum (http://forums.animesuki.com/index.php)

- Tech Support (http://forums.animesuki.com/forumdisplay.php?f=24)

- - Recomend Antivirus for Business (http://forums.animesuki.com/showthread.php?t=58711)

Recomend Antivirus for Business

For example: a company with 80 PC and some servers. (all with MS OSs)

Which antivirus or protection suite would you recommend? I know that for 80 or so licenses it won't come cheap. Unless (don't know if its possible) you put only antivirus in the server that provides net but then the other pcs in the lan would get infected if an user bring something outside.

Well since we have some IT ppl here I wanted to know your opinion.

Quote:

Originally Posted by Tiberium Wolf (Post 1276999)

*Scratches head*

The 2 main things I would look out for are:

How good is the basic scanner
Is the engine any good on the reviews and does it get frequent updates that have a low known false positives history. Does the scanner cover spyware? Does it employ other practices such as file auditing or white listing.

How good is the suite in terms of central management
Can the updates be moved to an internal source? Why kill your internet connection 80 times when you could download it once and should test it before rolling out. Does it do centralised warning? Lots of bad things can be mitigated by yanking an affected box before it infects others. Does it integrate well into your existing network? Thinking about hooking into the domain or if you really have a pew pew network like that Cisco self defending stuff.

Even though I have experience with McAFee and it scores well on the whole centralised management thing, it has a bad history of false positives.

*Edit*
Centralised scanning can be done via Samba (or any other MS share tech I guess), but the problem is the registry isn't loaded and that won't get scanned.

With 80 PCs, I'd think it'd be best to go with a relatively cheap virus scanner, focus more on network security, and have a server that reloads a disk image to the computers to ensure that they're clean and fully functional every X number of hours. That requires some extra infrastructure, and the users would need to get used to the idea that the desktop isn't a good place to store their files (depending on how you set it all up)...

Our university uses Symantec Corporate Edition. Not sure about the costs, but it seems to work well enough.

Symantec Corporate Edition varies in price due to the amount of users. The last time I checked, the unlimited subscription is $3,000 plus. It checks and scans the client and server computers periodically, and I have yet to see a limit on the amount of computers that the software can be installed for that high of a price. The catch is if you wish to upgrade the software to the next version up, you'd need to shell out another $3,000 plus.

You can also look into Kaspersky's server-client anti-virus software. The price may be higher, but it's due to the fact that the quality of their product tends to be higher.

Ledgem is right about the fact that you should worry more about your security than anti-virus protection. The anti-virus is your defense upon the entry ONCE it bypasses the firewall. In order to ensure that not just anything gets passed the firewall unless permitted, you should look into the different types of firewall software out there for your clients and possibly server.

The server tends to be different issue when it comes to firewalls, considering the purpose the server serves. If it's running a database and sharing files, printers, etc, as well as hosting the internal website and/or the server acts as a DHCP host for the rest of the network, then it would be best to look for a firewall specifically designed for a server so you don't have to walk to the server every other second or minute to permit a local IP to connect to the server, or so on and so forth.

This isn't an easy task. Choosing carefully and wisely takes a lot of time and research.

Let me add my voice to those saying that desktop antivirus should be your last line of defense.

The principal vector for viruses in most companies is e-mail. That's why my first investment would be building an email scanner. I've used the combination of ClamAV for virus scanning and SpamAssassin for spam stomping for years now. To manage these tasks I prefer the application known as MailScanner. Build a basic Linux server, install the pre-compiled binaries for all three programs from the MailScanner site, then have it sit between the inbound mail source and the mailbox server (or put the mailboxes on this box).

Next, I often use a combination of squid with iptables configured for transparent proxying to limit web traffic. At most sites I work with we routinely block .exe's, for instance, so that someone can't download that nude Britney video that turns out to be malware. You can even add a plugin to squid that will force it to scan all downloads, or certain types of downloads, with ClamAV as they arrive. You'd need a pretty fast box to handle the load of 80 machines if you go this route.

At the desktop I have clients that use McAfee, Norton, and F-Prot. Expect to spend something like $10-20/desktop/year for this software. This is actually not much money if you consider the costs of cleaning up after a virus/spyware outbreak in your company. The cost in lost productivity and IT support time in such situations will quickly exceed the cost of the antivirus software. Also, grey_moon's comments about central management are spot on.

Laptops pose another complicated threat. You just don't know where those puppies have been. One solution is to put all the laptops on a separate, firewalled subnet with very limited access to those services needed for work. Letting random laptops as peers onto the same network with your nice, clean desktop machines can be a recipe for disaster. If the mobile folks like salespeople need to use mail, web, a fileserver, and a database server while in the office, put them behind a firewall that only passes those ports. The laptop users won't like this if they're used to snatching files off other people's machines with Windows networking rather than using a central server, but why are you using peer-to-peer filesharing technologies when you should have a well-managed central server for that task instead?

I no longer have any experience with Windows antivirus since all our desktop machines run Linux. In fact, I'd say the best antivirus solution for Windows desktops is converting them to Linux or buying Macs :D.

Ooo great points especially highlighting the last line of defence issue*.

Going off topic, but if you are allowed to think outside of the box then solutions such as Deep Freeze which reverts all changes back to frozen point on boot is good if you are allowed to be really restrictive to the user. Or some form of imaging solution which allows you to dump the OS back on to the box with minimum down time is good too**. Both only work well if user data is stored on a server.

*I of course think that the best point was made by SeijiSensei on the last line of his post :)

**Ledgem mentions re-imaging every x hours which is a very good idea in terms of security, but you can also consider for just a quick method of re-installing a box, which helps mitigate some of the cost of recovery that SeijiSensei mentions

Oh! Nice points even thou I asked only about AV. Off to do some reseach in google.

Avast is free and very good, I saw a comparison review between Avast and AVG and the conclusion was that Avast is better overall

Free if it's for home use. For business you need to have a paid version else the company will be fined if the inspection comes by

I only have experience managing AVG in a corporate environment. Its decent. Centrally managed updates, you can get reports of who's scan turned up what. It was also cheaper than some other alternatives.