Which antivirus for corporate use?
Discussion
I have just got a smallish contract for a company that has four branches, a WAN (managed by a third party) and about 40-50 boxes per site. They have a bit of this (norton) and a bit of that (AVG? - free?!) and all in all it's quite scary as today they had to shut down the mail server as they thought it was infected with a virus.
The mail server is running a standard copy of Norton AV 2002 and is still doing the live updates, tho it hadn't done this for a year
The one half-tech they have there says that AVG is finding viri that Norton does not - hmmm, I'm not so sure.
Maybe it's just that the heuristics (norton calls this "blood-hound"
) are just a little more sensitive on AVG? after all it IS a paranoia program that errs on the side of caution rather than not doing anything at all. The AVG is finding stuff so it looks like the dog in norton is a bit lame..or am I barking up the wrong tree? Sorry 
So my question is does anyone have any expereince of corporate AV's, and which one, if any, is the best / cheapest to role out. Ideally I would like to deploy them all from the server side and want them to autoupdate daily with new virus definitions downloaded from the server. I tried (Kazaa) a copy of Norton Corp and thought it was very good especially as you can get it to email you when it finds something but is it the better one?
The mail server is running a standard copy of Norton AV 2002 and is still doing the live updates, tho it hadn't done this for a year
The one half-tech they have there says that AVG is finding viri that Norton does not - hmmm, I'm not so sure. Maybe it's just that the heuristics (norton calls this "blood-hound"
) are just a little more sensitive on AVG? after all it IS a paranoia program that errs on the side of caution rather than not doing anything at all. The AVG is finding stuff so it looks like the dog in norton is a bit lame..or am I barking up the wrong tree? Sorry So my question is does anyone have any expereince of corporate AV's, and which one, if any, is the best / cheapest to role out. Ideally I would like to deploy them all from the server side and want them to autoupdate daily with new virus definitions downloaded from the server. I tried (Kazaa) a copy of Norton Corp and thought it was very good especially as you can get it to email you when it finds something but is it the better one?
Another vote for Norton Corporate Antivirus but I'm using Norton Personal Firewall and that seems to work very well on my laptop. The only hassle is that I have to uninstall the Personal Firewall each time I go to our HQ and plug the laptop into the company's LAN because the Firewall thinks it's being raped or something and stops comms completely. A minor hassle really since the Firewall only takes a few minutes to reinstall.
>> Edited by hut49 on Thursday 5th June 23:01
>> Edited by hut49 on Thursday 5th June 23:01
This isnt a typo...
I sell a product called Norman Anti Virus. It's designed as a network product from the start and quite simply its the best I've ever used (thats why I sell it). I've got 15 customer sites running it - None have ever been infected by a virus in the last 2-5 years they have been running it. It also updates itself and apart from major upgrades can just be left to its own devices.
Drop me a mail with your requirements and I'll get you a 30 day license if you want.
Also does EMail alerts, SMS, SNMP messaging etc.
http://einstein.norman.no/scrpts/cwisapi.dll?Service=Trial&IDENT=5003
>> Edited by alunr on Friday 6th June 08:00
I sell a product called Norman Anti Virus. It's designed as a network product from the start and quite simply its the best I've ever used (thats why I sell it). I've got 15 customer sites running it - None have ever been infected by a virus in the last 2-5 years they have been running it. It also updates itself and apart from major upgrades can just be left to its own devices.
Drop me a mail with your requirements and I'll get you a 30 day license if you want.
Also does EMail alerts, SMS, SNMP messaging etc.
http://einstein.norman.no/scrpts/cwisapi.dll?Service=Trial&IDENT=5003
>> Edited by alunr on Friday 6th June 08:00
I like Sophos, and we use it to cover about 300 PCs plus servers in a dozen locations.
Costs work out very well compared to others - and you just pay per user then can cover as many servers as you like for no extra. Each site has a central install directory (a shared/mapped drive somewhere) which you do the PC installs from. Soon as that changes, the PCs update themselves. You can either update the CIDs manually or Sophos have an "Enterprise Manager" which runs on a Windows PC/server and does it all for you. Can also keep remote/laptop users updated over the internet back to your central point.
If you're on a Windows network, you can "push" the software onto PCs without having to go to each one using their SAVadmin stuff.
They support just about every platform going - Windows, Mac, Netware, OS/2, various UNIX/linux, and the desktops go right down to DOS and Windows 3.1.
Plus they're british, and the support is excellent.
Costs work out very well compared to others - and you just pay per user then can cover as many servers as you like for no extra. Each site has a central install directory (a shared/mapped drive somewhere) which you do the PC installs from. Soon as that changes, the PCs update themselves. You can either update the CIDs manually or Sophos have an "Enterprise Manager" which runs on a Windows PC/server and does it all for you. Can also keep remote/laptop users updated over the internet back to your central point.
If you're on a Windows network, you can "push" the software onto PCs without having to go to each one using their SAVadmin stuff.
They support just about every platform going - Windows, Mac, Netware, OS/2, various UNIX/linux, and the desktops go right down to DOS and Windows 3.1.
Plus they're british, and the support is excellent.
My vote goes with Sophos too, I have it deployed across the 350 clients I'm responsible for and updates occur automatically.
A new SID is released by Sophos, it sends automatically out to our Sophos enterprise software (free with the software) and another piece of software SAVadmin depoys the upgrade to all the networked clients.
You simply never have to touch it and just take it as a given that you're totally up to date.
A new SID is released by Sophos, it sends automatically out to our Sophos enterprise software (free with the software) and another piece of software SAVadmin depoys the upgrade to all the networked clients.
You simply never have to touch it and just take it as a given that you're totally up to date.
Have to say I'm not impressed with Norton on the personal level. (the network version is okay).
The personal version I find is a pain in the @rse. There are some bugs with it being too user independant ie it takes over your machine and tries to do everything. I much prefer a virus checker that will sit in the background and monitor without telling me AND will wait till the processor is idle before doing its update. I had a "fun" time with Notorn AV on one clients machine that was trying to constantly connect to dial-up. After several hours of checking for trojons, spyware, monitoring boot logs etc. I found out it was norton and the cure was wait for it.... nothing to do with norton (just a "feature") but installing IE6 "might help" in this case it did, but wasn't chuffed.
Also another client had Norton AV on the only internet machine on a network. The computer caught the opaserv virus. Although Norton spotted it, it only put it into quarantine AND allowed it to happily copy around the network and set itself up in all the autoexecs FFS
Eventually the client changed to EZ antivirus (small network) and has had no problems.
Personally I use E-Z antivirus (superb), and Tiny personal firewall (again I found it superb).
The personal version I find is a pain in the @rse. There are some bugs with it being too user independant ie it takes over your machine and tries to do everything. I much prefer a virus checker that will sit in the background and monitor without telling me AND will wait till the processor is idle before doing its update. I had a "fun" time with Notorn AV on one clients machine that was trying to constantly connect to dial-up. After several hours of checking for trojons, spyware, monitoring boot logs etc. I found out it was norton and the cure was wait for it.... nothing to do with norton (just a "feature") but installing IE6 "might help" in this case it did, but wasn't chuffed.
Also another client had Norton AV on the only internet machine on a network. The computer caught the opaserv virus. Although Norton spotted it, it only put it into quarantine AND allowed it to happily copy around the network and set itself up in all the autoexecs FFS
Eventually the client changed to EZ antivirus (small network) and has had no problems. Personally I use E-Z antivirus (superb), and Tiny personal firewall (again I found it superb).
I did an eval on this for my company a couple of years ago. Sophos won against F-Secure, McAfee, Norton, & Panda. Their support is top-notch, the SAVAdmin product is reet tidy, their updates are spot-on and they don't go in for the hype that McAfee and Norton do. Graham Cluley is their chief technologist - bloody good bloke if you get to meet him - and he's forgotten more about malware than most of the others seem to know. We have around 8000 installed clients in the UK and about another 400 in India.
We run Norton for Exchange 5.5 here, all was well until the past year or so ...
The updates are only available once a week (on a Wednesday) which means that you aren't covered using the live update. There is a manual way to download the manual defs, which I have to do daily, but although Bugbear.B (the lastest one) was detected by Symantec at 02.00 Pacific time, an update to the virus defs wasn't available for another 12 hours - long enough for the blighter to get in grrrr
Now intending to install Trend VirusWall as it can run updates every 10 mins and covers FTP, SMTP and HTTP.
MCI (Worldcom) also do a live SMTP virus protection using 4 different technologies - they've never had one get through. Might be worth asking your ISP if they do something similar?
The updates are only available once a week (on a Wednesday) which means that you aren't covered using the live update. There is a manual way to download the manual defs, which I have to do daily, but although Bugbear.B (the lastest one) was detected by Symantec at 02.00 Pacific time, an update to the virus defs wasn't available for another 12 hours - long enough for the blighter to get in grrrr
Now intending to install Trend VirusWall as it can run updates every 10 mins and covers FTP, SMTP and HTTP.
MCI (Worldcom) also do a live SMTP virus protection using 4 different technologies - they've never had one get through. Might be worth asking your ISP if they do something similar?
Do anti-virus stuff regularily so know lots - wont bore you all, but here goes my 2p worth:
Panda - good and fairly slick - Spanish of all things
Norton - leading product, works well at home and the enterprise
McAfee / Dr Solomons - leading product and better now than previous incarnations in last 2 years
Sophos - good if a little old technology, but base USP on support (which is good)
Norman - not as good as leading vendors - Norwegian of all things
AVG - better than previous versions, but more marketing than substance - lots of false alarms and reports things as major problems when they really arent!
If you want to use a good AV product any from the leading vendors will be fine. The UK has a pretty mixed market, but Norton, McAfee, Sophos et al. are good and will provide an excellent protection start. Norton is good and works well in most instances, but McAfee is well know (though do note that McAfee has a BIG overhead if you want to use the central administration and control features). Try some out on trial evaluation versions - personal preference really. I use an anti-virus product from F-Secure which is excellent, but hardly anyone knows them (they are Finnish of all places!!).
Cheers,
Paul
Panda - good and fairly slick - Spanish of all things
Norton - leading product, works well at home and the enterprise
McAfee / Dr Solomons - leading product and better now than previous incarnations in last 2 years
Sophos - good if a little old technology, but base USP on support (which is good)
Norman - not as good as leading vendors - Norwegian of all things
AVG - better than previous versions, but more marketing than substance - lots of false alarms and reports things as major problems when they really arent!
If you want to use a good AV product any from the leading vendors will be fine. The UK has a pretty mixed market, but Norton, McAfee, Sophos et al. are good and will provide an excellent protection start. Norton is good and works well in most instances, but McAfee is well know (though do note that McAfee has a BIG overhead if you want to use the central administration and control features). Try some out on trial evaluation versions - personal preference really. I use an anti-virus product from F-Secure which is excellent, but hardly anyone knows them (they are Finnish of all places!!).
Cheers,
Paul
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff