A very common question asked on Experts Exchange is, "What is the best Antivirus package for my domain?"
It is nice to see folks so passionate about protecting their network. But, let's face IT. AV products are created from third party software manufacturers and dig into the grass roots of a system. Whenever you install a third party software that intrudes on the OS, you are bound to have problems. It's knowing how to configure your AV product that's important to your environment. Also things to consider are some well defined IT practices for your administrators and users.
The best AV and Antispyware on the market is an educated user and educated administrator. AV products can't protect a LAN as we all wish they would. Most viruses are taken care of after the they infect machines because a AV suite has to wait until the virus is fully developed before they can figure out how to remove a full blown virus. This is why Updates are frequent to an AV product. Hey, get it off your system as soon as you can, right?
Please read this on AV heuristic scanners:(shows you how a virus has to fully develop prior to total removal)
Now, I am not advocating, being naked on your LAN. You do need an AV product to be a part of your overall IT security package. But, an educated administrator and user can be taught some pretty good methods to protect themselves by a set of defined "best-met" practices. So, consider creating an IT security website and IT security course. Then, make it mandatory to have all employees on the domain educate themselves to the dangers of bad IT practices.
Ask yourself things like, what prevents Johnny user and Joe administrator from going to the wrong site, or opening up the wrong email attachment, or sending out their email address to everybody in the entire world. What prevents Joe administrator from configuring the AV products the wrong way and causing problems with the Operating systems.
I look at an AV product as a buffer to good internet and email practices. Getting a good AV product and knowing the AV product inside and out, or how to configure it to work with your environment, is an important step in your success. But, knowing best-met download practices in email usage, internet surfing, and knowledge of what you are downloading and installing are crucial to preventing issues before they happen.
And some of the best-met practices are outlined in this web page that the FBI recommends to victims of IT fraud and malicious software. You can use this to educate your users and administrators. Or you can use this information to model your own IT practice model. I find almost all users are concerned about Computer Fraud and are willing to look over a web page like this:
Referring back to the AV products:
As far as an AV product, it may have bugs and take an administrator a little time to get use to. But, that's the key to a good AV product, the knowledge you have as a domain administrator. AV products are necessary, but realistically only a buffer to good practices. Same goes for an Antispyware or Firewall setup. Here is an example I ran into with an Antivirus program:
Recently, I had a problem with the enterprise AV package that I assigned my domain. Windows XP service pack 3 came out and part of the service pack was a file called FixCCS.exe. This stands for Fix Current Control Set. This file goes into the system registry and edits the current control set with about 8800 registry edits. My antivirus package was told not to allow registry edits. So, that particular service pack was seriously messed up. So, consider an Antivirus test machine. What I mean by this is consider a machine you can test how your service packs interact with the AV software for downloads and installations. As a result of learning this error, I had to make special provisions for the FixCCS.exe file and go throughout my domains to uninstall and reinstall XP service pack 3. It took a lot of administrator man hours to do so. So, consider this test machine.
I once read an article that said "it is wise to call the AV manufacturer to determine how to implement the AV package on a domain controller." This is a very good idea for anyone considering an AV Enterprise solution to the domain. I can't tell you how many issues I have seen resolved because the Antivirus or Antispyware, or Firewall was not configured correctly. I would say about 20% percent of all Experts Exchange questions are related to this setup. So, be knowledgeable on all of the products you intend to use for your IT security solution set.
If you go to a site, like Experts Exchange and ask the question, "What is the best Antivirus Solution for my domain" you will find that each administrator has his/her own enterprise solutions and they are very use to configuring these AV packages for their domain. And realistically they are all correct answers because they are use to configuring the AV package to work best for them. So, look for a good AV enterprise package by:
1) You might consider looking for a all inclusive package that has both Antivirus and Antispyware
2) look for an AV package that is user friendly and easy to configure for administrators
3) look for an AV package where the manufacturer provides good customer support and feedback
4) LOOK AT AN AV PACKAGE AS A BUFFER TO ENCORPORATING GOOD IT PRACTICES FOR YOUR DOMAIN USERS AND ADMINISTRATORS.
5) Keep an open mind when administrators tell you that their solution is the best for you and expect IT experts to disagree about the best AV package available out there.
6) ask questions on how to best configure that AV package of your choosing for your domain.
7) look for an antivirus enterprise solution that is centrally managed
8) take some time to test, plan and design and IT security package that best suites your needs
9) consider an IT security course and website that helps educate your users
Also consider good Anti Spyware packages and a good Firewall setup.
In my personal experiences>
I have been a victim of computer ID fraud. It cost me $40k dollars to fight my credit report and the credit reporting agencies abroad. The FBI arrested the person who committed fraud against me and others. He is in a federal pen right now. The site the FBI recommended to me was listed above.
So, I decided to attack this issue head on and educate myself a bit better. I was once under the false impression, (as many folks are), that an AV package is going to protect me from any computer based attack. When I started educating myself, I started designing IT security plans. I now administer many domains as a domain administrator, IT security administrator, and email administrator.
The best set and most welcomed IT security solutions was a well planned out solutions with educated users and administrators. My IT security website and mandatory IT security class has reduced malicious software and IT intrusions to almost Nothing, (to include spam, viruses, and spyware). My AV package has been picking up the rest.
I hope this helps you provide a good IT security plan for your domains.