Recommend anti virus solution

I am looking for an anti-virus solution for our office that covers up to 10 desktops with Windows 2000/XP and a file server running NT4(SP6) and MS Exchange. All internet mail is located on a remote mail server and accessed using POP3.

I have looked at McAfee and Symantec but can not see what solution best meets our requirements.

Any suggestions?
Niall101Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ghanaCommented:
Ask 10 different people and you will get 10 different opinions about the "best" antivirus solution. I would recommend that you use a free trial version to test the product that's more familiar for you. Then you can find out, whether it will fit your requirements and whether there are compatibility issues with your existing hardware and/or software.

McAfee is currently developing ePolicy Orchestrator 3, which will be released within the next 8 weeks, Symantec has released its Corporate Edition 8.0 last autumn. Both solutions have similar functionality. In my eyes Symantec has advantages in the signature updates but McAfee has better report features.

Because there are no heavy differences in the functionality you should choose the product that you are more familiar with.
0
SunBowCommented:
To supplement (while agreeing with) ghana, with Symantec you can crash more frequently than with McAfee, but with McAfee you can receive more false positives. Both are quite popular, and should serve, but don't forget to check with several other vendors. Paramount IMO is that whatever features are offered are methods you can understand and use. Features no good when unused.

But I mainly want to add you recongize the differences between protecting desktops, protecting networking, and censoring eMail.  I suggest this involves aspects that no one product will address. So I say at least mentally segregate and distinguish, consider that desktops have each an individual A/V, and that servers can run another for the group, such as for evaluating eMail content.
0
MSGeekCommented:
I have been running NAV corporate with no crashes on the desktop.  I have seen where if you have too many of the products developed by Norton or McAfee installed on the same machine this can cause crashes.

I agree with addressing e-mail filtering, it shouldn't be overlooked. I am not sure will Corporate NAV run on NT 4?  I am running Native Domain with XP and Win2k desktops.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

ghanaCommented:
>  I am not sure will Corporate NAV run on NT 4?
Yes, with SP6a

But as far as I know NAVCE will only protect Outlook and Lotus Notes clients, that connect to a MS Exchange or Lotus Notes server. I'm afraid it will not check mails that Outlook gets from a POP3 account.
0
MSGeekCommented:
ghana...It will check pop3 mails from the client side, if that is what you are asking about.  One note to add about NAV, it is connection oriented withthe client, so don't run it on a NT 4 workstation where your connections are limited to 10 or XP where they are limited to 5.
0
donnyr10Commented:
Both NAV and MCafee are great products
I use NAV exclusively no problems
On one client side we recently installed
a Trend Micro Product..Well worth a look
http://www.trendmicro.com/en/home/us/enterprise.htm

For 10 PC's and a Server NAV is a pretty decent choice
Corporate NAV is a good fit for SMTP mail scanning
I have 7.5 but ghana said 8.0 is out, don't
know what has changed ...but it's only bound
to get better :)

Didn't have any crashes in my dealings so far..

./Donny

0
ghanaCommented:
donnyr10, new features in SAV (now it's called Symantec Antivirus and not Norton Antivirus...) Corporate Edition 8.0: You can define multiple server groups on one single SAV server, in 7.x it was necessary to install one primary NAV server to establish a group. Next great advantage now the VDTM signature distribution does also use incremental updates which in 7.x was only available for LiveUpdate. Now you can configure multiple LiveUpdate hosts from the GUI and don't need to edti the host file manually.

And there is a new product called Symantec Client Security (SCS) which combines Symantec Antiviurs 8.0 and desktop firewall + intrusion detection.

All components of SAV 8.0 and SCS can be installed in the network using the Symantec Packager and you can all configure with Symantec System Center (SSC). So you don't need additional administration tools for the desktop firewall protection.
0
ghanaCommented:
>  ghana...It will check pop3 mails from the client side, if that is what you are asking about.

Yes, that was my question. Is this a new feature in 8.0 too? In 7.5/7.6 Symantec says it's not able to check POP3 mails on the client side because the client only checks MAPI.
0
a bCommented:
i know that nav 2k integrates with outlook 2k to scan pop email, but it doesn't do this with outlook xp.

you should check before buying that the software integrates with your version of outlook. then again, since attachments are scanned upon opening anyway, is there any need for pop scanning? i suppose scripts in html format emails will have to be checked. maybe someone else has an answer to this.

come to think of it, if email is always scanned on the client, is it necessary for antivirus software to integrate with exchange on the server?
0
donnyr10Commented:
Thanks for the update ghana, sounds
like I have to check out the SAV Offering :)
It sounds waaay enhanced...:)

A b, it's important to filter at the perimeter,
although the end result may be the client mail storage
stopping the virus on the inbound is important
to the security of your Network..

Take Care
Donny..
0
MSGeekCommented:
> In 7.5/7.6 Symantec says it's not able to check POP3 mails on the client side because the client only checks MAPI.

I'm running 7.6 and it does scan on the client side.

> i know that nav 2k integrates with outlook 2k to scan pop email, but it doesn't do this with outlook xp.

I also have it running on XP with Office XP if you examine the header information it indicates the e-mail was scanned on incomming.

Sounds like I better upgrade to 8.


0
a bCommented:
i can see the logic of filtering at the perimeter in general, but isn't it the case that until an email is viewed, its attachments opened and its html rendered (and hence its scripts run), all it is is harmless data?
0
ghanaCommented:
> i can see the logic of filtering at the perimeter in
> general, but isn't it the case that until an email is
> viewed, its attachments opened and its html rendered
> (and hence its scripts run), all it is is harmless data?

You're right. But it's possible (but not usual) to forward a mail that was not opened. In this case the desktop antivirus can't check the mail. Additionally you will reduce the amount of disk space that is wasted by infected attachments if your perimeter scan will kill them.


> i know that nav 2k integrates with outlook 2k to scan pop email

NAV 2000 is a retail product that has different features than the corporate edition.
0
a bCommented:
point taken ghana; but if nav or equiv. is integrated with outlook on the client, will it be checking all email that arrives on the client whether opened or not, making antivirus integration with exchange on the server redundant?
0
MSGeekCommented:
Regardless, protect your server as well as your clients.

One bad exeprience I had was with Inoculan, I would avoid that. I doon't know what Panda has to offer but have heard good things about them,
0
a bCommented:
thanks msgeek, but i'd really like to know the answer.
0
ghanaCommented:
A b, I didn't test it in practice. I can only say what Symantec's trainer told me. He said that mails are checked while opening them in the client.  I think this is in the nature of MAPI: The mail is only transfered to the client if you open/view it. If you don't open/view the mail, it will stay on the server.

The same trainer told us that there is no integration with outlook if it is configured as POP client. But this is also the official statement in the administrator's guide of NAVCE 7.5/7.6.

MSGeek, Panda had an advanced outlook integration in the version that was released in 2000. It was even able to scan .PST files! But in a network environment the virus signatures could only be updated using login scripts. Which is quite bad, if a user only locks the PC after work and doesn't logoff for 4-6 weeks... This was the main reason why Panda lost the competition against McAfee at one of my clients. Because I don't know the current version I can't say whether there are now better update features available.
0
Jan B. MichanekCommented:
Hi!
When it comes to this with protecting ones network environment one should bear in mind *NOT* to put all eggs in one basket. To further improve the security regarding WORMS and viruses I would recommend having multiple layers of protection. This should preferably be from different vendors with self-updating antiviral info over Internet. Also the assumption that the network to be protected have *ONLY* controlled access to Internet through firewalls, IE *NO* modems!
Firstly we do have antiviral software at the firewall(s) that will see suspected traffic in real time. They do tend to miss things from time to time in typically VPN pass through traffic. Internally use a solution with support for several NOS since this can prove vital for the for any future needs that might arise. We have used NAV/SAV CE for several years with mostly very good results in both Netware and Windows server environments as well as mixed.
I recommend that you have a e-mail server locally provide greater flexibility but also from a security standpoint. How do one handle the backup issue of local POP-mail in let say Outlook? A local mail server can be backed up properly and protected from virus with ease.
With this design you have a sort of three-layer architecture although these layers not totally overlays each other but cause some redundancy. By choosing products from different vendors you will also benefit when it comes to recognizing viruses and have a distributed "cure" in your network from the fastest of the vendors.
This is naturally not free of charge using THREE systems but bear in mind that ONE incident might shut you down! And the intellectual investment it takes to proficiently master the products for your needs mount considerably having three of them. But the benefits are:
1. Always have a fast detection delivered from the fastest of the three.
2. Something that slipped through the outer layer or perimeter will probably be detected by one of the two remaining. At least as it springs to action on a workstation with virus like behaviour.
3. Choosing the "right" products will get you a fire-and-forget antiviral solutions which you can have SNMP monitored and “yelling” over beepers/phones and/or mail if something relevant happens...
BRGDS
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ghanaCommented:
AceOfSpade, I agree with all of your statements except one: In my opinion it's a mistake if an administrator thinks his/her antivirus solution is a "fire-and-forget" solution. Security is not a product but a process. If there will be a new kind of virus that's able to bypass your current virus protection then no SNMP trap will be generated to notify you.
0
Jan B. MichanekCommented:
Yes, ghana, I totally agree with you but I think you misunderstood me or I was wage! What I mean by fire-and-forget is that you don't need to watch the systems in them self the same way with active SNMP monitoring and alert. Of course you *MUST* stay vigilante to activities in general concerning the security of your network. That means establishing traffic pattern baselines and similar activities. This can of course also be automated. But please bear in mind that not all is what might it look like! Basically you monitor ALL energy that is induced on the wire hence no action no risk! This way you can focus a bit further down the risk-road and hopefully catch threats in it's earliest form. Although this is definitely out of this questions scope and more an IDS-type of thing (Intrusion Detection System) as things are today there is sometimes hard to draw a line between viral-activities and intrusion/hacking attempts, they tend somewhat to go hand-in-hand. But nevertheless is security in general an everyday commodity and hence needs a continuous update.
0
AMITSEHGAL80Commented:
i suggest that u should try the corporate version for norton cz it provides u with email screening including the attachments. you can also see the audits of norton from it's it;s utility
0
Jan B. MichanekCommented:
AMITSEHGAL80, I assume you talk about the the Norton Antivirus Corporate Edition which now is Symantec Antivirus Corporate Edition which works fine as I have mentioned. But there are other e-mail systems than Exchange/explorer & Notes...
0
mobhistoryCommented:
We have had great results with Trend Micro AV.  Not going to start a sales pitch, but on a nationwide network with 1600+ laptop/desktops, and 120 servers we have not been let down yet.
0
CleanupPingCommented:
Niall101:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.