?
Solved

Recommend anti virus solution

Posted on 2003-02-25
24
Medium Priority
?
333 Views
Last Modified: 2015-09-11
I am looking for an anti-virus solution for our office that covers up to 10 desktops with Windows 2000/XP and a file server running NT4(SP6) and MS Exchange. All internet mail is located on a remote mail server and accessed using POP3.

I have looked at McAfee and Symantec but can not see what solution best meets our requirements.

Any suggestions?
0
Comment
Question by:Niall101
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 4
  • +6
24 Comments
 
LVL 11

Expert Comment

by:ghana
ID: 8018094
Ask 10 different people and you will get 10 different opinions about the "best" antivirus solution. I would recommend that you use a free trial version to test the product that's more familiar for you. Then you can find out, whether it will fit your requirements and whether there are compatibility issues with your existing hardware and/or software.

McAfee is currently developing ePolicy Orchestrator 3, which will be released within the next 8 weeks, Symantec has released its Corporate Edition 8.0 last autumn. Both solutions have similar functionality. In my eyes Symantec has advantages in the signature updates but McAfee has better report features.

Because there are no heavy differences in the functionality you should choose the product that you are more familiar with.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 8019039
To supplement (while agreeing with) ghana, with Symantec you can crash more frequently than with McAfee, but with McAfee you can receive more false positives. Both are quite popular, and should serve, but don't forget to check with several other vendors. Paramount IMO is that whatever features are offered are methods you can understand and use. Features no good when unused.

But I mainly want to add you recongize the differences between protecting desktops, protecting networking, and censoring eMail.  I suggest this involves aspects that no one product will address. So I say at least mentally segregate and distinguish, consider that desktops have each an individual A/V, and that servers can run another for the group, such as for evaluating eMail content.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8019810
I have been running NAV corporate with no crashes on the desktop.  I have seen where if you have too many of the products developed by Norton or McAfee installed on the same machine this can cause crashes.

I agree with addressing e-mail filtering, it shouldn't be overlooked. I am not sure will Corporate NAV run on NT 4?  I am running Native Domain with XP and Win2k desktops.
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 
LVL 11

Expert Comment

by:ghana
ID: 8023147
>  I am not sure will Corporate NAV run on NT 4?
Yes, with SP6a

But as far as I know NAVCE will only protect Outlook and Lotus Notes clients, that connect to a MS Exchange or Lotus Notes server. I'm afraid it will not check mails that Outlook gets from a POP3 account.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8024592
ghana...It will check pop3 mails from the client side, if that is what you are asking about.  One note to add about NAV, it is connection oriented withthe client, so don't run it on a NT 4 workstation where your connections are limited to 10 or XP where they are limited to 5.
0
 
LVL 1

Expert Comment

by:donnyr10
ID: 8025223
Both NAV and MCafee are great products
I use NAV exclusively no problems
On one client side we recently installed
a Trend Micro Product..Well worth a look
http://www.trendmicro.com/en/home/us/enterprise.htm

For 10 PC's and a Server NAV is a pretty decent choice
Corporate NAV is a good fit for SMTP mail scanning
I have 7.5 but ghana said 8.0 is out, don't
know what has changed ...but it's only bound
to get better :)

Didn't have any crashes in my dealings so far..

./Donny

0
 
LVL 11

Expert Comment

by:ghana
ID: 8025395
donnyr10, new features in SAV (now it's called Symantec Antivirus and not Norton Antivirus...) Corporate Edition 8.0: You can define multiple server groups on one single SAV server, in 7.x it was necessary to install one primary NAV server to establish a group. Next great advantage now the VDTM signature distribution does also use incremental updates which in 7.x was only available for LiveUpdate. Now you can configure multiple LiveUpdate hosts from the GUI and don't need to edti the host file manually.

And there is a new product called Symantec Client Security (SCS) which combines Symantec Antiviurs 8.0 and desktop firewall + intrusion detection.

All components of SAV 8.0 and SCS can be installed in the network using the Symantec Packager and you can all configure with Symantec System Center (SSC). So you don't need additional administration tools for the desktop firewall protection.
0
 
LVL 11

Expert Comment

by:ghana
ID: 8025423
>  ghana...It will check pop3 mails from the client side, if that is what you are asking about.

Yes, that was my question. Is this a new feature in 8.0 too? In 7.5/7.6 Symantec says it's not able to check POP3 mails on the client side because the client only checks MAPI.
0
 
LVL 2

Expert Comment

by:a b
ID: 8025441
i know that nav 2k integrates with outlook 2k to scan pop email, but it doesn't do this with outlook xp.

you should check before buying that the software integrates with your version of outlook. then again, since attachments are scanned upon opening anyway, is there any need for pop scanning? i suppose scripts in html format emails will have to be checked. maybe someone else has an answer to this.

come to think of it, if email is always scanned on the client, is it necessary for antivirus software to integrate with exchange on the server?
0
 
LVL 1

Expert Comment

by:donnyr10
ID: 8025739
Thanks for the update ghana, sounds
like I have to check out the SAV Offering :)
It sounds waaay enhanced...:)

A b, it's important to filter at the perimeter,
although the end result may be the client mail storage
stopping the virus on the inbound is important
to the security of your Network..

Take Care
Donny..
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8025866
> In 7.5/7.6 Symantec says it's not able to check POP3 mails on the client side because the client only checks MAPI.

I'm running 7.6 and it does scan on the client side.

> i know that nav 2k integrates with outlook 2k to scan pop email, but it doesn't do this with outlook xp.

I also have it running on XP with Office XP if you examine the header information it indicates the e-mail was scanned on incomming.

Sounds like I better upgrade to 8.


0
 
LVL 2

Expert Comment

by:a b
ID: 8025933
i can see the logic of filtering at the perimeter in general, but isn't it the case that until an email is viewed, its attachments opened and its html rendered (and hence its scripts run), all it is is harmless data?
0
 
LVL 11

Expert Comment

by:ghana
ID: 8026042
> i can see the logic of filtering at the perimeter in
> general, but isn't it the case that until an email is
> viewed, its attachments opened and its html rendered
> (and hence its scripts run), all it is is harmless data?

You're right. But it's possible (but not usual) to forward a mail that was not opened. In this case the desktop antivirus can't check the mail. Additionally you will reduce the amount of disk space that is wasted by infected attachments if your perimeter scan will kill them.


> i know that nav 2k integrates with outlook 2k to scan pop email

NAV 2000 is a retail product that has different features than the corporate edition.
0
 
LVL 2

Expert Comment

by:a b
ID: 8026119
point taken ghana; but if nav or equiv. is integrated with outlook on the client, will it be checking all email that arrives on the client whether opened or not, making antivirus integration with exchange on the server redundant?
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8026151
Regardless, protect your server as well as your clients.

One bad exeprience I had was with Inoculan, I would avoid that. I doon't know what Panda has to offer but have heard good things about them,
0
 
LVL 2

Expert Comment

by:a b
ID: 8026217
thanks msgeek, but i'd really like to know the answer.
0
 
LVL 11

Expert Comment

by:ghana
ID: 8026554
A b, I didn't test it in practice. I can only say what Symantec's trainer told me. He said that mails are checked while opening them in the client.  I think this is in the nature of MAPI: The mail is only transfered to the client if you open/view it. If you don't open/view the mail, it will stay on the server.

The same trainer told us that there is no integration with outlook if it is configured as POP client. But this is also the official statement in the administrator's guide of NAVCE 7.5/7.6.

MSGeek, Panda had an advanced outlook integration in the version that was released in 2000. It was even able to scan .PST files! But in a network environment the virus signatures could only be updated using login scripts. Which is quite bad, if a user only locks the PC after work and doesn't logoff for 4-6 weeks... This was the main reason why Panda lost the competition against McAfee at one of my clients. Because I don't know the current version I can't say whether there are now better update features available.
0
 
LVL 1

Accepted Solution

by:
Jan B. Michanek earned 225 total points
ID: 8046709
Hi!
When it comes to this with protecting ones network environment one should bear in mind *NOT* to put all eggs in one basket. To further improve the security regarding WORMS and viruses I would recommend having multiple layers of protection. This should preferably be from different vendors with self-updating antiviral info over Internet. Also the assumption that the network to be protected have *ONLY* controlled access to Internet through firewalls, IE *NO* modems!
Firstly we do have antiviral software at the firewall(s) that will see suspected traffic in real time. They do tend to miss things from time to time in typically VPN pass through traffic. Internally use a solution with support for several NOS since this can prove vital for the for any future needs that might arise. We have used NAV/SAV CE for several years with mostly very good results in both Netware and Windows server environments as well as mixed.
I recommend that you have a e-mail server locally provide greater flexibility but also from a security standpoint. How do one handle the backup issue of local POP-mail in let say Outlook? A local mail server can be backed up properly and protected from virus with ease.
With this design you have a sort of three-layer architecture although these layers not totally overlays each other but cause some redundancy. By choosing products from different vendors you will also benefit when it comes to recognizing viruses and have a distributed "cure" in your network from the fastest of the vendors.
This is naturally not free of charge using THREE systems but bear in mind that ONE incident might shut you down! And the intellectual investment it takes to proficiently master the products for your needs mount considerably having three of them. But the benefits are:
1. Always have a fast detection delivered from the fastest of the three.
2. Something that slipped through the outer layer or perimeter will probably be detected by one of the two remaining. At least as it springs to action on a workstation with virus like behaviour.
3. Choosing the "right" products will get you a fire-and-forget antiviral solutions which you can have SNMP monitored and “yelling” over beepers/phones and/or mail if something relevant happens...
BRGDS
0
 
LVL 11

Expert Comment

by:ghana
ID: 8046766
AceOfSpade, I agree with all of your statements except one: In my opinion it's a mistake if an administrator thinks his/her antivirus solution is a "fire-and-forget" solution. Security is not a product but a process. If there will be a new kind of virus that's able to bypass your current virus protection then no SNMP trap will be generated to notify you.
0
 
LVL 1

Expert Comment

by:Jan B. Michanek
ID: 8047101
Yes, ghana, I totally agree with you but I think you misunderstood me or I was wage! What I mean by fire-and-forget is that you don't need to watch the systems in them self the same way with active SNMP monitoring and alert. Of course you *MUST* stay vigilante to activities in general concerning the security of your network. That means establishing traffic pattern baselines and similar activities. This can of course also be automated. But please bear in mind that not all is what might it look like! Basically you monitor ALL energy that is induced on the wire hence no action no risk! This way you can focus a bit further down the risk-road and hopefully catch threats in it's earliest form. Although this is definitely out of this questions scope and more an IDS-type of thing (Intrusion Detection System) as things are today there is sometimes hard to draw a line between viral-activities and intrusion/hacking attempts, they tend somewhat to go hand-in-hand. But nevertheless is security in general an everyday commodity and hence needs a continuous update.
0
 

Expert Comment

by:AMITSEHGAL80
ID: 8049385
i suggest that u should try the corporate version for norton cz it provides u with email screening including the attachments. you can also see the audits of norton from it's it;s utility
0
 
LVL 1

Expert Comment

by:Jan B. Michanek
ID: 8064451
AMITSEHGAL80, I assume you talk about the the Norton Antivirus Corporate Edition which now is Symantec Antivirus Corporate Edition which works fine as I have mentioned. But there are other e-mail systems than Exchange/explorer & Notes...
0
 

Expert Comment

by:mobhistory
ID: 8247953
We have had great results with Trend Micro AV.  Not going to start a sales pitch, but on a nationwide network with 1600+ laptop/desktops, and 120 servers we have not been let down yet.
0
 

Expert Comment

by:CleanupPing
ID: 9070847
Niall101:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses
Course of the Month14 days, 20 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question