KABOOM
asked on
HELP! Anti-virus software in multi-OS environment
I'm in the process of deciding which anti-virus solution is best for our company but i'm curious to know what people are using at their workplace. Basically, our criteria is this:
1. Good vendor support
2. We have many different servers running many different operating systems (ie: Windows, Novell Netware, Linux, HP-UX, etc)
3. Centralized anti-virus management
4. Work for multiple subnets
5. Will work for servers, workstations, laptops
6. User friendly
* Cost isn't really an option.
1. Good vendor support
2. We have many different servers running many different operating systems (ie: Windows, Novell Netware, Linux, HP-UX, etc)
3. Centralized anti-virus management
4. Work for multiple subnets
5. Will work for servers, workstations, laptops
6. User friendly
* Cost isn't really an option.
Personally I would advise against Norton recently I had a problem with a virus known by Trend Micro as Sdown.A which is a backdoor program that Norton did not detect even after trying to submit the virus to them through their automated system in their software it told me it could not submit it because the file was not infected. They want to currently charge me to be able to ask them why I am paying for monthly updates if it is not catching things they have said several times I have to talk to their virus technicians and they only way to do that is through paid phone support.
Also Norton failed awhile back in detecting Back Orifice which is another backdoor trojan program. It may protect against standard worms and viruses by in the field of trojans and backdoor programs it fails miserably.
If anyone wants to put their norton to the test I will send them the file that I pulled off the system that contains the Sdown.A and I can gurantee it will not pick it up. I just tried it yesterday to see and it still did not pick it up.
In addition when I was unable to send this to them automatically I downloaded their SARC submission system which created a temp directory on my hard drive where it saved the virus submission (which is shouldn't do this) The file was on diskette and I simply was pointing SARC to the diskette it took it off the diskette put into a temp file never deleted the temp file sent it off to symantec (Norton) after several program crashes. I still have not heard back from their virus lab people it has been almost 2 weeks. In addition the only reason why I know SARC saved this file is because the other day I ran Trend Micro's Housecall because I am not relying on NORTON anymore... and it picked it up in a directory called SARC which is Symantec's virus submission program. (I have screen shots to prove this).
In addition their are several Viruses out there such as Klez that can break through Norton and overwrite it's NPROTECT.EXE so that it acts like it is really working but in reality it is doing nothing!
So I would advise highly against NORTON...
Trend Micro's Housecall has highly impressed me with how fast and how many things they look for they look for Browse Hijackers also which Norton does not do. Trend Micro picked up that I had JS.Fortnight on my system - Norton did not!
I am just giving you my experience with Symantec... the support is not there and they do not seem to pay attention to Browser Hijackers or Backdoor Trojans both of which could cause serious problems / damage in a corporate enviroment.
If you asked me 2 weeks ago who to go with for Anti Virus I would have said Norton in a blink of an eye now I would say stay away.
Call it a crazy idea but........
I would say the best way would be to do your own little test... go up on Kazza or another P2P file sharing network and start downloading all sorts of things you will come across many viruses up there. This is the best test... Setup a lab computer not connected to the rest of the network and that does not have pertinent data on it get trial versions of several vendors software. Start downloading tons of executables from Kazza, Gnutella, WinMX etc..... ... download them into a folder called "anti virus test" or something to that affect fill it with at least 600MB of executables try to get small executables off of the P2P networks. make a copy of all the files you downloaded by burning them to CD...
Now run one of the trial versions of the anti virus applications and see what it identifies and repairs/deletes. then after it is done write down what it found or print out the log then reload the bad programs back into the test folder run another anti virus application and run the test again.
This will give you a "real world" real results test.
Also Norton failed awhile back in detecting Back Orifice which is another backdoor trojan program. It may protect against standard worms and viruses by in the field of trojans and backdoor programs it fails miserably.
If anyone wants to put their norton to the test I will send them the file that I pulled off the system that contains the Sdown.A and I can gurantee it will not pick it up. I just tried it yesterday to see and it still did not pick it up.
In addition when I was unable to send this to them automatically I downloaded their SARC submission system which created a temp directory on my hard drive where it saved the virus submission (which is shouldn't do this) The file was on diskette and I simply was pointing SARC to the diskette it took it off the diskette put into a temp file never deleted the temp file sent it off to symantec (Norton) after several program crashes. I still have not heard back from their virus lab people it has been almost 2 weeks. In addition the only reason why I know SARC saved this file is because the other day I ran Trend Micro's Housecall because I am not relying on NORTON anymore... and it picked it up in a directory called SARC which is Symantec's virus submission program. (I have screen shots to prove this).
In addition their are several Viruses out there such as Klez that can break through Norton and overwrite it's NPROTECT.EXE so that it acts like it is really working but in reality it is doing nothing!
So I would advise highly against NORTON...
Trend Micro's Housecall has highly impressed me with how fast and how many things they look for they look for Browse Hijackers also which Norton does not do. Trend Micro picked up that I had JS.Fortnight on my system - Norton did not!
I am just giving you my experience with Symantec... the support is not there and they do not seem to pay attention to Browser Hijackers or Backdoor Trojans both of which could cause serious problems / damage in a corporate enviroment.
If you asked me 2 weeks ago who to go with for Anti Virus I would have said Norton in a blink of an eye now I would say stay away.
Call it a crazy idea but........
I would say the best way would be to do your own little test... go up on Kazza or another P2P file sharing network and start downloading all sorts of things you will come across many viruses up there. This is the best test... Setup a lab computer not connected to the rest of the network and that does not have pertinent data on it get trial versions of several vendors software. Start downloading tons of executables from Kazza, Gnutella, WinMX etc..... ... download them into a folder called "anti virus test" or something to that affect fill it with at least 600MB of executables try to get small executables off of the P2P networks. make a copy of all the files you downloaded by burning them to CD...
Now run one of the trial versions of the anti virus applications and see what it identifies and repairs/deletes. then after it is done write down what it found or print out the log then reload the bad programs back into the test folder run another anti virus application and run the test again.
This will give you a "real world" real results test.
briancassin- I'd love to try it...make a believer out of me, cause I run this at home as well.
My email is in my profile. :)
My email is in my profile. :)
I use norton too, but recently i had a virus that was only detected when i did an online scan (suing norton online scan). the thing is, if you miss an update and norton is unable to catch the virus, you are outta luck. the virus goes undetected (my experience). i still like norton, but then again i own it and don't have extra $$ to buy another prog. i would just make sure you have live update enable at all times and test norton from time to time (sounds like a pain? tell am about it!)
I always have live update active the thing is automatic live update only goes out every wed. to download updates that is the way they have it configured it is not modifiable. The only true way is to run it manually everyday which I do but it still does not catch things. Also once of the nice utilities they had when I was on windows ME is now a thing of the past because it does not run on XP is their Rescue Disk set. This was great especially for troubleshooting at client locations but now I get Internet connection established and go to http://Housecall.trendmicro.com
sirbounty what would you love to try ?
>>If anyone wants to put their norton to the test I will send them the file that I pulled off the system that contains the Sdown.A and I can gurantee it will not pick it up. I just tried it yesterday to see and it still did not pick it up. <<
I'm up for the challenge... :D
I'm up for the challenge... :D
ASKER
Thank you everyone for the response but I think we are getting a bit off topic on my question.
We use Mcafee at our place.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We use the Managed server SAV product in our corp environment of over 40K clients.
Happy to say we've been among the few corps that have missed a lot of the worms and recent outbreaks...even had the Atlanta-based CDC calling to ask us "how we did it" :D
Of course, it has a lot to do with other protections as well - firewalls, etc.
That's my .02