Solved

HELP!  Anti-virus software in multi-OS environment

Posted on 2004-04-28
13
389 Views
Last Modified: 2013-12-06
I'm in the process of deciding which anti-virus solution is best for our company but i'm curious to know what people are using at their workplace.  Basically, our criteria is this:

1. Good vendor support
2. We have many different servers running many different operating systems (ie: Windows, Novell Netware, Linux, HP-UX, etc)
3. Centralized anti-virus management
4. Work for multiple subnets
5. Will work for servers, workstations, laptops
6. User friendly

* Cost isn't really an option.
0
Comment
Question by:KABOOM
13 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 10945420
I'll be the first to say Norton (but I'm sure I won't be the only respondant!)
We use the Managed server SAV product in our corp environment of over 40K clients.
Happy to say we've been among the few corps that have missed a lot of the worms and recent outbreaks...even had the Atlanta-based CDC calling to ask us "how we did it" :D
Of course, it has a lot to do with other protections as well - firewalls, etc.

That's my .02
0
 
LVL 21

Expert Comment

by:briancassin
ID: 10945530
Personally I would advise against Norton recently I had a problem with a virus known by Trend Micro as Sdown.A which is a backdoor program that Norton did not detect even after trying to submit the virus to them through their automated system in their software it told me it could not submit it because the file was not infected. They want to currently charge me to be able to ask them why I am paying for monthly updates if it is not catching things they have said several times I have to talk to their virus technicians and they only way to do that is through paid phone support.

Also Norton failed awhile back in detecting Back Orifice which is another backdoor trojan program. It may protect against standard worms and viruses by in the field of trojans and backdoor programs it fails miserably.

If anyone wants to put their norton to the test I will send them the file that I pulled off the system that contains the Sdown.A and I can gurantee it will not pick it up. I just tried it yesterday to see and it still did not pick it up.

In addition when I was unable to send this to them automatically I downloaded their SARC submission system which created a temp directory on my hard drive where it saved the virus submission (which is shouldn't do this) The file was on diskette and I simply was pointing SARC to the diskette it took it off the diskette put into a temp file never deleted the temp file sent it off to symantec (Norton) after several program crashes. I still have not heard back from their virus lab people it has been almost 2 weeks. In addition the only reason why I know SARC saved this file is because the other day I ran Trend Micro's Housecall because I am not relying on NORTON anymore... and it picked it up in a directory called SARC which is Symantec's virus submission program. (I have screen shots to prove this).

In addition their are several Viruses out there such as Klez that can break through Norton and overwrite it's NPROTECT.EXE so that it acts like it is really working but in reality it is doing nothing!

So I would advise highly against NORTON...

Trend Micro's Housecall has highly impressed me with how fast and how many things they look for they look for Browse Hijackers also which Norton does not do. Trend Micro picked up that I had JS.Fortnight on my system - Norton did not!

I am just giving you my experience with Symantec... the support is not there and they do not seem to pay attention to Browser Hijackers or Backdoor Trojans both of which could cause serious problems / damage in a corporate enviroment.

If you asked me 2 weeks ago who to go with for Anti Virus I would have said Norton in a blink of an eye now I would say stay away.


Call it a crazy idea but........
I would say the best way would be to do your own little test... go up on Kazza or another P2P file sharing network and start downloading all sorts of things you will come across many viruses up there. This is the best test... Setup a lab computer not connected to the rest of the network and that does not have pertinent data on it get trial versions of several vendors software. Start downloading tons of executables from Kazza, Gnutella, WinMX etc..... ... download them into a folder called "anti virus test" or something to that affect fill it with at least 600MB of executables try to get small executables off of the P2P networks. make a copy of all the files you downloaded by burning them to CD...
Now run one of the trial versions of the anti virus applications and see what it identifies and repairs/deletes. then after it is done write down what it found or print out the log then reload the bad programs back into the test folder run another anti virus application and run the test again.

This will give you a "real world" real results test.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10945544
briancassin- I'd love to try it...make a believer out of me, cause I run this at home as well.
My email is in my profile.  :)
0
 
LVL 1

Expert Comment

by:elharagan
ID: 10945618
I use norton too, but recently i had a virus that was only detected when i did an online scan (suing norton online scan). the thing is, if you miss an update and norton is unable to catch the virus, you are outta luck. the virus goes undetected (my experience). i still like norton, but then again i own it and don't have extra $$ to buy another prog. i would just make sure you have live update enable at all times and test norton from time to time (sounds like a pain? tell am about it!)
0
 
LVL 21

Expert Comment

by:briancassin
ID: 10945650
I always have live update active the thing is automatic live update only goes out every wed. to download updates that is the way they have it configured it is not modifiable. The only true way is to run it manually everyday which I do but it still does not catch things. Also once of the nice utilities they had when I was on windows ME is now a thing of the past because it does not run on XP is their Rescue Disk set. This was great especially for troubleshooting at client locations but now I get Internet connection established and go to http://Housecall.trendmicro.com
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 21

Expert Comment

by:briancassin
ID: 10945651
sirbounty what would you love to try ?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10945655
>>If anyone wants to put their norton to the test I will send them the file that I pulled off the system that contains the Sdown.A and I can gurantee it will not pick it up. I just tried it yesterday to see and it still did not pick it up. <<

I'm up for the challenge... :D
0
 

Author Comment

by:KABOOM
ID: 10946171
Thank you everyone for the response but I think we are getting a bit off topic on my question.  
0
 
LVL 21

Expert Comment

by:jvuz
ID: 10946413
We use Mcafee at our place.
0
 
LVL 21

Accepted Solution

by:
briancassin earned 25 total points
ID: 10946442
agreed,

KABOOM,

Like I said before a live test run would be your best bet. Or even trying several evaluation versions of different companies software.

Every answer you are going to get here is going to be opionated one way or another. Their will be some that agree and some that disagree however just because people agree on an anti virus solution does not necessarily make it the best choice it is what they like for whatever reason. Just like if 100 people jumped off a bridge is it the right thing to do just because 100 people did it ? If they really like it they may quantify that reason in any manner which can lead to skewed information.
I personally take the see it to believe it approach and try the software test it, try to break it to see what it will do before I purchase it.

There are many vendors out there this is a shortlist of the top ones out there currently

http://www.Sophos .com
http://www.Symantec.com
http://www.F-Prot.com
http://www.mcafee.com
http://www.TrendMicro.com
http://www.pandasoftware.com
http://www.grisoft.com
http://www.kaspersky.com
http://www.f-secure.com
http://www.avast.com/
http://www.bitdefender.com
http://www.cisco.com <---- if money is not an object you could look into a cisco self defending network... They are world renowned for network hardware and would probably have no problem working across all platforms.
0
 
LVL 2

Assisted Solution

by:tdmgtech
tdmgtech earned 25 total points
ID: 11016832
We use McAfee Viruscan, NetShield, and e500 Application server.  All the components are tied together via the EPO server.  From the EPO server I can see what is installed on my machine, what definitions they have, versions of software etc.  The server handles all the updates for defintions and requires the workstations to pull updates and reguarly scheduled intervals.  It will alert me if there is an infection or outbbreak.  The E500 server is rock solid, running on linux, and stops untold hundreds of virus prior to it getting to the workstations.  The virusscan is there to protect the frontlines at the workstation level.  The cost is very reasonable for the McAfee solution, with the excetpion of the eapplicance which is pricy but worth it.  I loved Norton at home but it has failed a few times and I trust McAfee here in the office.  
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now