• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 481
  • Last Modified:

Looking for recomendations: Antivirus Solutions for my Network

Hey everyone.

I have 3 main servers, all 2003, one is a fileserver, one is the domain controller with exchange 2003 and the 4rd is a Citrix Machine serving local lan and a remote office.

I have upto 50 workstations on the network and around 10 of them are notebooks.

Im looking for a complete solution, and dont mind using different packages. Preferably I want reliable low resource chewing server protection, will run a SMTP antivirus for Exchange (currently trialing GFi) and then i want the workstation to update off a local server periodically and not from an internet server as i want to conserve bandwidth and data,however would also like the ability for notebooks to be able to update when outside the network from the internet.

price isnt really a major factor but like to keep costs down and retain budget.

So has anyone got any suggestions, opinions or general idea's?


Thanks and look forward to your repsonses. Im putting up 500 points and will probably split it? unless someone can anser everyhting all in one!! :)
0
subdued
Asked:
subdued
2 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Everyone's got horror stories and success stories.  I'd recommend McAfee VirusScan Enterprise.

You get the exchange component, clients, and servers all covered for something like $40/each for two years of coverage, if I remember my pricing correctly.  Pricing aside, I prefer McAfee for the following reasons:

1.  I can't remember the last time (and I've used it for 10 years) I had an issue where the McAfee software interferred with something.  A Service Pack problem, a software package that wouldn't run - I cannot remember a single instance.  Could have happened, but shows how rare this is.  On the other hand, I've had lots of issues with Norton causing conflicts with certain programs and updates.
2.  1.25 years ago there were several virus outbreaks that hit the news.  we used McAfee and were relatively secure.  I went and checked Norton and it took them a complete day longer to publish virus definitions to clean the virus.  McAfee had them within hours.  (Norton did publish a manual tool you could use, but it wasn't an automated thing and in a large environment, that's a problem).
3.  I've pushed installs/updates via Active Directory easily and the "Installation Designer" that's included with Enterprise allows you to preconfigure numerous settings to prevent users from disabling things, etc.

I haven't tried very many other products, but have been quite happy with my experience with McAfee.
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
I have installed and used Symantec AntiVirus Corporate Edition on numerous networks.  It works like a champ and has never let me down and I've never suffered any infections.  You can have 1 or numerous servers take care of all the workstations.  I currently have my AntiVirus server updating itself once a day, but you can set it to do constant updates with a broadband connection.  I have my workstations checking every 6 hours for updates from the server.  It does the real time protection as well as scheduled scans.

For Exchange, I'm currently using the Symantec Mail Security for Exchange.  If offers Email and Spam protection in 1 package.  I've been very happy with it.

With Symantec, on the networks I've setup, including the City I'm working at now, Symantec stays up to date, my workstations and servers stay protected and I don't have to worry about it.
0
 
shahrialCommented:
I'm with samccarthy, I had installed Symantec AntiVirus Corporate Edition v9.0 on our networks.  It works great.  I had configured one antivirus server on each site which updates itself daily, all other PCs, notebooks, mobile devices get the updates from their respective AV servers. We had used McAfee before, it had caused problems on our server and some workstation installation.

After switching to Symantec, it's running fine. Our AV setup solution are fully automated. For Exchange, use Symantec Mail Security for Exchange. As samccarty mentioned, it's a good product.

You might want to consider the Trend Micro comprehensive range of products....too.
http://www.trendmicro.com/en/products/global/enterprise.htm

...;-)
 

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Lee W, MVPTechnology and Business Process AdvisorCommented:
shahrial - what problems did McAfee cause for you?  As I've said I never saw any - and we used 35+ servers, 600 workstations, and exchange servers and rarely had any issues.  (I'm not longer with the company, but I know they still use and are happy with it.
0
 
VirusMinusCommented:
As leew put it, everyone's got different opinions about the same products.

However after a few months research and trialing of various products I have come to the conclusion that Eset NOD32 is the best product out there.

It is the most responsive antivirus i've seen on the market, they sometimes release two / three updates a day. The respond to latest antivirus threats within days and NOD32 has the smallest footprint, and least resource usage among other major products. Their heuristics are excellent too, catching most vir. before they update their definitions.

Heres some documentation ->
http://www.antivirus-software.net/awards.shtml
http://www.virusbtn.com/vb100_award/archives/products.xml?table
http://antivirus.about.com/cs/antivirusvendors/p/eset.htm

You'll find a list of products to suit your needs here ->
http://www.nod32.com/products/products.htm

You can get the enterprise edition for your network and mail servers for updating off a local server and licences for laptops etc. that would update off the internet

The next best product IMO was Kaspersky AntiVirus.

Norton is often called bloatware, hogs too much of your system resources. McAffee is not far off Norton. Both are pretty slow in responding to new threats and release patches/fixes/tools for viruses they can't handle. Their heuristics also not matching up to NOD32 in catching unknown / new wild viruses as documented in the Virus Bulletin Tests.
0
 
Cyber-DudeCommented:
Wow, its a big one;
My reccomendations are as follows:
At first, the product should be Norton AntiVirus Corp edition. The architecture should be as follows:

[LAN]<==>[Windows 2003 - Norton AntiVirus Server]
                 [Exchange Server 2003 - Norton Client for Exchange Server]
                 [LAN]============[Firewall]==========[WAN]
                                                          ||
                                                       [DMZ]
                                                   [Mail Relay - Norton Gateway]
If you have the chance; DO NOT INSTALL AV on the Exchange Server...

hope that helped in some sort

Cyber
0
 
RobnhoodCommented:
If you do install any anti-virus software on an exchange server make sure you exclude the exchange server folders.
0
 
fixnixCommented:
Picking the best AV solution is like picking the best election candidate.  People have experiences with almost every product ranging from blind faith to substantiated claims of threats avoided to blatant breakage.  It's a religious battle for some.  Personally, from only my perspective, I'm a Kaspersky fan.  Updates are released every 3 hours, and I've personally never had a problem cleaning up client's already-infected machines with it.  It is more expensive than many, and a definate resource hog therefore not practical for machines already seeing heavy use at peak operation times.  Nod32 is far more resource-friendly and not too long ago had an incredible reputation for not letting things slide by as well as quick definition updates for new threats.  I've seen studies recently claiming Nod32 is no longer as good however (although statistics can easily be manipulated and there is no way to tell just how "independant" 3rd party self-proclaimed imparitial tests are).  I've got one email address that is public on a fairly high traffic website...that account gets around 100 emails daily that have attached or imbedded viruses and trojans.  A Nod32 scan caught about 2100 of the 2350 or so viruses.  The 10% that went unnoticed could be broken or corrupted code that aren't threats, anyway, and I'm not in a position to run the remaining 250 to see if they are working exploits.

As for Norton Corp AV, that's what we have at our office as well as some of my clients.  We've had spyware problems about 6 months ago when a temp was working in our office and used IE instead of Firefox, but that's not Norton's fault since we're still on version 7.0 which has no spyware detection engine.  I've definately had problems with clients that ran Norton's home version of AV be it standalone or part of their "internet security package".  Norton is easy to disable.  Here's something I just received today on an email list:

Hi All,

I have major issues with the quality of Norton AntiVirus.  For some
history, see:

  http://seclists.org/lists/fulldisclosure/2004/Oct/0540.html
  - Norton AntiVirus 2004 Script Blocking Failure (Rant and PoC enclosed)

  http://seclists.org/lists/fulldisclosure/2004/Oct/0775.html
  - Norton AntiVirus 2004/2005 Script Blocking Redux

Symantec's Response to this issue: (From a week ago)

"ScriptBlocking is intended to provide proactive detection against
script-based worms and this component of Norton AntiVirus has been
effective at doing this since its introduction in 2001"

Huh?

Below is a 'typical' script-based virus that Norton AntiVirus will allow
a user to run, without *any* intervention on NAV's part whatsoever.
It's likely that code similar to this is already appended to
script-based threats/worms to assist their penetration in the wild.

In a nutshell, here's what it does:

On Reboot it sets...

1) The NAV Auto-Protect Service to DISABLED
2) A registry key to Uninstall Script Blocking
3) Creates, launches a VBScript file to d/l the EICAR AV 'test' virus
4) Launches the EICAR.COM test pattern a few seconds later

....Then Reboots your computer.

The following code was tested under WinXP and a fully LiveUpdated NAV
2005 using a broadband Internet connection.  Should be fine for Win2000
and NAV 2004 as well.

--------------//// BEGIN DISABLE_NAV.VBS ////-----------------

 (code snipped as it probably violates terms of use for this site)


Personally, I don't trust Norton nor Maccrappy personal nor corp versions...but that's just my opinion based on disabling/bypassing exploits I've seen such as above.  I'd recommend Kaspersky and upgrading the machines that ran too slow after an install, but of course that is completely unrealistic depending on budget and company policies.  In fact, budget is what it will come down to.  Norton or Maccrappy might very well be your best choice and offer you the best protection you can get for the money...just don't think you're 100% protected.  No AV solution can offer 100% protection in all environments.  In the past month, I've seen new viruses that each of the major players were the only ones to detect.  Maccrappy won a round, Norton, Nod32, and Kaspersky also won a round here and there among others.

There are also AV solutions that use multiple AV engines and defs.  Those sound like the best to use, but I know nothing of which vendors offer such products nor what their pricing is therefore I can't offer a yay or nay on any of them.  For me, Kaspersky hasn't ever let me down and that's what I'll stick with until I have reason to search for something better.  Others say the same of other products.  I gave you my $0.02 and you're free to take it or leave it :)....just as long as you are making an educated decision you're comfortable with, hopefully based on other users substantiated claims and not their blind faith.  (note I'm not suggesting any prior post here was based on blind faith...nor am I saying none of them were.  Just be aware of the possibility and scrutinize the excellent advice all have given you to arrive at *your* best decision.)  Good luck!

(As for Exchange....that's an animal I have been lucky enough to not have to admin.  If I never have to see an exchange box running on any of my networks, I'll die happy.  I have played with Exchange-for-Linux tho, but  I can't offer any suggestions about exchange.)  
0
 
subduedAuthor Commented:

Thanks everyone for the information !!!


Thanks VirusMinus and fixnix! Gave me some great food for thought, Going to look at the costings of Kaspersky and NOD32.

0
 
VirusMinusCommented:
Good choices!

Cheers
-VM
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now