Solved

Best Antivirus Software for Servers and Clients with Active directory

Posted on 2006-07-05
23
1,471 Views
Last Modified: 2007-12-19
We are currently running Symantec AntiVirus 9 Corp and looking to upgrade to something better. What would you recommend?
0
Comment
Question by:lgropper
  • 8
  • 5
  • 4
  • +4
23 Comments
 
LVL 5

Accepted Solution

by:
mistymisty earned 85 total points
ID: 17081200
I like Panda BusinesSecure and have been switching my customers from Symantec to this.  It doesn't seem as easy to setup as Symantec, but I like the centralized install and administration.  They update everyday and do a fantastic job of removing spyware so I'm pretty pleased with them so far.  You may want to check this post also though as they are talking about the good and bad of Panda:  http://www.experts-exchange.com/Applications/Viruses/Q_21910724.html
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 83 total points
ID: 17256114
I've been using McAfee/NAI ePolicy Orchestrator (ePO) for almost 5 years and recomend it every chance I get.
It is scalable (several 100,000+ host networks) and configurable (settings, scans, updates, etc) for all time zones and all functions.
My networks have typically been in the 1,500 - 2,000 host range.
On a daily basis, 100% of my computers (that have touched the network in the past 24 hours) have the most current definition files.
The detailed information (hardware, software, firmware, user info) collected from the 'agent' running on the remote host is enough to make even a crusty old Security Manager smile.
I have gone through four NT - AD migrations. Two with ePO and two without. The grunt work involved in the migration is probably halved with it.
BTW - asking Security folks which is the 'best' anything is bound to raise a ruckus.
The efficacy of several applications is about even - AT THE HOST LEVEL.
Nothing I've seen (11 years in Network Security) matches up to ePO.
And it is configurable (repeat) for % of processor used and time of scans
0
 
LVL 16

Assisted Solution

by:legalsrl
legalsrl earned 83 total points
ID: 17358600
I just came on here to agree with  younghv....

He's right....McAfee is the best by far......

We don't use anything else as nothing else comes close to McAfee's product......plus...it will remove Symantec for you automatically when you come to update it

Let us know if you need further advantages of the McAfee software

Thanks
Si
0
 
LVL 38

Expert Comment

by:younghv
ID: 17438615
lgropper,
Any thoughts on what we've suggested here?
Vic
0
 
LVL 3

Assisted Solution

by:jamhawks
jamhawks earned 83 total points
ID: 17510334
Go for Sophos Enterprise! http://www.sophos.com/products/es/
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17510352
Don't waste your time with Sophos....all my clients who have used Sophos changed to McAfee's ePO and VirusScan Enterprise 8.0i as its the best
0
 
LVL 2

Assisted Solution

by:Jeffesmi
Jeffesmi earned 83 total points
ID: 17657007
If you are a smaller shop, you might consider AVG Network Edition (http://www.grisoft.com). It provides remote install capabilities, remote monitoring, push/lock user/workstation settings.  I've been very happy with it.  They just updated to 7.5, and I haven't had a chance to upgrade any of my clients, but some of the benefits:

- Good value tends to be much less expensive than Norton/McAfee/Trend
- 2-years of signature updates for less than the cost of other major brands 1-year (LOVE THIS!!!)
- Lower CPU drag (i.e. doesn't slow your system as much)
- Free home version you can tell your employee about (http://free.grisoft.com)
- Have Exchange Server Edition
- Support Windows & Linux workstation/servers
- No additonal fee for servers... servers count as one license just like workstations
- Companion seats of Ewido Anti-spyware available
- They also have a firewall product that comes with the network edition, but truthfully, I've never implemented it. For small networks with a perimeter firewall, I find the Microsoft firewall to be sufficient.

With the release of 7.5, (like yesterday or so), they also included an internet suite with (AV, Anti-spy, spam, firewall, etc.) I haven't looked at this product suite yet, but they do have a network edition of this.

AVG is scalable to a larger platform, but I can't talk about that.  My clients range from 1-user to 20-users. Most of my larger clients are running AVG Network and are happy with it.  I am also very happy with it.

Best Wishes,

Jeffery Smith
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17657720
Personally, I wouldn't waste my time with AVG....protection is not something I would suggest to any of my clients that they scrimp and save on.

Just look through the posts on EE and see who runs AVG and Symantec and the problems they face.....Symantec causes more problems than it's worth and people who run AVG still get viruses and malware.

Here are the features of McAfee VirusScan Enterprise

Buffer Overflow Protection
Automatically Block Infected Computers
Resumable updates/upgrades
In memory scanning
Per-process Scanning
Laptop Battery Detection
Repair Registry
Active Directory Support
Universal Management Console

Add in McAfee AntiSpyware as well and you get

Full Spyware protection
Rootkit detection and removal
OAS Cookie detection

Also, Virusscan now features new technology that prevents malware from disabling the real time scanner

Now, unless any other package does all the above, then I'm sticking with McAfee...I'd welcome comments from the other experts if they know of a package that does all of that.  I know for a fact that Symantec doesn't do all of this !

With Total Protection for Enterprise, you also get the following

VirusScan Enterprise
ePO (management tool)
Host Intrusion Prevention (IPS for the Desktop and Server)
Groupshield (mailserver protection)
Webshield (SMTP Scanner)
Anti-Spyware
SpamKiller

Now that is a protection package for the entire network.  All for the price of a Symantec licence.

I would still like to hear from experts who think their package matches up.

Cheers
Si

0
 
LVL 2

Expert Comment

by:Jeffesmi
ID: 17659198
  I have to say that none of my clients running AVG have viruses running rampant.  Also, there is a difference between scrimping and throwing away your money.  There is no doubt that McAfee is an excellent product.  I'd also have to say that Norton has it's place in the AV market.  However, there is no one perfect solution for all offices.  As to posts about trouble with AV products, all products have problems listed here.  Saying look at one and ignore the others seems a bit tilted to me.  The one thing I can't stand is when people "do the research" and declare this is the best for all situations.  There is no such thing as "the best for all situations."  

I have to defend my recommendation a bit, so here goes:

Awards & Certifications for AVG:
    http://www.grisoft.com/doc/37/lng/us/tpl/tpl01

As to spyware, I thought we were talking about an anti-virus product. These are two different classes of threats.  Even with McAfee, to get a full spyware protection solution, you have to buy the Internet Security vs. the Anti-virus product which cost more $$$.  The same is true with AVG.  AVG and Ewido anti-spyware are partnered/joined/owned (I don't know the specifics).  You can buy AVG Internet Protection which includes AV, anti-spyware, spam (i believe), firewall, etc.  

And Lastly, In my opinion, both Norton and McAfee put a SERIOUS drag on computer resources.  I have found that AVG does an excellent job without making your computer run like last years model.  I have clients with Norton Corporate, McAfee, and several that I've moved to AVG.  I've seen them all run in different venues with different classes of computers, and I've found AVG to be excellent where I've applied it.  In high-threat areas where spyware is an issue, I implement it with Ewido companion seats, and now that 7.5 has an Internet Security Suite, I'm sure that I will implement that where needed.  Yes, AVG Internet Security Network Edition includes everything you mentioned:

-Anti-Virus protects from viruses, worms and trojans
-Anti-Spyware protects from spyware, adware and other malicious programs
-Anti-Spam filters spam and protects against phishing attacks
-Firewall protects from hackers
-Centralized Management and Installation
-Email scanning

Marketing:
-IDS is just a specialized firewall implementation in McAfee
-Web shield is just specialized anti-spyware/web-bug implementation

I don't want to start a flame here, but saying everything else sucks, this is the best is a bit arrogant. We should be posting REAL information, not, "Symantec causes more problems than it's worth and people who run AVG still get viruses and malware."  If you have a real bit of information about specific threats that other products don't defend against, post the information, not innuendo. I.E.:

     http://www.securitystronghold.com/active-shield/active-shield-mcafee.html
     http://news.com.com/5208-1002-0.html?forumID=1&threadID=14866&messageID=124040&start=-1
     http://forums.mcafeehelp.com/viewtopic.php?p=386568&sid=29cb7337a83e4f4b7fb32a6593302db2
     http://www.experts-exchange.com/Applications/Email/Q_21445354.html?query=mcafee&clearTAFilter=true
*   http://www.experts-exchange.com/Applications/Viruses/Q_21525045.html?query=mcafee&clearTAFilter=true
     http://www.experts-exchange.com/Security/Win_Security/Q_20997831.html?query=mcafee&clearTAFilter=true

LGROPPER,
     Don't get me wrong here, McAfee is an excellent product.  I just wanted to let you know that it's not the only product, and it's not even the best product.  You have to look at your needs. You can try a full edition of AVG for 30-days, I'm sure that Norton and McAfee have similar programs.  You might want to try them if you have the time and resources. Otherwise, you have to figure out which of us "know it all's" is right.  Good Luck with that. :-)
     
Best Wishes,

Jeffery Smith
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17659490
Hi Jeff,

Thanks for the comments....I'm not saying everything else sucks.....I invited people to post their links if their software did everything McAfee did.

With regard to the comment about clients not having viruses running around.....how do you know that ?  How do you know that there is a program using Buffer Overflow exploits to run malicious code......with AVG you wouldn't know about it as it can't protect against them.

You are also making a reference to Internet Security....that is the home user product.

We're not talking about Home User software here, we're suggesting ways to protect a business.

The Business package would be Total Protection for Enterprise which does include all the products i mentioned above.
Please check your facts before attempting to compare home user and business class software........home users, yes, AVG will probably do the job, but it's not up to a business environment.

AVG doesn't protect against Buffer Overflow exploits.....that's just fact.....

Within ePO or Protection Pilot, you can limit the processor usage from 10% to 100% during scanning, both full disk scanning and on access scanning, so there is no way that it can drain a system.....I just suspect that you were not aware of how to set it up and configure it properly.

Thanks
Si
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 38

Expert Comment

by:younghv
ID: 17661354
I continue to stand by everything that has been said about the McAfee line of products.
I've been doing Network Security on substantial Domains (1,500 - 2,500 systems) for almost 10 years all over the world and have tried about every product out there.

I would also include a quote from my earlier post:
"BTW - asking Security folks which is the 'best' anything is bound to raise a ruckus."

It's ruckus time.

Vic
0
 
LVL 2

Expert Comment

by:Jeffesmi
ID: 17665312
legalsrl,

I stand corrected.  The correct name for the product that has all of the features you listed is, "Total protection for Enterprise-Advanced" which lists the number of users as 250 or more.  

     http://www.mcafee.com/us/local_content/brochures/bro_tops.pdf

I hope they have a good sized office or they will be paying a large premium for the features you listed.  Otherwise, they are looking at "Total Protection for Small Business Advanced" which does not include Desktop host intrusion prevention or email server anti-spam.  I don't know which one lines up with their needs because I don't know how many users on their network.  That is why I premised my comment with "if you are a smaller shop."  I'd just hate to give advise to someone without actually knowing what their situation is, and scaling my advice to their needs.  The facts are neither of us have enough information to give advise to lgropper without more information.  The facts are that AVG is a corporate level Anti-virus used by many large companies, see:

http://www.grisoft.com/doc/37/lng/us/tpl/tpl01

Buffer Overflow exploits are not the end all in security threats. First the attack has to target a port that your firewall has open, second, the attack has to be one that the MS security updates hasn't patched, and third, the attack has to subvert your system with programs or code that won't trigger a firewall alert, malware alert, virus alert, or make your system completely unstable.  How about rootkits?  Isn't that a much bigger threat than buffer overflows?  Once those are perfected, the only way to detect them will be to boot to another operating system on a clean disk.

I'm talking about overall system degradation. If you limit the usage to 10% don't you risk a virus slipping through as the process scales back during a heavy load?  What is your baseline machine?  Dual-core? P4 3Ghz w/ HT?  PIII 1.2GHz?  How do you think McAfee full suite would run on a PIII 1.2 Ghz with 256MB of RAM?  Would it run with all of the bells and whistles running?  I've got clients with PIII 1.2 Ghz/256MB of RAM running with AVG 7.1 and Ewido.  I wonder what lgropper's systems look like?  How many users?  Server specs?  This would be great information before telling him/her that McAfee Internet Security (Oops, "Total protection for Enterprise-Advanced") is the best product.

I remember back around 1998 when I was working on a 1200-user network as the email administrator.  Our network came to a crawl and then collapsed?  Buffer Overflows, you ask?  No, a McAfee patch that directed all of the McAfee 4.? (can't remember the specific version) clients to communicate with their peers to find out who the server was or something along that line.  8 segments  and 1200 users offline while the desktop support, my mail support crew and every other able bodied technician ran around two buildings from desk to desk to apply a patch and update a registry entry.  If it hadn't taken the entire network down, we could have done it remotely using several different tools.  I'll tell you the same thing I told the management when they were clamoring to remove McAfee completely and move to the Trend system.  "Don't do it.  McAfee is an excellent AV program.  It is scaled well to our environment, and other than this one fairly large hiccup has worked well for us.  Putting thousands of dollars and man hours into rolling out a new system is ludicrous."  Of course I knew we had 1200 workstations, almost 100 servers, multiple sites connected by MANs and WANs.  I gave good advice then, and good advice now.  AVG is an excellent small business platform with every feature of McAfee Internet Security-Small Business Edition (or whatever you want to call it).  It has an excellent record of virus detection, it detects many suspicious programs (i.e. spyware) and with Ewido provides an excellent small business protection suite.  It is not the end-all be-all, but it is not worthless or even limited in the business environment.  It is a product well worth considering along with McAfee, Norton, Trend, ***Just no PANDA--horrible tech support, no guarantee of satisfaction, no return policy, ACK***.  Just say no to PANDA!!!  Anything else is fine. :-)

Younghv, we are ruckusing, we are having a healthy discussion on pros and cons of different anti-virus programs. ;-)

Best Wishes,

Jeffery Smith

P.S.  I would like everyone to note that I have not once said anything negative about McAfee in this discussion. McAfee is an excellent program. I do STRONGLY disagree with the statements made about AVG and Norton.  Neither are horrible programs.  I feel that the individual making those statements about "only good for household use" is just misinformed, and I'm trying my best to lead them into a more enlightened view of anti-virus products where it isn't assumed that everyone is running a 600-workstation network with a server farm and massive IT budgets.  Of course with the one note that PANDA is a horrible program that should not be bought EVER by ANYONE for ANY REASON. {snicker}
0
 
LVL 2

Expert Comment

by:Jeffesmi
ID: 17665385
Younghv,

Sorry, that should have read:

we are _NOT_ ruckusing, we are having a healthy discussion on pros and cons of different anti-virus programs. ;-)


Peace,

Jeffery Smith

P.S. Even if they give it to you for free, just say no to PANDA. (Sorry, I couldn't resist.) :-D
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17666847
Hi Jeffrey,

As you are probably aware having been to the McAfee site, VirusScan Enterprise will run on a 500Mhz PIII machine with all the bells and whistles running, so to run on a 1.2Ghz Machine is not a problem.

I love your comment on "they will be paying a premium".........please quantify this statement.

How do you know that they will be paying a premium ?  Are you a McAfee reseller ?  Do you know the pricing ?

I bet not.

To move on to your comment "AVG is an excellent small business platform with every feature of McAfee Internet Security-Small Business Edition"

Basically, you're wrong.....AVG does not have every feature of McAfee Total Protection.......fact

"it detects many suspicious programs (i.e. spyware) and with Ewido " - Why run two programs ?

McAfee Antispyware just simply bolts in to VirusScan Enterprise 8, no need to mess around running 2 programs, and therefore 2 scans !

With regard to your comment about Rootkits, VirusScan Enterprise 8.5i detects rootkits and removes them.

It's nice that you feel I'm misinformed.......the firm I work for are IT Security Experts.....they don't touch IT Support....all they do all day is IT Security, and I'm their "McAfee guru".  If you see from the questions I've answered I know all of my virus programs Symantec, eTrust, PestPatrol etc, not just McAfee.......therefore to think I'm misinformed, is a bit of "pot calling the kettle black".

Especially if the last time you used McAfee was version 4.5.1.  It's now on version 8.5i and just gets better and better

You can think what you like about AVG, but it's just not up to a corporate environment.

AVG does not do per-process scanning, nor does it scan memory processes.  It simply scans the data that is read and written to the hard disk.

We've tested all of the leading AV suppliers, and continue to test them on a new release basis......AVG works for home users, but not a corporate environment.

Cheers
Si
0
 
LVL 38

Expert Comment

by:younghv
ID: 17667046
Two points -

1. "How do you think McAfee full suite would run on a PIII 1.2 Ghz with 256MB of RAM?"
Quite well, thank you.
Back in 1999, when I switched to Mcafee Enterprise, that was the baseline machine. One of the reasons I switched was the granularity of control that would allow McAfee - and no competitor - to run properly without interrupting the user.

and

2. Flashing a 'Peace' sign at someone in the military is a sure way to elevate the conversation.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17667096
One thing neither YoungHV or I have mentioned is ePO's Rogue System Detection.

AVG doesn't detect when a rogue machine comes on the network.

McAfee's ePO will detect it and alert the IT Dept with an email or a pager alert.

It can be customised to even deploy the AV software, or even a third party utility (for security, the deployment of a third party tool can only be done from the server console)

Again, another thing AVG doesn't do.

Si
0
 
LVL 2

Expert Comment

by:Jeffesmi
ID: 17668293
Again, in shame, I stand corrected.  LGROPPER, you'd have to be a fool to implement anything but McAfee.  There is no peer to this perfect protection suite.  Virus, rootkit, hackers, spam, and malware writers should just shutdown shop because once McAfee brightens every doorway, they are all out of business.  I guess my problem is my complete ignorance,  wasted youth, and limited intellectual ability.  I thought we were suggesting:

- Anti-virus software for clients and server running active directory
- For a client of unknown budget
- For a client of unknown size
- For a client with unknown system configuration (other than running active directory)

I'm going to go out today and switch all of my client, business and home, to McAfee Enterprise.  There is no excuse to run anything else but this truly perfect program.  If only I'd known before I wasted my life. (Sigh)

{sorry for the comedy relief}

I'm not trying to be openly hostile, but since your mind is made up and you have decided that there is no other option, there is no actual room for conversation or discussion. I find this a bit frustrating, but I truly wear a smile as I write this.  I've met so many people who "know that their answer is the only answer," and I've found the only way to deal with them is to grin and bear it.  As I keep pointing out, I like McAfee, I like Norton, I like AVG, I DON'T like PANDA.  

Best Wishes, Peace, and Love.  I'm done with this conversation as I definitely feel I'm assisting in creating a flame thread that will haunt my memory in future years.  I will however answer any questions as openly, honestly, and with as much of a sense of humor as I can muster posted by LGROPPER.

Jeffery Smith

P.S. Legalsrl, I apologize if any of my jokes or jabs were inappropriate or seemed mean-spirited.  I truly mean no harm by them. I was just trying to lighten things up a bit. I wish you a happy and wonderful day and I hope I have not caused you any grief or angst.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17670166
Well, I thought sarcasm was limited to us British....

Shame you didn't mean it as then we McAfee experts wouldn't have to spend time picking up the pieces left by other software and consultants.

I would suggest that you might try evaluating the latest version of ePO and VirusScan Enterprise as you would be able to see for yourself why we are suggesting it is a more superior tool.

I know you say you like McAfee et all, but why not actually see why we only like McAfee ?

This is the place for experts to talk, (probably not in this thread though), apologies to lgropper for that

There has been no grief, nor angst suffered by anyone on this thread, but frustration yes, especially when people don't listen to logical reason.

I'm sure I'll see you on another question anyway

Cheers
Si

0
 
LVL 1

Assisted Solution

by:yogesh28577
yogesh28577 earned 83 total points
ID: 17713265
why not you use Antivir for server as well as clients it is available on

 http://www.free-av.com/
now a days best antivirus rathar than AVG

0
 
LVL 16

Expert Comment

by:legalsrl
ID: 18036827
Might as well split it, even though yogesh came into the debate after it had already ended

Cheers
Si
0
 
LVL 20

Expert Comment

by:Venabili
ID: 18036939
As had you and anyone else after the first comment (the second is already more than 21 days after the first one so Cleanup might have caugth this). The only one that had showed up in time is the very first comment. But as this is opinions gathering, I would prefer to split isntead of awarding all to the first comment.

The last comment is only a week after your last comment so it is IN an active discussion
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

There are many HijackThis tutorials on the web already, so this article is about tips that help utilize HijackThis' full potential as a diagnostic tool. Download HijackThis from a TrendMicro link or from known reliable sources only. http://free.…
Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now