I was hired as IT Support manager for a 200 user company. I have been in the positions for 3 months. Shortly after coming on board I discovered that there is not an AV network wide solution in place. The only protection is found with a server based front end email server and web filtering on a proxy server. The front email server and web filters are installed on a Linux server (RH). All the PCs are XP machines and are harden manually but not through a GPO (CDroms and floppy drive are removed; USB ports are not disabled, however.) The PC network is managed with AD and there are UNIX Software servers to run the legacy program for this company. (Users are not given local admin rights) I am in heavy discussions with the VP over this. He thinks this is a "safe network" protected by adequate virus protection. He reasons that email, web, removable media and unauthorized installation software are the only places where viruses can happen and that this network is protected with the above strategy in place. The cost of getting a network wide solution is about $9400. A multiyear contract would reduce that yearly total. I have very definite ideas about this, but I want to know what network administrators in EE think. All comments are welcome.