What is the best Antivirus software ?

Currently we have about 50 computers across our network.  We also have different kind of Antivirus software such as Norton, MaCafee, AVG, NOD32, Avast and Panda. I agreed that there is no perfect antivirus software and each of them have their own strength and weakneses. One can detect and kill specific virus(es) and other can't. But other may detect what other can't, and so on.

My question is, can we have just a single antivirus for all. We don't want to end up unistall and install new type and so on.

Recently we purchased NOD32 licensed for 10 and so far it is really working, ie, detect some viruses which AVG and other cannot detect. What if, some day in the future, we found that NOD32 can't detect viruses found by other AV ? What can be done to avoid uninstalling it and installing new one ? Please don't give me answer as if that we didn't update it everyday. In fact most AV have the feature of automatic update.

Please helpme.


LVL 1
KG1973Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

top_rungCommented:
Today, my vote is TrendMicro ;)  Very easy central administration, client updates and vulnerablity scanning that notify you if workstations have/have not applied Microsoft updates, spyware/grayware auto-detection and cleaning, great pricing, gateway solution for spam filtering, etc., online scanning via the web - I can go on and on.  

Of course you will get varying opinions.  My top two are TrendMicro and Symantec.  For the last 4 years, I have been on TrendMicro.  Prior to that, the only solution I used in a business environment was Symantec.

Step through TrendMicro recommendation "wizard", download a trial if you so desire, and see what you think.

http://recommender.trendmicro.com/seccons/web/index.php

But as you have seen, some do one thing better than others, and others do another.  It is a scenario that will always exist where one provider will be on top today, and tomorrow another is leading the pack.  There will never be one catch all solution, so don't hold your breathe for it.  You have to do as you are doing and ask, look around, and find what works for you.  But you should see a trend (no pun intended) where a few applications will almost always be mentioned at the top of the list.
0
buddistskaterCommented:
I look at Anti-Virus programs like condoms. Sure they help prevent 96% of viruses, but there's still that last 4% risk. For me, I like NOD32 the best. I've had many client's computers who have Norton, AVG, anti-vir, etc and still have viruses, but when I installed NOD32 for them, it cleared them up.

There's no way to predict the future and see what's the best Anti-Virus next month. When you find yourself running into problems with your current Anti-Virus, the best thing is to ask other experts who keep their knowledge up-to-date as well (in E-E for example), and poll them asking which Anti-Virus has worked best for them, and why.

As for practicality and best protection, I have AVG and NOD32 on my usb drive. That way when one isn't picking something up on a computer, I just load up the other. There's not much else you can do that I know of at least.
0
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

BasheerptCommented:
Its not always like 'catching' the virus, trojans, worms etc. You should consider how mauch system resources the scanner utilizes, How much cost per node, the licensing method etc. TrendMicro as long as I heard, it will stop 'protecting' if your license is expired!

Since 5 years we are using McAfee corporate edition (Mcafee Total Protection for the enterprise), I will give a 90 marks out of 100. The only area where am not satisfied is on Spam Killer, which is not so capable. Otherwise, its so stable for us.

Again, There is nothing BEST, most of the solutions may work better for you, as per your tuning and customizations.

Regards
Regards
0
younghvCommented:
If you just bought NOD32 for 20% of your network, then go with it - and do all of your systems with it.
It is easily one of the top 5 anti-malware products on the market.

The only alternative I can see would be to install AVG on all of your machines - because the cost of 50 licenses would probably be less than buying the additional NOD32 for all of the other boxes.

I would go nuts trying to manage multiple products. McAfee ePO can 'monitor' some functions in other products, but you need something that can manage your entire network without constant physical management.

Security is multi-layers of defense. One product is never going to be enough, but any good AV solution will stand as one of the layers.

I have tried a wide variety of products in everything from standalone to several thousand systems. Currently, AVG is my favorite - with McAfee (ePO) just behind it.

Because of the data collection/remote access possibilities, ePO is my choice for very large (or remote) networks.

Most of the 'Suite' type products I have seen are a waste of money and processor resources. They try to have so much going on that they bog down the computers - and worse - interfere with normal operations/applications.

Buy individual products for AV and Anti-spyware, run a hardware firewall - not software, and have your Exchange guy work out a SPAM solution.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
younghvCommented:
I forgot to mention my standing advice to anyone considering anti-malware products.

"ABS/N" (Anything But Symantec/Norton)

I won't do my normal rant about the problems they cause, but my speech is available upon request.
0
KG1973Author Commented:
Thanks all,
Well, since we already purchased NOD32, YES , we will continue using it. All I need is advise from you all, if NOD32 failed to detect future virus ( also applied to other AV), what should I do to stick to this AV ? What I want is sort of like "after-sale-service support" which I can go online and they will figure out what to do next etc etc. Is this service available for NOD32 ? I just started this product last 2 weeks, and so far we depend totally on the software capabilities.

Maybe some of you experienced similar problem and able to contact whatever your AV support to mitigate the problem. Also installing multiple type of AV will used up all PC resources esp RAM. It may also detect each other as a threat.

0
bsharathCommented:
Sophos is one excellent company...I have been using this for a corporate network of 3000+ machines and every day i talk to them regarding one or the other issue..They support well...
They have a investigation software that when we run on a affected machine it collects all possible data.We can mail that file to them.They investigate it on there lab and get us the right solution..
0
KG1973Author Commented:
bsharath, can you tell me more about sophos ? or it's URL perhaps ? What software is this company produced ?
0
younghvCommented:
@bsharath -
You guys should know that can not run two or more AV applications on the same computer.

KG1973 -
I don't mind trying to help you, but you need to read and respond to my comments.

0
KG1973Author Commented:
younghv,
I have read your comments and I agree with your advise to stick to what we have now and install the rest with AVG. Infact we'd done that.
However the reason why I post this question is to prepare for the common scenario after installing selected AV, of course after spending some money to it.

The scenario will be like this. What if other AV detect my pendrive infected by a virus, which I normally used with computer installed with NOD32 (persumed not infected by any virus,ie, NOD32 didn't display any alarm of threat).

Then that's the time I ask myself how good NOD32 is. It could be false alarm from AVG or other AV. But I don't dare to make such assumption and definitely this problem will be taken care seriously. This thing happen when some officers bring their personal notebook with their own AV hooked up with existing network. Sometime their AV detect some file under shared folder which suppose to be protected by existing NOD32.

younghv,
You did mentioned the following :
>>I have tried a wide variety of products in everything from standalone to several thousand systems.
>>Currently, AVG is my favorite - with McAfee (ePO) just behind it.

Can you tell me more how do you test wide variety of products and what criteria do you used to conclude your current AV solution.



0
KG1973Author Commented:
Hi guys,
I am sorry for posting a question as "What is the best Antivirus software ?".
I should post this as "How to stick to ONE ANTIVIRUS SOFTWARE ?".

Thanks.
0
younghvCommented:
KG1973,
It is good for an 'Asker' to check the profiles of the 'Experts' giving advice.
You can see the levels of success each has had on EE and many put some details of their experience there for you to read.

My last 12 years in the military were spent managing Network/Computer Security for groups of domains that averaged about 2,000 systems per domain.

We had site licenses (free access) to McAfee, Trend, and Symantec. I tried all three and really got burned by Symantec. After my first full migration to McAfee I was sold and stuck with it.

Many of the (my opinion) best Experts on EE recommend NOD32 and I am in no position to disagree with them. I trust their advice.

To your specific question.

If another AV product detects an infection on your pendrive - after either AVG or NOD has said it is clean, I would first suspect a 'False Postive'.

If you get that kind of warning, you can always do an 'on-line' live scan from something like Trend Micro "House Call". There are several other 'on-line' free scanners and even something like McAfee's stinger (http://vil.nai.com/vil/stinger/) for a one-time scan of your pendrive.

I have a wide variety of certifications/courses/seminars for network and systems security and about the only thing that all Security Pros agree on is "Defense in Depth".

You must have a hardware firewall, in addition to ONE AV program per system, AS on all systems, and configuration modifications.

The single biggest change you can make is to make sure that NO ONE is running their computer using an account with Administrator privileges.

Even though that is the biggest, almost no one will follow that simple advice.

My fingers are tired.

Post back any specific questions.

Vic


0
BasheerptCommented:
I dont agree running multiple AV products in single system and even dont prefer to run multiple Security products in a single corporate environment. It will give management headache first of all. Its good idea to fine tune your NODE32, if you have already purchased the license at its optimum protecting level and in the next budget time, you may consider to switch to better solution, depends on your study in the period.

Also, instructions from 'younghv' are acceptable, regarding firewall settings, admin privilage etc..Its not like Install AV and sit tight back! Close admin privilage for user, Close unwanted ports, Setup FW for the system and network itself, Install better antispam, Install and properly configure an email server AV etc. besides your corporate AV product will work together means, better secured!

Finally, no antivirus products are there with 0% false positive!

Regards
0
top_rungCommented:
I am sorry, but I totally disagree with the angle "'younghv'" is taking on who you should consider taking advice from.   Don't base your decision on someone's certs, points and rep on any forum.. Please.  In my neck of the woods, the guy with all his certs displayed on his business card and who jumps at the opportunity to point them out is the one you watch out for because he typically won't consider anything beyond his nose.  Sorry, but that just isn't the way to get your opinion across effectively and  it rubs me the wrong way.

What he does say is correct, albeit basic in terms of pointing out the foundations that anyone should take in this business to secure a network.  As far as the software you should consider, as you have seen everyone has an opinion, and the best advice I have heard as of yet is don't mix and match the programs or you will asking for a major headache.

Symantec gets a bad wrap for being a system hog, which it can be for sure.  
NOD gets a bad rap (from some) for not reporting viruses or "false positives" - just google "NOD not detecting viruses" -  You will get the same with Symantec.
TrendMicro gets it for.. ? what exactly? Maybe being a suite (but which one isn't really with spyware detection, mail gateways, and such).  The market is asking for that.
...And so on.
 

Now "How to stick with one AV" - well I wouldn't marry any of them.  Pick a solid leader from the pack, implement it the correct documented way, and keep an eye on it because IT CAN and just might falter sometimes.   Be proactive and keep and eye out and continue asking around as you are.   That is the best advice I can give on an AV package.

Peace.
0
younghvCommented:
LOL!

top_rung - considering the fact that you've only managed to answer one anti-virus question in four and a half years on EE, it is easy to understand your comment.

0
top_rungCommented:
I would have to take a guess and assume you are beyond your years and either have the time now to do this (forums) full time, or have others actually doing your work for you.  Most spend the majority of their time in the trenches and answering tech questions online isn't their top priority in life.  That does not discredit them.   But I guess since it is apparant by your behaviour that you need validation, congrats on being a jerk.  It is rather disheartening that anyone here on such a great community such as EE would go around and try and discredit other members.  Then again, you are the only person I have seen on here with such an attitude.  

 I am sure KG1973 doesn't need your advice on how he/she should take advice.  

 This isn't the time nor the place. --EOF.


I apologize to any moderator who has to deal with this, but I find the bashing of other members based on their time spent in the community rather harmful to its core principles.
0
younghvCommented:
This gets funnier all the time.

You have posted in at least 76 questions this month (January); while I have posted in only 36.

So much for who spends how much time here.

If you had bothered to read the request from the Asker in ID:20764654 - you would see that I was simply responding to the direct request for background and methodology.
0
top_rungCommented:
My one month versus your two years??   Hmm brilliant logic my friend.  Yeah that is correct, I have the time this month to contribute back, and 50K points in a month (casually) should shine the light on the fact that what you have accomplished isn't that great.  Sorry to break it to you.  

Again though, thanks for giving insight to your thought process.  You are making it clearer why your advice should be taken lightly.
0
rpggamergirlCommented:
>>>All I need is advise from you all, if NOD32 failed to detect future virus ( also applied to other AV), what should I do to stick to this AV ? What I want is sort of like "after-sale-service support" which I can go online and they will figure out what to do next etc etc.<<<

Good idea to keep what you already have bought, and NOD32 is among the good ones out there. If NOD32 fails to detect future virus, then what you can do is submit the virus to NOD32 support straightaway to update their definitions, false positives or the failure to detect a new virus can also happen to any other antivirus. NOD32 includes phone support, email support, 24/7 access to the official NOD32 support forum and an extensive help files online.
Supposing your pen drive is detected by other antivirus to being infected, then you could always use a tool especially for flashdrive viruses to make sure it's not a false positive --> http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe, if it is infact infected(which NOD32 had missed) then the tool will stop the spread of infection(by creating a harmless autorun.inf in every drive) and remove the virus.
You also have the option to submit the virus to NOD32 so they can update their definitions.
There's isn't really "best" antivirus out there, but some does well in updating definitions/catching up on the latest viruses, others are good in terms of detection and removal, as we know that many antivirus detects viruses but can't remove(not talking about the System Restore etc)
The rest I think younghv advice has summed it all up, and I'll just be repeating them.


top_rung,
You took younghv's comment about "looking the profiles" the wrong way. EE recommends that experts should list in their profiles what their credentials and experience are because that will always help the Asker, and that's a good thing.
His comment is plain innocent, like he said it was merely a respond to the asker's comment http:#20764654
You said, the guy with all his certs displayed in his card are the ones to watch out for (meaning can't be trusted), so whose advice weighs more to you if certs and years of experienced mean nothing?
If I had a question in the subject that I'm not familiar about, then most often, the advice from people who's well experienced in that field is likely the one that has more weight to me.
I can assure you that younghv knows what he's talking about, his acquired credentials are backed-up by his many years of experienced as Tech Security Expert in the military environment, there's no doubt about that.

I've seen younghv's posts here at EE and he's one of the very few experts who would go that extra mile just to help an Asker even without points. You don't see many experts who is genuine in assisting the Asker's, providing helpful infos even when the question is already closed and someone else had already gotten the points. You're mistaken in what you think of him.
You just insulted a fine and highly regarded expert.


0
top_rungCommented:
Listen, I don't want to further post my opinions on this thread as it will, and probably already has taken away from KG1973's question, sorry for that, so I posted my reply here if you wish to discuss it further.  I truly welcome it....

http://www.experts-exchange.com/Other/Expert_Lounge/Q_23121832.html

0
legalsrlCommented:

I'm going to ignore the flame thread link posted above, and ignore all of the comments about anyone on here.  I have a good relationship with YoungHV and I value his expertise highly, and hopefully he values my knowledge as welll

What I am going to point out is that all the experts have their opinions about products and should stand behind them.

YoungHV believes in McAfee as they protect the US Military.

I believe in McAfee for multiple reasons and have deployed over 100,000 nodes throughout the UK for this reason.

I personally would change from NOD32 when the renewal is due on the NOD32 product.  In the meantime, if you have a file you believe to be malicious and NOD32 doesn't pick it up, then I would suggest doing 1 or 2 things

First thing, take a machine that is isolated from the network and scan it with a standalone scanner that is different to NOD32 i.e. McAfee or Kaspersky

The Kaspersky scanning engine is better than the McAfee engine, but McAfee's product range is better and easier to manage all products including appliances from one console

Secondly, I would utlitise some of the online web scanners from McAfee and Kaspersky

Once you have done that, I would record the instances where NOD32 fails and use that to decide whether or not to move away after a period of analysis

0
top_rungCommented:
Let me point out that the  alternate thread is far from a flame, and anyone who can discuss it rationally can see that.  Everyone is entitled to their opinions.

With AV recommendations, specifically TrendMicro, it should be noted that Microsoft uses TrendMicro in their Hotmail products (TrendMicro won that account from McAfee), TrendMicro has agreements with Cisco Systems to integrate services within Security Appliances, etc.  They have solid growth, proven results, and expect them to be a leader for years to come.  - But, like I mentioned before, keep watching as it can change in an instant.

Again, it is a back and forth game.     I truly believe that if you go with with any of the products listed here,you will be adequately protected - assuming they are configured properly.

And I definitely agree with legalsrl in isolating suspect machines and scanning them with an alternate product (again, I lean toward TrendMicro - install a trial, run it in safe mode with sys. restore disabled.  If you use housecall or any of the online scanners, you still are connecting to the internet and providing the opportunity for the vulnerability to propagate).

0
legalsrlCommented:
top_rung,

In our opinion as an organisation Trend Micro's product are only suitable for an SMB and do not scale well to large enterprises.  We're talking from 1000 nodes to 30,000 nodes

What do you have to say on that ?

We're also of the opinion of that there is no single management console for all of their products.  Can you correct me on that ?

Finally, I'd be grateful if you could confirm if Trend requires an Antivirus Scan and then an Antispyware scan  as seperate processes ?

When we decided that McAfee was the product of our choice to partner with, Trend did in fact require 2 scans, 1 for Viruses and then another for Spyware

I'd like to update my knowledge, so would like an opinon from you as a "Trend expert"

Thanks
Simon
0
legalsrlCommented:
top_rung,

Just on re-reading your post, I wouldn't be particularly boastful about Trend Micro winning the Hotmail contract from McAfee, having checked with various people, it was a contract won on price and not quality of product.

Also, notably there have been more complaints about spam problems since Trend have been servicing Hotmail that McAfee every had.  FYI - McAfee expect to have the contract back within 18 months (due to a 2 year deal being signed) simply because Trend's Spam filters are not up to the job that they declared and MS are not happy.

Thought you might be interested in that.

Anyway, I'd still like to know your comments about my questions above

Thanks
Simon
0
David Scott, MCSENetwork AdministratorCommented:
Wow I came across this on the Experts Lounge.  Security certainly is not my forte, but I can share my experience with you as you might find it relevant based on the fact that our environments are similar in size.
 
I use Mcafee Total Protection for small business.  I use it in conjuntion with my sonicwall.  I am very happy with it.  I especially like how I can deny people from going on the internet unless its installed and updated.  

As for personal AV, I use AVG free and absolutely love it.  I would think that would be a reflection of their business product.  

0
top_rungCommented:
legalsrl,

First just how did all the supporters end up on this thread so late in the game.. That is rather suspect and quite humorous!  For someone that doesn't want to participate in a "flame" or claims that he/she will ignore comments about anyone here, you sure seem to be motivated by proving me wrong and by taking sides.   But friends stick together eh?   BTW, thanks for appointing me a Trend Expert.  Wow, a compliment.   The reality is I would NEVER be so self-glorifying.  But again, thank you for the compliment.

Second,  I am relating my answers to the orginal question not yours or anyone elses.  I don't recall the asker wanting a massive Enterprise deployment with 30,000 nodes.  However, if you must see numbers, here is just one example... Florida school district (Orange County), had a SINGLE SERVER managing 48,000 client desktops - it is documented that the server never experienced more than 20% CPU utilization.  Spank you very much!  Now, did the McAfee salesman's powerpoint show you that?  If you want to forward it to them for a discount on your next McAfee purchase, here you go...

http://www.trendmicro.com.au/imperia/md/content/us/pdf/products/enterprise/scanmailformicrosoftexchange/ss05ocps070419us_0523_final_for_posting.pdf


Again, let me spell it out for you since you are missing my point - I am not saying McAfee isn't a good product.  They are a great product.  Again, just in case you missed it, they    have    a    great     product.   I don't see why you are trying to focus on that other than to prove that the product you know  and are comfortable with is the only good solution.  You are proving that my comment about "not seeing beyond their noses" has validity.  What I am saying is that  TrendMicro is an EXCELLENT product given THIS situation, and I believe the burden is on you to explain why it isn't.  Myself and everone else is listening.  Also, please back up your future arguement(s) with documented facts if you choose to post back by "flaming" TrendMicro.

Q:  "We're also of the opinion of that there is no single management console for all of their products.  Can you correct me on that ?"

A:  Yes there are central management consoles for antivirus, spyware, vulnerability detection,etc.  But I won't say there is ONE for EVERY product that Trend makes. I think you need to clarify what you mean by ALL of their products.  I also don't think you can make that claim for any of the vendors (at least the way I read your question).  As far as Trend (specifically for small-medium business) central management is what I truly believe has been their greatest success and why they gained a non arguable position at the top along with Symantec, McAfee, etc.

Q:  "Finally, I'd be grateful if you could confirm if Trend requires an Antivirus Scan and then an Antispyware scan  as seperate processes ?"

A:  Please explain to me why having separate dedicated processes is detrimental?  If they run efficiently and the system is capable of the documented requirements, I would love to hear why that would hinder you from chosing it. Actually, multiple processes handling these tasks is MORE beneficial and flexible.   Look at if from a Military analogy - would you have a single platoon or even a branch handling ALL duties?  If ONE process handles everything then something else will falter. That is, if you have a single process, and if you are running an antivirus scan, then you will decrease the processing required for your AntiSpyware scanning.  Is that not logical?  That is simply an old school mentality. Are you also anti Object-Oriented Programming?

Also, I will be boastful of Trend winning the account from Microsoft.  Being from a military background as you might be (or your friends that you are so diligently trying to protect are), you should acknowledge that most bids are won based on the LOWEST COST, the LOWEST BIDDER. Everyone knows that, and that is not a secret.  That is how business is done.  So now it sounds like you are flaming TrendMicro AND Microsoft in an attempt to upsell your Virus solution.  Illogical, and again, not looking beyond your nose.
 
I won't sue Trend for having a GREAT PRODUCT at a GREAT PRICE, and neither should you.  Heck if you want to pay top dollar for a product, you are entitled to, but don't cry foul because an equally or more capable product does the same at half the cost.

Are you next going to tell me that Cisco and Trend working together was facilitated by Al Qaeda in an attempt to increase the amount of saturated fats in McDonald's french fries?  I guess them Cisco guys don't know what they are doing :-\  

So for now, I do want to end with the following, so please take it to heart...

I consider this constructive banter, and I am not taking anything you say personally.  I encourage you and all your buds to do the same.  Debate is healthy!








0
KG1973Author Commented:
Hi guys,
Sorry for not responding to the last info that you gave. I was on leave for 2 days, and surprisingly when I got back, your response are more on product "which one is best". I am not experts on this and even far  to comment all yours opinions.

For top_rung and the rest, I really appreciate your comments but please make it simple for me, I mean, don't go beyond of what I asked. I knew we are all free to give our opinions, but don't tell me that you are expert than others or vise versa. I don't want to crack my head for other stuff apart from what I am looking for. For non expert like me, I can't say who is wrong and right. It's even hard for me to give points to you. As long as your opinions sound reasonable to solve my problem, I will accept it regardless your background.

For your info, eversince I joint EE in 2006, I only solved 2 asker's problem. So what ????

Back to my question,
I stick to what I decided earlier, with NOD32 as what younghv point out but I take note other comments as well.

Also comments from rpggamergirl :
>>Good idea to keep what you already have bought, and NOD32 is among the good ones out there. If
>>NOD32 fails to detect future virus, then what you can do is submit the virus to NOD32 support
>>straightaway to update their definitions, false positives or the failure to detect a new virus can also
>>happen to any other antivirus. NOD32 includes phone support, email support, 24/7 access to the
>>official NOD32 support forum and an extensive help files online.

thanks.
0
GUEENCommented:
>Buy individual products for AV and Anti-spyware, run a hardware firewall - not software, and >have your Exchange guy work out a SPAM solution.

Excellent advice -  and a hardware firewall resolves many problems.

0
top_rungCommented:
KG1973,

I apologize for the direction your post took, and I attempted to direct users who had issues with me elsewhere, but as you can tell, they refused to.

I think Shekerra hits it on the head  on having a hardware firewall, and Exchange locked down.

And try to stick with a single AV solution (your decision on the vendor) rather than mixing and matching them in one network.  Keep it updated, verify clients are receiving the updates, and have scheduled scans.  I think you will be good.  I for one don't have a problem with a suite that handles AV and Spyware, but if you have the money and resources, separate dedicated solutions would more than likely be better.

0
dotcomsaCommented:
I have to say that I too agree with top_rung when her recommended Trend Micro. It happens to be a very good product. I especially like that it uses multiple processes. One process = single point of failure. Something I thought the military would consider a weakness.

Also, No antivirus program is going to be 100%. How many of you guys were around when the nimda virus came out? How many of your servers were protected with an AV program and the virus never even got detected? I was sitting on one of my servers when I saw the e-mail start replicating throughout the machine. And I was able to read some articles that had already been published on how to fix the problem.
So be vigilant. Constantly update definitions, windows updates, and follow some strict firewall rules.
0
legalsrlCommented:
Top_rung,

Wow, what a belligerent chap you are, easily offended and ready to attempt to jump on anyone who you believe is disagreeing with you !  You must have got out of bed the wrong side !

I note that still haven't answered my questions, I'd still be grateful for an answer

If you read my post, I'm not in anyway saying that Trend is a bad product, it would probably suit a Small Business better than the McAfee Total Protection for Small Business.  

I'll add this disclaimer - if you are a SMB exposed to the Internet (i.e. small Webhost etc) then I would actively suggest not using Total Protection for Small Business.  In my opinion, the product is not suited for the SMB arena on a technical level and certainly in the UK, we only sell it to the micro business.

The product decision should be based on risk, i.e. if it's a Small Manufacturing firm with 2-3 PC's then fine, Total Protection for Small Business is fine, but if they are exposed to a lot of malware then Total Protection for Enterprise should be chosen.

You see that I am publicly stating that I do not believe the McAfee Total Protection for Small Business to be adequate protection.

One of the reasons that we don't sell Trend Micro is simply because it takes longer to scan for viruses and malware as there are 2 scans needed.  With McAfee, there is only the one scan for both at the same time

With regard to processes, the McAfee product has 4 processes so is not vulnerable to the single point of failure and the access protection side prevents the on-access scan from being disabled.

Can you also answer another question, yes, this is a question, not a jibe

Does Trend Micro detect rootkits ? And if so, is a bolt on product or part of the package ?

I'd still like some answers from anyone who knows the Trend product as it's always good to keep our information up to date

0
younghvCommented:
LOL!
I've got to agree with top_rung on at least one thing - "shekerra" had some great advice there.
Way to go shek!
;)

For those who want to bring "Nimda" into any discussion (or almost every chunk of malware that ever existed), the only way Nimda could infect a box was if the user had Admin (Nimda spelled backwards) privileges - AND -
the AV application was not up to date - AND -
the system was not updated with the MS patches.

Please note the use of the word AND above. If any one of those three conditions was 'true', Nimda could not infect a computer.

The vulnerability that Nimda exploited was well-known, the patch was published by MS long before it rampaged through the world, and almost all AV programs had protection built into their current set of DAT files.

True "Zero Day" malware has been almost non-existent for the past 15 years. Even "Melissa" protection was available (in the U.S.) just prior to the massive infections it caused.

KG1973 - the information I gave about background and qualifications was in direct response to your question:
<Can you tell me more how do you test wide variety of products and what criteria do you used to conclude your current AV solution.>

I interpreted that to mean you wanted to know something about my qualifications - so I gave you a generic response that I've posted several times before.

Vic
0
top_rungCommented:
KG1973,

Having made your decision to stay with NOD32, I believe you are making a wise decision and continue using them without any worries.   If you are not familiar with Virus Bulletin, they are an organization whose sole purpose it to test the available programs and unbiasly (hopefully) report their efficacy.  If you look at their latest 2007 posting, NOD32 has the highest success ratio and appears to be a very impressive solution.  

http://www.nod32.com.au/compare/compare_vb100.html

I have never used them, but I can guarantee you that I will be!


legalsrl,

"Wow, what a belligerent chap you are, easily offended and ready to attempt to jump on anyone who you believe is disagreeing with you !  You must have got out of bed the wrong side !"

Again, you want to attack me and turn things in your favor.  I don't know if you know the definition of belligerence, but you are saying that I am combatitive and hostile, and ready to go to war .  Un-called for!   If you would PLEASE fully read all of my posts, you will see that I don't disagree with anything anyone said other than the issue of "pointing out peoples credentials".  That is it.  Nothing more.  You have a very vivid imagination my friend, and please kindly stop trying to make things personal.  It won't work on me!

To answer some more of your questions ...

Q:  "Does Trend Micro detect rootkits ? And if so, is a bolt on product or part of the package ?"    
A:  Yes, they do.. both integrated in their products and another separate tool should you choose to use it.

As far as your earlier comment, "McAfee expect to have the contract back within 18 months (due to a 2 year deal being signed) simply because Trend's Spam filters are not up to the job that they declared and MS are not happy."

Please  back that up with proof and not speculation nor salesman/marketing propaganda.  If this is true, I TRULY want to know about it for my education.   That information would be very useful to have when I negotiate any contracts with any vendor should I change from Trend in the future.


younghv,

Hold the press, you agreed with me on something ;)   Please note that I agreed with the majority of  what you wrote.  It was only that one thing that I had issue with, and we can let that dog rest.  Besides, another guy has taken the attack role now - But that's okay, as he is only projecting :-\










0
legalsrlCommented:
Oh top_rung, how easily you rise to the bait

I'm not attacking anyone, I don't need to do that as my previous comments prove

Again, just answer the questions and things will be fine.

Thank you for your information on the rootkit issue, that was certainly interesting, can you point out which part does the rootkit scanning please

So you know, I am not a salesman, but a valued McAfee techie both in the uK and the US but if you really want to waste time with propaganda then  I will get our marketing boys to provide it.

I doubt very much that you will ever change from Trend and would prefer you not so that I can count on your Trend knowledge in future questions I know that I will experience here......McAfee questions are much fewer and far between that Symantec and Trend

I'd prefer if it if you could answer all the questions outlined above so I can update our Trend knowledgebase, but from everything you have said, we were right to go with McAfee

Thanks
Simon
0
KG1973Author Commented:
I just raised the points, but merely to appreciate to all your contributions. But then that also give me headache. So please don't get offended easily if I didn't give you right points.

Now I want to wrap up with the following conclusion :
1. No AV is perfect
2. Keep what we have now, keep updated
3. Keep an eye on top 10 AV because one will be better that other and so on
3. If there is a problem if AV unable to detect, then use their phone, email support, 247 or live online scan
4. Install hardware firewall and antispam
5. If possible, isolate suspected pc and scan it using different AV in safe mode
6. Last but not least, listen to EE.
0
younghvCommented:
7. Start answering questions on EE, become an Expert, and then argue about who has the best advice.

2 - Having the same AV product on all of your computers will really simplify your job. Evaluate and replace with another product if/when you become dissatisfied with what you have.

3 - (second 3) If you current AV has problems, use one of the free on-line scanners or something like McAfee "Stinger" to do a one-shot scan of the problem computer/file.
0
top_rungCommented:
And lastly, educate the client/users on best practices.



0
KG1973Author Commented:
To all,

Thanks for all your contributions.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.