What is the best Antivirus software ?

Its not always like 'catching' the virus, trojans, worms etc. You should consider how mauch system resources the scanner utilizes, How much cost per node, the licensing method etc. TrendMicro as long as I heard, it will stop 'protecting' if your license is expired!

Since 5 years we are using McAfee corporate edition (Mcafee Total Protection for the enterprise), I will give a 90 marks out of 100. The only area where am not satisfied is on Spam Killer, which is not so capable. Otherwise, its so stable for us.

Again, There is nothing BEST, most of the solutions may work better for you, as per your tuning and customizations.

Regards
Regards

Thanks all,
Well, since we already purchased NOD32, YES , we will continue using it. All I need is advise from you all, if NOD32 failed to detect future virus ( also applied to other AV), what should I do to stick to this AV ? What I want is sort of like "after-sale-service support" which I can go online and they will figure out what to do next etc etc. Is this service available for NOD32 ? I just started this product last 2 weeks, and so far we depend totally on the software capabilities.

Maybe some of you experienced similar problem and able to contact whatever your AV support to mitigate the problem. Also installing multiple type of AV will used up all PC resources esp RAM. It may also detect each other as a threat.

Sophos is one excellent company...I have been using this for a corporate network of 3000+ machines and every day i talk to them regarding one or the other issue..They support well...
They have a investigation software that when we run on a affected machine it collects all possible data.We can mail that file to them.They investigate it on there lab and get us the right solution..

bsharath, can you tell me more about sophos ? or it's URL perhaps ? What software is this company produced ?

@bsharath -
You guys should know that can not run two or more AV applications on the same computer.

KG1973 -
I don't mind trying to help you, but you need to read and respond to my comments.

younghv,
I have read your comments and I agree with your advise to stick to what we have now and install the rest with AVG. Infact we'd done that.
However the reason why I post this question is to prepare for the common scenario after installing selected AV, of course after spending some money to it.

The scenario will be like this. What if other AV detect my pendrive infected by a virus, which I normally used with computer installed with NOD32 (persumed not infected by any virus,ie, NOD32 didn't display any alarm of threat).

Then that's the time I ask myself how good NOD32 is. It could be false alarm from AVG or other AV. But I don't dare to make such assumption and definitely this problem will be taken care seriously. This thing happen when some officers bring their personal notebook with their own AV hooked up with existing network. Sometime their AV detect some file under shared folder which suppose to be protected by existing NOD32.

younghv,
You did mentioned the following :
>>I have tried a wide variety of products in everything from standalone to several thousand systems.
>>Currently, AVG is my favorite - with McAfee (ePO) just behind it.

Can you tell me more how do you test wide variety of products and what criteria do you used to conclude your current AV solution.

Hi guys,
I am sorry for posting a question as "What is the best Antivirus software ?".
I should post this as "How to stick to ONE ANTIVIRUS SOFTWARE ?".

Thanks.

I am sorry, but I totally disagree with the angle "'younghv'" is taking on who you should consider taking advice from.   Don't base your decision on someone's certs, points and rep on any forum.. Please.  In my neck of the woods, the guy with all his certs displayed on his business card and who jumps at the opportunity to point them out is the one you watch out for because he typically won't consider anything beyond his nose.  Sorry, but that just isn't the way to get your opinion across effectively and  it rubs me the wrong way.

What he does say is correct, albeit basic in terms of pointing out the foundations that anyone should take in this business to secure a network.  As far as the software you should consider, as you have seen everyone has an opinion, and the best advice I have heard as of yet is don't mix and match the programs or you will asking for a major headache.

Symantec gets a bad wrap for being a system hog, which it can be for sure.  
NOD gets a bad rap (from some) for not reporting viruses or "false positives" - just google "NOD not detecting viruses" -  You will get the same with Symantec.
TrendMicro gets it for.. ? what exactly? Maybe being a suite (but which one isn't really with spyware detection, mail gateways, and such).  The market is asking for that.
...And so on.
 

Now "How to stick with one AV" - well I wouldn't marry any of them.  Pick a solid leader from the pack, implement it the correct documented way, and keep an eye on it because IT CAN and just might falter sometimes.   Be proactive and keep and eye out and continue asking around as you are.   That is the best advice I can give on an AV package.

Peace.

LOL!

top_rung - considering the fact that you've only managed to answer one anti-virus question in four and a half years on EE, it is easy to understand your comment.

I would have to take a guess and assume you are beyond your years and either have the time now to do this (forums) full time, or have others actually doing your work for you.  Most spend the majority of their time in the trenches and answering tech questions online isn't their top priority in life.  That does not discredit them.   But I guess since it is apparant by your behaviour that you need validation, congrats on being a jerk.  It is rather disheartening that anyone here on such a great community such as EE would go around and try and discredit other members.  Then again, you are the only person I have seen on here with such an attitude.  

 I am sure KG1973 doesn't need your advice on how he/she should take advice.  

 This isn't the time nor the place. --EOF.


I apologize to any moderator who has to deal with this, but I find the bashing of other members based on their time spent in the community rather harmful to its core principles.

This gets funnier all the time.

You have posted in at least 76 questions this month (January); while I have posted in only 36.

So much for who spends how much time here.

If you had bothered to read the request from the Asker in ID:20764654 - you would see that I was simply responding to the direct request for background and methodology.

My one month versus your two years??   Hmm brilliant logic my friend.  Yeah that is correct, I have the time this month to contribute back, and 50K points in a month (casually) should shine the light on the fact that what you have accomplished isn't that great.  Sorry to break it to you.  

Again though, thanks for giving insight to your thought process.  You are making it clearer why your advice should be taken lightly.

Listen, I don't want to further post my opinions on this thread as it will, and probably already has taken away from KG1973's question, sorry for that, so I posted my reply here if you wish to discuss it further.  I truly welcome it....

https://www.experts-exchange.com/questions/23121832/I-guess-there-comes-a-time-when-EE-members-disagree-contd.html

Let me point out that the  alternate thread is far from a flame, and anyone who can discuss it rationally can see that.  Everyone is entitled to their opinions.

With AV recommendations, specifically TrendMicro, it should be noted that Microsoft uses TrendMicro in their Hotmail products (TrendMicro won that account from McAfee), TrendMicro has agreements with Cisco Systems to integrate services within Security Appliances, etc.  They have solid growth, proven results, and expect them to be a leader for years to come.  - But, like I mentioned before, keep watching as it can change in an instant.

Again, it is a back and forth game.     I truly believe that if you go with with any of the products listed here,you will be adequately protected - assuming they are configured properly.

And I definitely agree with legalsrl in isolating suspect machines and scanning them with an alternate product (again, I lean toward TrendMicro - install a trial, run it in safe mode with sys. restore disabled.  If you use housecall or any of the online scanners, you still are connecting to the internet and providing the opportunity for the vulnerability to propagate).

top_rung,

In our opinion as an organisation Trend Micro's product are only suitable for an SMB and do not scale well to large enterprises.  We're talking from 1000 nodes to 30,000 nodes

What do you have to say on that ?

We're also of the opinion of that there is no single management console for all of their products.  Can you correct me on that ?

Finally, I'd be grateful if you could confirm if Trend requires an Antivirus Scan and then an Antispyware scan  as seperate processes ?

When we decided that McAfee was the product of our choice to partner with, Trend did in fact require 2 scans, 1 for Viruses and then another for Spyware

I'd like to update my knowledge, so would like an opinon from you as a "Trend expert"

Thanks
Simon

top_rung,

Just on re-reading your post, I wouldn't be particularly boastful about Trend Micro winning the Hotmail contract from McAfee, having checked with various people, it was a contract won on price and not quality of product.

Also, notably there have been more complaints about spam problems since Trend have been servicing Hotmail that McAfee every had.  FYI - McAfee expect to have the contract back within 18 months (due to a 2 year deal being signed) simply because Trend's Spam filters are not up to the job that they declared and MS are not happy.

Thought you might be interested in that.

Anyway, I'd still like to know your comments about my questions above

Thanks
Simon

Wow I came across this on the Experts Lounge.  Security certainly is not my forte, but I can share my experience with you as you might find it relevant based on the fact that our environments are similar in size.
 
I use Mcafee Total Protection for small business.  I use it in conjuntion with my sonicwall.  I am very happy with it.  I especially like how I can deny people from going on the internet unless its installed and updated.  

As for personal AV, I use AVG free and absolutely love it.  I would think that would be a reflection of their business product.  

Hi guys,
Sorry for not responding to the last info that you gave. I was on leave for 2 days, and surprisingly when I got back, your response are more on product "which one is best". I am not experts on this and even far  to comment all yours opinions.

For top_rung and the rest, I really appreciate your comments but please make it simple for me, I mean, don't go beyond of what I asked. I knew we are all free to give our opinions, but don't tell me that you are expert than others or vise versa. I don't want to crack my head for other stuff apart from what I am looking for. For non expert like me, I can't say who is wrong and right. It's even hard for me to give points to you. As long as your opinions sound reasonable to solve my problem, I will accept it regardless your background.

For your info, eversince I joint EE in 2006, I only solved 2 asker's problem. So what ????

Back to my question,
I stick to what I decided earlier, with NOD32 as what younghv point out but I take note other comments as well.

Also comments from rpggamergirl :
>>Good idea to keep what you already have bought, and NOD32 is among the good ones out there. If
>>NOD32 fails to detect future virus, then what you can do is submit the virus to NOD32 support
>>straightaway to update their definitions, false positives or the failure to detect a new virus can also
>>happen to any other antivirus. NOD32 includes phone support, email support, 24/7 access to the
>>official NOD32 support forum and an extensive help files online.

thanks.

KG1973,

I apologize for the direction your post took, and I attempted to direct users who had issues with me elsewhere, but as you can tell, they refused to.

I think Shekerra hits it on the head  on having a hardware firewall, and Exchange locked down.

And try to stick with a single AV solution (your decision on the vendor) rather than mixing and matching them in one network.  Keep it updated, verify clients are receiving the updates, and have scheduled scans.  I think you will be good.  I for one don't have a problem with a suite that handles AV and Spyware, but if you have the money and resources, separate dedicated solutions would more than likely be better.

I have to say that I too agree with top_rung when her recommended Trend Micro. It happens to be a very good product. I especially like that it uses multiple processes. One process = single point of failure. Something I thought the military would consider a weakness.

Also, No antivirus program is going to be 100%. How many of you guys were around when the nimda virus came out? How many of your servers were protected with an AV program and the virus never even got detected? I was sitting on one of my servers when I saw the e-mail start replicating throughout the machine. And I was able to read some articles that had already been published on how to fix the problem.
So be vigilant. Constantly update definitions, windows updates, and follow some strict firewall rules.

Top_rung,

Wow, what a belligerent chap you are, easily offended and ready to attempt to jump on anyone who you believe is disagreeing with you !  You must have got out of bed the wrong side !

I note that still haven't answered my questions, I'd still be grateful for an answer

If you read my post, I'm not in anyway saying that Trend is a bad product, it would probably suit a Small Business better than the McAfee Total Protection for Small Business.  

I'll add this disclaimer - if you are a SMB exposed to the Internet (i.e. small Webhost etc) then I would actively suggest not using Total Protection for Small Business.  In my opinion, the product is not suited for the SMB arena on a technical level and certainly in the UK, we only sell it to the micro business.

The product decision should be based on risk, i.e. if it's a Small Manufacturing firm with 2-3 PC's then fine, Total Protection for Small Business is fine, but if they are exposed to a lot of malware then Total Protection for Enterprise should be chosen.

You see that I am publicly stating that I do not believe the McAfee Total Protection for Small Business to be adequate protection.

One of the reasons that we don't sell Trend Micro is simply because it takes longer to scan for viruses and malware as there are 2 scans needed.  With McAfee, there is only the one scan for both at the same time

With regard to processes, the McAfee product has 4 processes so is not vulnerable to the single point of failure and the access protection side prevents the on-access scan from being disabled.

Can you also answer another question, yes, this is a question, not a jibe

Does Trend Micro detect rootkits ? And if so, is a bolt on product or part of the package ?

I'd still like some answers from anyone who knows the Trend product as it's always good to keep our information up to date

LOL!
I've got to agree with top_rung on at least one thing - "shekerra" had some great advice there.
Way to go shek!
;)

For those who want to bring "Nimda" into any discussion (or almost every chunk of malware that ever existed), the only way Nimda could infect a box was if the user had Admin (Nimda spelled backwards) privileges - AND -
the AV application was not up to date - AND -
the system was not updated with the MS patches.

Please note the use of the word AND above. If any one of those three conditions was 'true', Nimda could not infect a computer.

The vulnerability that Nimda exploited was well-known, the patch was published by MS long before it rampaged through the world, and almost all AV programs had protection built into their current set of DAT files.

True "Zero Day" malware has been almost non-existent for the past 15 years. Even "Melissa" protection was available (in the U.S.) just prior to the massive infections it caused.

KG1973 - the information I gave about background and qualifications was in direct response to your question:
<Can you tell me more how do you test wide variety of products and what criteria do you used to conclude your current AV solution.>

I interpreted that to mean you wanted to know something about my qualifications - so I gave you a generic response that I've posted several times before.

Vic

KG1973,

Having made your decision to stay with NOD32, I believe you are making a wise decision and continue using them without any worries.   If you are not familiar with Virus Bulletin, they are an organization whose sole purpose it to test the available programs and unbiasly (hopefully) report their efficacy.  If you look at their latest 2007 posting, NOD32 has the highest success ratio and appears to be a very impressive solution.  

http://www.nod32.com.au/compare/compare_vb100.html

I have never used them, but I can guarantee you that I will be!


legalsrl,

"Wow, what a belligerent chap you are, easily offended and ready to attempt to jump on anyone who you believe is disagreeing with you !  You must have got out of bed the wrong side !"

Again, you want to attack me and turn things in your favor.  I don't know if you know the definition of belligerence, but you are saying that I am combatitive and hostile, and ready to go to war .  Un-called for!   If you would PLEASE fully read all of my posts, you will see that I don't disagree with anything anyone said other than the issue of "pointing out peoples credentials".  That is it.  Nothing more.  You have a very vivid imagination my friend, and please kindly stop trying to make things personal.  It won't work on me!

To answer some more of your questions ...

Q:  "Does Trend Micro detect rootkits ? And if so, is a bolt on product or part of the package ?"    
A:  Yes, they do.. both integrated in their products and another separate tool should you choose to use it.

As far as your earlier comment, "McAfee expect to have the contract back within 18 months (due to a 2 year deal being signed) simply because Trend's Spam filters are not up to the job that they declared and MS are not happy."

Please  back that up with proof and not speculation nor salesman/marketing propaganda.  If this is true, I TRULY want to know about it for my education.   That information would be very useful to have when I negotiate any contracts with any vendor should I change from Trend in the future.


younghv,

Hold the press, you agreed with me on something ;)   Please note that I agreed with the majority of  what you wrote.  It was only that one thing that I had issue with, and we can let that dog rest.  Besides, another guy has taken the attack role now - But that's okay, as he is only projecting :-\

Oh top_rung, how easily you rise to the bait

I'm not attacking anyone, I don't need to do that as my previous comments prove

Again, just answer the questions and things will be fine.

Thank you for your information on the rootkit issue, that was certainly interesting, can you point out which part does the rootkit scanning please

So you know, I am not a salesman, but a valued McAfee techie both in the uK and the US but if you really want to waste time with propaganda then  I will get our marketing boys to provide it.

I doubt very much that you will ever change from Trend and would prefer you not so that I can count on your Trend knowledge in future questions I know that I will experience here......McAfee questions are much fewer and far between that Symantec and Trend

I'd prefer if it if you could answer all the questions outlined above so I can update our Trend knowledgebase, but from everything you have said, we were right to go with McAfee

Thanks
Simon

I just raised the points, but merely to appreciate to all your contributions. But then that also give me headache. So please don't get offended easily if I didn't give you right points.

Now I want to wrap up with the following conclusion :
1. No AV is perfect
2. Keep what we have now, keep updated
3. Keep an eye on top 10 AV because one will be better that other and so on
3. If there is a problem if AV unable to detect, then use their phone, email support, 247 or live online scan
4. Install hardware firewall and antispam
5. If possible, isolate suspected pc and scan it using different AV in safe mode
6. Last but not least, listen to EE.

7. Start answering questions on EE, become an Expert, and then argue about who has the best advice.

2 - Having the same AV product on all of your computers will really simplify your job. Evaluate and replace with another product if/when you become dissatisfied with what you have.

3 - (second 3) If you current AV has problems, use one of the free on-line scanners or something like McAfee "Stinger" to do a one-shot scan of the problem computer/file.

And lastly, educate the client/users on best practices.

To all,

Thanks for all your contributions.