×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Virus Prevention in the Small/Medium Business?

Cliff posted more than 8 years ago | from the keeping-out-the-nasties dept.

Worms 89

Morti asks: "I've been asked to select a virus scanner to be installed on the network at work. It's only a small office with six Windows XP PCs, two Linux servers and any number of Windows XP laptops that random people bring in. And I'm wondering, not just in this case but generally, what is the virus scanning / Internet security solution of choice for the small business these days? Costs need to be kept at a minimum, particularly because this business is a registered charity (a church, no less). We used to have Norton Internet Security but I'm not really keen to keep it. Besides Linux (which I've been pushing but nobody's interested), what is the most cost-effective and generally 'best' virus prevention and Internet security solution for the small/medium business?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

89 comments

AVG free (2, Informative)

Captain Splendid (673276) | more than 8 years ago | (#13520868)

http://free.grisoft.com/doc/1 [grisoft.com]

Small, reliable and free.

Re:AVG free (4, Informative)

arkanes (521690) | more than 8 years ago | (#13520931)

*NOT* free for commercial use. This is important.

Re:AVG free (1)

redog (574983) | more than 8 years ago | (#13521148)

not only commercial use, "Use of AVG Free Edition within any organization or for commercial purposes is strictly prohibited."

Re:AVG free ...vs ClamAV? (0)

Anonymous Coward | more than 8 years ago | (#13536277)

ClamAV otoh, IS free for commercial use is it not?

Re:AVG free (1)

crimoid (27373) | more than 8 years ago | (#13521629)

Mod parent down, this is bad advice!

While AVG is free for personal use it is NOT free for organizations, even a church.

Re:AVG free (1)

Intron (870560) | more than 8 years ago | (#13521845)

From the Grisoft License Agreement for the free version:

You must not use the program in a network or on more than one computer.

Re:AVG free (1)

`Sean (15328) | more than 8 years ago | (#13541424)

If it's not allowed on a network then how is it supposed to download updates? Zing!

Of course no one's interested in Linux... (2, Funny)

Z0mb1eman (629653) | more than 8 years ago | (#13520876)

...no one wants to preach two different religions :)

*ducks*

Re:Of course no one's interested in Linux... (4, Insightful)

Wylfing (144940) | more than 8 years ago | (#13521171)

Funny, yes, but also a little insightful in a backhanded way. (Is that even a compliment anymore?) As someone who has been near to various charity/nonprofit organizations, it always saddens me to see them squander their donors' money on Windows and Office licenses.

I'll get on a slight rant: I've said as much to nonprofits as well as my city government. Why do you need to buy Windows and Office? Oh, they say, we need to remain compatible with everyone else. OK, I reply, what kinds of document exchange do you do? Well, they say, looking at each other, we print things out on letterhead.

So yeah, squandering is what you're doing.

Re:Of course no one's interested in Linux... (1)

Custard (45810) | more than 8 years ago | (#13528276)

Microsoft's Charity License Program is amazingly cheap.

Last time I ordered 2003 server was $128 and Office Pro was $90.

When you consider lost time do to futzing MS might be cheaper. Of course when you consider MS's hardware requirement it might be cheaper.

Dan

pray (0, Troll)

beowulfy (897757) | more than 8 years ago | (#13520893)

I tend to pray each night before I go to bed, and at the windows login screen that my network will stay secure. So far no problems!

Re:pray (0)

Anonymous Coward | more than 8 years ago | (#13521006)

Don't forget - viruses are sent to try you.

Fuck religion.

Draw a line in the sand (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#13520896)

Besides Linux (which I've been pushing but nobody's interested)

Well push harder! Tell the Windoze using morons they better switch or you're going to kick them off the fucking network. If they continue to not obey, intentionally send them viruses. Maybe then the assholes will finally learn their lesson.

Three stories down (2, Insightful)

Johnny Mnemonic (176043) | more than 8 years ago | (#13520917)


you can read a spirited discussion on the pros/cons of OS X as a virus deterrent. You said that you have tried Linux to little avail--maybe they'd be happier with a non-Windows machine that can still run Microsoft Office?

Re:Three stories down (1)

IonPanel (714617) | more than 8 years ago | (#13531652)

Thats hardly helpful since that would require buying a whole new range of hardware - given that situation he described - that's not practical - is it?

He needs to keep Windows /and/ Linux.

One word: (-1, Redundant)

Mensa Babe (675349) | more than 8 years ago | (#13520924)

GNU/Linux.

That's the best virus prevention money can buy.

Re:One word: (4, Funny)

saintp (595331) | more than 8 years ago | (#13521000)

Oy! I understand that /.ers might not always RTFA, but can't you at least read the goddamn summary? It's a friggin' paragraph, it's not like you need to be in Mensa to understand it.

Re:One word: (0)

Anonymous Coward | more than 8 years ago | (#13521164)

(a) Tell us something we don't already know
(b) Tell it to us in a way that doesn't sound like an ad for traveller's checks

-1: karma whoring in progress

Re:One word: (0)

Anonymous Coward | more than 8 years ago | (#13521230)

GNU/Linux is actually two words. Hyphenation can be interpreted as creating a single word, but forward slash is more like a preposition, i.e. GNU over linux or GNU on Linux.

Seriously, the mensa thing is just flamebait.
Get over yourself.

Re:One word: (0)

Anonymous Coward | more than 8 years ago | (#13521360)

Can't you read? He stated he wanted suggestions other than "Linux." Mensa, yeah right.

Lots of ways (2, Insightful)

nocomment (239368) | more than 8 years ago | (#13520939)

You could install an active scanner, like mcaffee or norton, on all of the machines, though this can become a headache with the machines not updating often enough. This should be done anyway. You could also use passive scanners that are stand-alone apps that you click on and run periodically to clean viruses. This is typically the cheapest, and also by far the least reliable as it requires users to do it every once in awhile (assuming of course that you don't ant to run around to all the machines yoruself). You could also use clamav to filter just about anywhere. Squid has a plug-in for monitoring web-traffic, amavisd-new uses it for mail filtering, and Samba can use it for scanning incoming files on file shares (this catches a lot of viruses that try to copy themselves to available shares, ie Klez).

Re:Lots of ways (3, Informative)

nocomment (239368) | more than 8 years ago | (#13520953)

oops, forgot to check "Plain old text"

here it is again with line breaks that make sense.

----

You could install an active scanner, like mcaffee or norton, on all of the machines, though this can become a headache with the machines not updating often enough. This should be done anyway.

You could also use passive scanners that are stand-alone apps that you click on and run periodically to clean viruses. This is typically the cheapest, and also by far the least reliable as it requires users to do it every once in awhile (assuming of course that you don't ant to run around to all the machines yoruself).

You could also use clamav to filter just about anywhere. Squid has a plug-in for monitoring web-traffic, amavisd-new uses it for mail filtering, and Samba can use it for scanning incoming files on file shares (this catches a lot of viruses that try to copy themselves to available shares, ie Klez).

Clamwin (1)

SanityInAnarchy (655584) | more than 8 years ago | (#13521002)

Not the slickest package, but there is a decent Windows GUI for ClamAV. Also, you might consider going around with a bootcd every now and then to run clamav from a safe environment (Linux).

Don't forget about spyware. Spybot and AdAware should catch just about everything.

Oh, and ask for a raise. To keep Linux up-to-date requires one command. To keep all of these (minimum of four packages) up-to-date requires four different GUI operations, per machine. Sure, they supposedly keep themselves up-to-date, but I wouldn't count on it -- for one thing, I don't think Spybot updates or scans automatically, nor does the free version of AdAware.

So, more money for you, more staff, or more Linux. Their choice.

Re:Lots of ways (1)

qualico (731143) | more than 8 years ago | (#13521078)

"You could install an active scanner, like mcaffee or norton"

yep, and watch the machine crawl or worse crash from installing these horrible products.
Please tell me your not a consultant giving this adice to the business community.

"You could also use clamav to filter just about anywhere. Squid has a plug-in for monitoring web-traffic, amavisd-new uses it for mail filtering, and Samba can use it for scanning incoming files on file shares"

and then you go and redeem yourself with the best advice on Slashdot!

Re:Lots of ways (1)

tdelaney (458893) | more than 8 years ago | (#13522462)

This is no joke. Our IT&T department has just forced the latest version of McAfee on us. Now everyone gets bluescreens when the McAfee service starts (DFS error). We *think* is a combination of McAfee, ClearCase and Windows XP. Apparently Microsoft has been aware of it for some time, but doesn't have a patch for public consumption.

The workaround is to unplug your network connection(s).

I'd managed to avoid receiving the "update" be not rebooting since it started, but I had to move desks yesterday. Now both of my machines are bluescreening :(

It's for a church? (0, Troll)

Pig Hogger (10379) | more than 8 years ago | (#13520949)

It's for a church? Well, in that case, why don't you let God protect you? I mean, only the Creator himself can provide you with absolute, total protection, no?

Re:It's for a church? (0, Offtopic)

MindStalker (22827) | more than 8 years ago | (#13521125)

Yes, but he won't protect you from your idiocy. Just as if you decided to swimming in NOLA right now. Your gonna get sick.. Unless of course he told you to swim in NOLA, and promised you that you wouldn't get sick.. On the other hand, I doupt God made any such promises about these computers. Maybe they can throw holy water on them.. That would make them safe, in the same way a dead man is safe.

Re:It's for a church? (0)

Eneff (96967) | more than 8 years ago | (#13521140)

What's wrong with this approach, mods? Or do you not have the faith of a mustard seed?

Re:It's for a church? (1)

Pig Hogger (10379) | more than 8 years ago | (#13521393)

Hey! Most mods are yanks, so it's normal that they'd be brainwashed religious morons and so proceed to eradicate anything that's against their dogma by running over my karma...

Re:It's for a church? (0)

Anonymous Coward | more than 8 years ago | (#13521466)

or maybe you got bodded down for being a cockbite? i think that is more likely

Re:It's for a church? (1)

LWATCDR (28044) | more than 8 years ago | (#13522108)

Or maybe they take freedom of religion seriously... For all we know this "church" could be a Universalist Unitarian, Wiccan, or The First Church of the Last Chance World on Fire Revival and Christian Military Academy. I find it refreshing to see a brain dead bigot getting modded down.

Re:It's for a church? (1)

MortiRena (907724) | more than 8 years ago | (#13532213)

It's a Newfrontiers [xtn.org] church.

Re:It's for a church? (1)

LWATCDR (28044) | more than 8 years ago | (#13532576)

Doesn't really matter which one it is. You asked a civil question and should get back a civil answer. Um... Wait your from the UK. Is this church also from the UK?? That would make my day. An anti-religious and anti US bigot bashing on a church in the EU. At times like this I know that God lives and has a sense of humor:)
You have just made my Sunday.
I have had good luck with AVG. If you can get a good price on that I would go for it. Also Spybot and Adaware for malware. Get them off IE and outlook and on Firebird and Thunderbird. Finally watch those notebooks. The only time we ever had a worm get into our office past our firewall was when a programmer brought back a notebook from a trip and it had gotten infected.

Re:It's for a church? (1)

MortiRena (907724) | more than 8 years ago | (#13533714)

I looked into AVG, Grisoft is a US company so we get our asses taxed off. But still, it's pretty reasonable. They offer up to 20% discount for churches and up to 30% for registered charities. My church is a registered charity, so I'd hope for 50$ off, thankyouverymuchGrisoft. Or just go for the charity angle.

Re:It's for a church? (1)

LWATCDR (28044) | more than 8 years ago | (#13535331)

Sorry to hear that. Aren't charities tax exempt in the UK.
I don't know the tax laws in the UK.

Re:It's for a church? (1)

MortiRena (907724) | more than 8 years ago | (#13536567)

I think so but I don't know how that applies to international type ordering. I need to look into that some more.

For protecting a SOHO network (0)

Anonymous Coward | more than 8 years ago | (#13520969)

I use a Fortinet 50A. You get a nice FW/AV/IDS and webfiltering for a few hundred list. Of course, they've had a spotty GPL past so perhaps this is the wrong audience :)

Of course... (-1, Troll)

benjamindees (441808) | more than 8 years ago | (#13520988)

Linux. Don't give them a choice.

Small businesses are run by dipshits who think they know what they're doing and like to question and micromanage every little thing.

You're the expert.

Re:Of course... (1)

tom8658 (899280) | more than 8 years ago | (#13521682)

Small businesses are run by dipshits who think they know what they're doing and like to question and micromanage every little thing.

Not all small business are run by dipshits, or horribly micromanaged.

That said, small businesses with the type of boss who like to micromanage things he/she/it doesn't understand are like the Pit of Fire (tm, why not keep the language appropriate :D) for network admins. If they hired you to manage/secure the network, they should let you do it. This ideally includes trading XP for Linspire or Ubuntu with gnome or some other kid-friendly Linux OS. If they like bubbly, give them KDE if you must. As a rule, allowing the employees to personalize company computers is a bad idea anyway, its just a workstation, not a place to get comfy, you certainly don't need to be bringing your copy of PartyPoker to work and installing it on my network. Then you never run spybot or the virus scan like I tell you to, so I lose a whole afternoon fixing the computer.

I used to be a software engineer who was responsible for the network. Now I'm just a software engineer who runs the webserver.

My 2 cents (2, Insightful)

rpbailey1642 (766298) | more than 8 years ago | (#13521014)

The laptops are going to be the biggest hassle, as people tend to take them home and who knows what crap they do there. Set up a NATD gateway with DansGuardian, ClamAV, Squid, and whatever other proxies for your systems to direct their traffic out. The NAT will protect them from worms and viruses randomly scanning for IP addresses and the other programs will filter for viruses if they check Hotmail, POP, or whatever else they might use. You can set up SMB-scanning with ClamAV to randomly check the computers on your network for viruses. If you have the option, I'd recommend Deep Freeze [faronics.com] for your Windows XP computers. If more information is desired about anything I've said, please leave a message and I'll dig up information on how to configure said programs.

not sure what you want (3, Insightful)

j-turkey (187775) | more than 8 years ago | (#13521038)

Remember that there are many different types of antivirus solutions out there. I assume that you're looking for a basic desktop virus scanner. I've heard all kinds of great things about AVG, which is supposedly free, but have no experience with it. If they are ever planning on growing their network/userbase, a managed AV client/server is the way to go. Otherwise, you have to worry about different configurations and whether or not systems are being regularly updated with the latest definitions.

If you're looking for something on the mail gateway side, I would highly recommend looking into ClamAV [clamav.net] . The price is certainly right (free/free). Supposedly, ClamAV gets definitions for the latest and greatest viruses before commercial vendors are able to...although I have no evidence to back this claim up. The main selling points for me are first, that works. Second, it's free - there are no per-seat license fees. Third, there are no subscription models to deal with.

I'll close with a short on-topic rant. I can't stand antivirus subscriptions. Having to track, budget for, and renew subscriptions is a huge PITA. It's not a service - it's software. I'm sort of bummed that so many people have accepted this subscription BS, enabling the vendors to keep pulling it.

Re:not sure what you want (2, Interesting)

wumingzi (67100) | more than 8 years ago | (#13522994)

I'll close with a short on-topic rant. I can't stand antivirus subscriptions. Having to track, budget for, and renew subscriptions is a huge PITA. It's not a service - it's software. I'm sort of bummed that so many people have accepted this subscription BS, enabling the vendors to keep pulling it.

Use any anti-virus software with year-old definitions. Tell me how that works out for you.

I get annoyed with the cost of maintaining desktops in my office, but AV software pays for itself the first time it keeps a virus from infecting our network. In terms of Software Stuff That Cheeses Me, it is the least of our problems.

Re:not sure what you want (1)

j-turkey (187775) | more than 8 years ago | (#13537166)

Use any anti-virus software with year-old definitions. Tell me how that works out for you.

I've never had to pay for the definitions for ClamAV, which claims to publish new definitions more quickly than the commercial versions. I remain unconvinced that the subscription-based model is customer friendly in any way.

Re:not sure what you want (1)

Thing 1 (178996) | more than 8 years ago | (#13523502)

Supposedly, ClamAV gets definitions for the latest and greatest viruses before commercial vendors are able to...although I have no evidence to back this claim up.

Here [sourceforge.net] ya go!

I'd give an excerpt, but SourceForge is currently down (that's where ClamAV's [clamav.net] news is hosted). The gist is, for the most recent 50 viruses, ClamAV had the quickest response time for 77% of them. That says a lot.

The definitive answer... (1)

chrisflesner (899706) | more than 8 years ago | (#13521057)

According to recent polls [slashdot.org] the best option is "Linux or other free OS", followed closely by "Other (specify below)". :)

Re:The definitive answer... (1)

keltor (99721) | more than 8 years ago | (#13523311)

I bet good money this was because AVG which a lot of geeky people tend to use was not on the list.

Religion (0, Troll)

Anonymous Coward | more than 8 years ago | (#13521151)

Religion is the biggest virus of them all.

Minimizing viruses (1)

Nutria (679911) | more than 8 years ago | (#13521168)

Does the site use Exchange? As a small church, probably not.

If so, then switching to Firefox & Thunderbird would eliminate a huge vector for malware, especially if the pop-up blocker and spam filter were enabled.

You *might* not even need AV software, although if the Linux box is the mail server, it never hurts to install SpamAssassin and ClamAV.

I find (1)

Stargoat (658863) | more than 8 years ago | (#13521236)

I find Symantec Enterprise answers very nicely. It can be set up with login scripts easily and will update itself day or quicker. With centralized management, it removes most worries. Cost might be an issue, but so is lost productivity. A slow old computer can do the management. You don't need to spend any money on hardware there.

Re:I find (2, Informative)

QuantumRiff (120817) | more than 8 years ago | (#13521508)

We are a school, and pay about $17/year per machine for Corporate Edition 10. A non-profit church should be similar.
Pluses are, it now scans for malware, (thank god!), and is pretty automated.
Minuses, I spent 35 minutes on hold on their "Enterprise support line" to get a guy to give me a username/password to download the newest build, as the one we are using crashes randomly. (why on earth do they not have an automated update functionality for the program itself?) Also requires a server, and can slow down systems quite a bit.. (uses 25MB of Ram, and 27MB of swap just sitting Idle right now on my box)

My own $0.02 - Trend Micro (1)

ReverendLoki (663861) | more than 8 years ago | (#13521272)

For an organization of the small-to-medium size, I rather like Trend Micro's SMB options. It's really nice being able to administrate all of the individual AV applications from one console. It provides active scanning, and isn't a huge, bloated app that acts like the purpose of the machine it is installed on is to run the antivirus program. I've had it run quite well on many older machines without a noticable performance hit.

Now, the drawbacks: You'll probably have to find a vendor, it won't be free (though from my own experience, the cost isn't real prohibitive either), and to fully capitalize on it you'll need to have a machine run as the AV server. Good news is that server can be an old machine, or a shared server, as it doesn't use a lot of resource.

I've been very happy with this, but of course you'll need to further evaluate it for your own needs.

some ideas (2, Insightful)

thenerdgod (122843) | more than 8 years ago | (#13521289)

1: I recently switched from Norton to F-Prot, as it did a better job of finding malware than Norton/Symantec. (Though, allegedly, Kaspersky has a better detection rate)
2: f-prot pro is $44 per "user" ... you should ask about low-cost non-profit pricing. It's free for personal use on Linux.
3: consider running one network for the desktops, and a separate network with a firewall/dansguardian/snort for laptops so the nasty visitors don't plague your permanent machines

Nod32 (2, Interesting)

Dante333 (25148) | more than 8 years ago | (#13521298)

I've heard a lot of good things about NOD32 http://www.nod32.com/ [nod32.com] . Its a product you gotta pay for, and it runs on windows. It doesn't seem to have the bloat that Symantec or Mcafee has. They have a free trial, so it may be worth looking at. Another good one is Panda http://www.pandasoftware.com/ [pandasoftware.com] . You will definately want to check out what they have for management options.

Now someone mod me down cause I didn't tell them to switch to linux.

Re:Nod32 (1)

drdanny_orig (585847) | more than 8 years ago | (#13522780)

I'll certainly never mod you down for that. I switched too NOD32 when Kaspersky KAV4.x bloated up like Norton/Symantec, and I'm oh-so-glad I did. I've never used their enterprise stuff, but I'm so pleased with the single-machine version that I'd not hesitate to give it a try were I in the market.
And no I don't work for NOD or Eset or whoever it is.

Re:Nod32 (1)

JorDan Clock (664877) | more than 8 years ago | (#13532239)

Panda is anything but a "good one."

My girlfriend's machine (which she shared with her family) had that installed on it. After playing around with the machine for half an hour cleaning out everything I knew about, it still had issues with random pop-ups and unidentifiable processes. I went out on a limb, removed Panda (which took quite some time as it embeds itself as deep as AOL) and replaced it with AVG. Sure enough, almost all the problems went away. Between AVG being able to actually find virii and getting rid of Panda's deep-rooting soul-sucking software, the machine ran considerably faster.

Now, if I could only get them to run Ad-Aware once in a while, they'd be set...

ClamAV (1)

Noksagt (69097) | more than 8 years ago | (#13521385)

Run ClamAV [clamav.net] on the Linux servers. Disallow file sharing from any other machine. Have good firewall rules. Don't allow people to run as Administrator.

This will prevent the spread of most worms. Email virii and trojans are still a concern. You might get by with running ClamWin [clamwin.com] on as much as possible. This lacks a real-time scanner, so you may still want a commercial package. All of the big names have their own pros & cons.

Firewall, firewall, firewall (4, Insightful)

bjprice (863197) | more than 8 years ago | (#13521407)

Your primary danger is the laptop users. A laptop will get infected at home, the luser will bring it in and jack into your network, and the infected laptop will infect all the other windows hosts if you haven't been regularly patching them, or at least some other laptops (which were out of the office when you applied the latest patch)...

Ideally make windows clients perform a virus definitions update and then a virus scan as part of your Windows domain logon script. Make them install any outstanding Microsoft patches on logon too. Anything not on the domain doesn't get access to anything.

Keep laptops on an entirely separate subnet from your permanently resident machines and firewall all traffic between the two, whitelisting only the ports/protocols you absolutely need.

Then it goes without saying that you need active firewalling on the main internet gateway/router, email scanning/cleansing software on the mail server, and anti-spyware, anti-virus and maybe personal firewall software on each individual machine, as a start. Block dangerous filetypes at the web proxy. Disable any and all unnecessary Windows services, and don't let your users run with as administrators. Disable IE (don't just remove the icon - actually block it at the firewall) and Outlook (Express), install Firefox and Thunderbird or similar and keep them fully patched too.

All of the above won't guarantee the safety of your network, but it'll help. Remember that your lusers will actively attempt to circumvent all of your security policies however they can, and that they're all pathological liars.

As for what specific software you should use, I'd lean heavily towards Linux on all servers/routers, but can't help you on the Windows stuff. The last virus I got on an Amstrad 386 running DOS. I've been careful since then, but your users won't be - because they simply don't care.

buy licensed to norton or other competitor (0, Flamebait)

tsume (903026) | more than 8 years ago | (#13521461)

I know churches spending costs. I'm telling you to go buy licenses. Churches get great vasts donations. You are not wanting to spend a penny on software. Well news flash buddy, not everything good is free. Churches get roughly 10-20k a year to spend money on church from donations. Yes, small churches, even businesses. You are best to go buy licensed and stop being a penny pinching bastards, mainly because it makes you look bad.

Re:buy licensed to norton or other competitor (1)

LWATCDR (28044) | more than 8 years ago | (#13522003)

1. Not every church is rich. Yea some make a lot of money but some are dirt poor.
2. Free is aways better no matter how much money you have.
3. I never saw where he wanted to spend no money but just wanted to do the best for the least cost. Which is what every business should want to do.

Who needs a virus scanner? (2, Funny)

David Horn (772985) | more than 8 years ago | (#13521533)

Surely the Lord will keep your laptops virus free?

Thank you. I'm here all week.

Re:Who needs a virus scanner? (1)

bluGill (862) | more than 8 years ago | (#13522691)

No, remember Job. The Lord will from time to time allow Satan to make attempts at you, just to prove how faithful you are.

Re:Who needs a virus scanner? (1)

TheHawke (237817) | more than 8 years ago | (#13528328)

Heh, Try posting a note saying that if ANYONE's system gets a infection, you WILL break their fingers.

Hang a ballbat above your doorway.

Post memo.

Watch the infection related trouble tickets drop like a rock.

My choice... (2, Insightful)

stienman (51024) | more than 8 years ago | (#13521623)

After looking at several options (including trendmicro, norton, etc) I finally went with Sophos. Their AV line covers servers (NT, Novell, Linux, etc) through desktops, and has central management of all installations. Auto update (hourly, if you want) and all the features the other corporate editions of virus software had.

In either case, all these companies will give you trial software. Try each one out and find the one that you feel comfortable dealing with. In a small company it might be fine to use individual licenses (such as a bunch of boxed mcaffees) but when users start getting messages about expiration, or errors about incomplete updates it only makes your job harder. My setup involved 14 licenses (a few servers and a bunch of workstations) and the users never needed to deal with the software. I was also able to prevent them from turning it off or uninstalling it as well (for all but the most determined, anyway) and if they did mess with it I was alerted.

Your situation may be different, so try out several different companies. As a point of reference, my 14 licenses cost about $1,100 for two years. $40/year/computer may seem excessive, but when you start looking at corporate licensing from some other companies and the cost of recovery from a major virus break because a user disabled theirs to install a flash game then it is favorable by comparison.

As a non-profit, AVG might still be free for you (requires payment for commercial use). You may also find that other companies have discounts for non-profit or charitable entities, especially those located in your own country as they can deduct taxes.

Good luck.

-Adam

I was going to recommend Sophos as well (1)

lilmouse (310335) | more than 8 years ago | (#13531909)

I find they are very good for small business.

Be sure to ask sales people if there is a discount for non-profits. It might not help, but then again, the worst they can say is "no"!

--LWM

Try Avast or ZoneLab suite (1)

Temeraire (913731) | more than 8 years ago | (#13522387)

My small business has a mixed bag of computers of various ages with Windows XP, Me and 98, within which most of the big antivirus names are simply hopeless. (Won't upgrade cleanly, won't load on 98 or without IE6, hog lotsa memory, etc.) We tried AVAST (free for home use, moderate price for commercial) and love it -- superb product. However, nowadays, a firewall takes primacy over an antivirus program, so what actually got our money was Zone Labs antivirus suite (low price, high performance). Daily virus updates download smoothly on dial-up, but the monthly new programs (13M) are a job for broadband and then port to outlying machines on a USB key.

Already running a church AV solution (2, Insightful)

cyanics (168644) | more than 8 years ago | (#13522496)

Basically, I am doing the exact same thing. Currently, they have 8 systems, 1 server, no wireless. I installed Norton AV on all of them last year, for around $100. Worked out fairly nice, Norton was offering 3 user packs for 19.99 after rebates. So it was like $6.00 per installation.

However, since norton has not released 2006 before the subscriptions on these systems were up, and $35 per machine was a little too much, I have been looking into CA eTrust. We already use it at one site, and it works really well. Great thing about eTrust, is that the installation is the same, regardless of the OS level. It works with just about everything. And if you have tried to install Norton Home edition or Pro on a Windows 2003 server, you know what I mean. Its rediculus to have to purchase a server and client copy for $400 to just protect one server.

Check out eTrust. Been pretty happy with it. The other option is doing shares, and run clamscan across the network to protect those machines.

Trend Micro (1)

yamla (136560) | more than 8 years ago | (#13522544)

I've had good experiences with Trend Micro, apart from their complete lack of tech support response. My experience shows that Trend Micro works at least as well as Norton Antivirus with SIGNIFICANTLY less drain on the system resources.

AVG is worth looking at though as others have pointed out, it won't be free for you.

Re:Trend Micro (1)

tom8658 (899280) | more than 8 years ago | (#13523434)

i used pc-cilin at home and I was very impressed with it. Unfortunately it's subscription based, but so are all its commercial couterparts

NOD32 (2, Informative)

samdu (114873) | more than 8 years ago | (#13522897)

I used to recommend McAfee. And then they started writing crap software. So I started recommending Norton. And then THEY started writing crap software. I use AVG at home and I'd recommend it without hesitation to home users. But the best Anti-virus on the planet at the moment is humble NOD32. It consistently scores above all the others, catches more viruses and returns fewer false positives. It's not too expensive, either. About $35-$40 a seat (US).

On the Linux side, I'd recommend AntiVir. It works. You might be asking why you'd need anti-virus on a Linux box. If it's serving files to Windows clients, it can still CARRY the viruses even if it can't be infected. It's best to have the server side covered if at all possible in case a workstation misses something.

Sophos is best for me (1)

Nexus5 (913757) | more than 8 years ago | (#13523672)

I choose Sophos http://www.sophos.com/ [sophos.com] as other payforuse AntiVirus packages made our Desktop 486 machines just grind to a halt. So not taking up processing power was important for me and Sophos just won the day.

It has multple OS support!!! It almost became an obsession to have as many OS's an my network as possible just to see sophos on them all:-)

I just loved the .ide downloading, so small are these files, so we run in full paranoid mode (every 20 minutes) the client machines check with OUR central server for updates. Our main server (FreeBSD) also checks for ide updates every 20 minutes and monthly for the main updates. Our users never know Sophos is there, it just works. Piping emails through it via AMaViS was too easy.

Since we still have w95,w95osr2,w98se machines aswell as FreeBSD server, XPpro and 1 mac, Sophos has become the simplest solution for us. They have not yet said they are dropping support for w95, hope they don't.

Wish they would let home users have it free, the world would become a better place. So can you add Sophos to the voting poll?? and not have it hidden in other.

The really annoying thing is that Sophos don't include AntiSpyware as part of it.

Re:Sophos is best for me (1)

tsstahl (812393) | more than 8 years ago | (#13539767)

My sophos subscription lapsed in 2004. Anyway, the license at that time INCLUDED employee's personal home machines.

WebAdmin (1)

TracerRX (775473) | more than 8 years ago | (#13523833)

I use Panda WebAdmin [pandasoftware.com] on about 50 workstations, 8 laptops, and several windows servers. It works great, and you can log in anytime to see the current status of all the machines (even laptops). Luv it.... Although I wish they would release a *nix client as well

McAfee SMB (1)

George Beech (870844) | more than 8 years ago | (#13523874)

I would suggest McAfee SMB. The 8.0i version has some nice features Basic Firewall, Buffer Overflow Protection(I can't say how well this actually works but hey at least it's trying to stop one of the most common reasons for security holes.), and of course anti-spyware. Also I believe the package comes with an version for linux but don't quote me on that cus it's been a long week and my brain has started to do the shutdown thing.

It also comes with a stripped down version of ePolicy Orchastrator called Protection Pilot which is very well thought out and done.

no matter what you do stay away from the commercial versions of either McAfee or Norton, they are both bloated, crappy software that take over your machine.

Don't overlook the Hourly Definition Update (0)

Anonymous Coward | more than 8 years ago | (#13523972)

Whatever you use, make sure there is a way to update everyone with the hourly update. I use a solution that allow me to control all Virus and Spyware real-time scan from a single console (including remote installation!). Most importantly, it supports hourly definition update. You will be surprised how soon these AV companies know about new worms/viruses before you get the official update.

Also, use WSUS to quickly patch everyone plus block certain extension will greatly reduce the incoming worms/viruses.

Good security policy + Free Software (1)

tantalic (194548) | more than 8 years ago | (#13524821)

The first thing to remember is that a Virus Scanner is primarily a reactive tool. While it is a necessary evil it does not replace the more important proactive measures which will decrease the need of virus scanning exponentially. Important proactive measures include:
  • Start by ensuring that you are running software you trust, in particular eliminate Internet Explorer and Outlook/Outlook Express.
  • Next install a good firewall for your office with a default deny policy and only enable services needed for each individual machine. I would suggest OpenBSD with PF
  • Finall install a virus scanner on your email server which scans all incomming messagess before they are relayed. You also may want to consider scanning outgoing mail to insure you don't send a virus to your clients. I would recomend ClamAV for this.
As for regular scanning of your desktop machines, with the above measures the need should be greatly reduced. I would recomend ClamAV again. With the proper settings you can update your virus definition database 4 times/hour and it tends to be a very good scanner. The windows scanner UI leaves much to be desired, I would recomend creating running a custom shell script as a cron job from one of your servers that scans all desktop clients over SMB.

A couple of points (1)

MoogMan (442253) | more than 8 years ago | (#13525917)

I'm sure people will name some good virus scanning packages, so I'm going to suggest a few extra procedures that you should use if possible:

@ Segment your laptops off onto their own LAN. This should only cost as much as a new Ethernet card in your router, maybe a few more wires and time for configuration. Set a restrictive egress policy (maybe only allow port 80 and enable the rest on request), to minimise random virus port usage and other evils such as P2P programs.

@ Turn off or minimise use to IE. ActiveX is an effective spread vector for spyware, and spyware can lead to viruses.

@ Turn off macro support in Microsoft Office (if you use it), and Outlook (again, if you use it). Set your mail reader to only view text emails.

@ Make sure all your systems have Windows Update set to automatic, and make a policy that all laptops that come in have the same configuration.

Squid proxy, forbid downloads of .dlls... (1)

Evro (18923) | more than 8 years ago | (#13526331)

I setup a proxy for my nieces, forbidding the download of the following things:

acl downloads rep_mime_type -i ^application/unknown$
acl downloads rep_mime_type -i ^application/octet-stream$
acl downloads rep_mime_type -i ^application/zip$
#acl downloads rep_mime_type -i ^application/x-javascript$
acl downloads rep_mime_type ^$
#acl downloads rep_mime_type -i ^image/gif$
acl downloads-url urlpath_regex -i \.exe$
acl downloads-url urlpath_regex -i \.zip$
acl downloads-url urlpath_regex -i \.dll$
acl downloads-url urlpath_regex -i \.dat$
acl downloads-url urlpath_regex -i \.bin$
acl downloads-url urlpath_regex -i \.class$


And whitelisting these:

acl allowed-domain dstdomain .microsoft.com
acl allowed-domain dstdomain .mozilla.org
acl allowed-domain dstdomain .ibm.com
acl allowed-domain dstdomain .ebay.com
acl allowed-domain dstdomain .yahoo.com


It's worked pretty well, I should probably tighten the restrictions and add some more sites to the whitelist, but I've been lazy. But this won't help email viruses. I used to have a sendmail plugin that just stripped all .exe .bat .com (etc.) attachments from incoming mail - that's probably among the easiest things you can do to stop viruses. Nobody needs to be emailing you exes.

Avast! for SMB (1)

aaronmarks (873211) | more than 8 years ago | (#13532630)

If you can set up a Windows 2003 SBS Avast! for SMB is the way to go. It is cheaper than the normal version of Avast! for Server because it is for Small Businesses, and works amazingly well (especially when compared to the offerings by companies like McAfee and Symantec). If you could somehow get your hands on a copy of Win2k3 SBS, set up an Active Directory and deploy Avast! that way you would be very happy. If not, just buy Avast! Professional for the Windows XP laptops and then Avast for Unix/Linux Servers and install them all separately. I always highly recommend considering going with Small Business Server router though and setting up an ISA server with Active Directory and Microsoft Exchange email, etc.

Kaspersky (1)

cornice (9801) | more than 8 years ago | (#13541189)

I went looking for centrally administered AV solution a few months ago and settled on Kaspersky because:

1 - Detection rates are supposed to be very good.
2 - The price was great.
3 - Linux support is on par with Windows.
4 - Administration is done from a single (unfortunately Windows only) PC.
5 - Companies like Astaro Security Linux license the Kaspersky scanner.
6 - Kaspersky had one of the first mail scanners for Sendmail, Postfix, etc.

This project was funded because a day after I started a trojan infected the network and shut down operations for days. I couldn't get any scanners to find anything anywhere. On a whim a guy installed Defender Pro (Kaspersky) which he picked up from Wal-Mart for $20. Defender Pro detected the infection and removed it. We cleaned off a half dozen infected PCs (unpatched Win2K) and purchased 100 licenses for Kaspersky AV.

No, I don't work for Kaspersky.

techsoup.org (1)

ejoe_mac (560743) | more than 8 years ago | (#13544293)

It'll get you a huge discount on software purchases. Honestly, keep a Windows Server around, install NAV Enterprise, and keep things clean and small. If you get the chance, move to Virtual Server or VMWare so you can do seperate servers but without having to but extra hardware.

Keeping Viri out of the office (1)

managerialslime (739286) | more than 8 years ago | (#13546031)

If you are going to protect your network, you need to protect from all currently known avenues of attack.

First the boring but necessary stuff (Topics 1-7). (Really important stuff follows in Topic 8):

1. We use Grisoft at the office (not free for commercial use, but it works and is relatively low cost). We make sure that EVERY server and PC has antivirus AND firewall. We also add Microsoft's anti-spyware to all Windows PCs. We also run ad-aware or spybot against all files about once a month.

2. The biggest source of badness comes from people bringing in stuff from home. We encourage everyone to run Grisoft and Zone alarm at home (both are free for home use.)

3. While everyone needs I.E. for Windows updates and running MS-centric web sites, we encourage EVERYONE to surf using Firefox and keep it updated.

4. Everyone is encouraged to update all Microsoft products with automatic settings where possible, and twice a month where not possible.

5. For users of Comcast's high speed internet, we have had good experiences with the anti-spyware and firewall they provide for free.

6. All of this still does not provide complete protection. We continually look for Outlook add-ins that will detect phishing and other bad emails. Nothing to recommend so far.

7. Linux and Unix boxes get isolated on their own network segments where possible.

NOW FOR THE REALLY IMPORTANT STUFF

For those PCs you MUST protect, consider these steps: 8a. Get Partition Magic (or other product) and divide your disk into C:, D:, and E.

8b. C: gets windows and nothing else either than the occasional utility that is too brain-dead to work elsewhere. Make a bootable CD that contains a mirror of C:. Virus recovery of the OS becomes quick and easy.

8c. D: gets all of your application programs. This will be much bigger than C:, but fortunately many viruses ignore drives other than C:. D: gets backed up only when you add new application software.

8d. E: gets all of your DATA.. This includes all word processing, spreadsheet, presentation, Visio, and local data files. It also includes source code and programs if you are a coder. E: gets backed up to a CD or DVD EVERY NIGHT. If you need more room than fits on a CD or DVD, then consider partitioning your drive into multiple data drives. The goal here is to simplify the recovery process to the point where not only is backing up of relevant data easy, but so is disaster recovery.

8e. Now the most important part. At least once a week, bundle up all of your backup CDs and DVDs for any drive EXCEPT the most recent and mail to a remote office (or relative). Now you have protected your data against theft, fire, flood, or other local disaster.

I'm Way Way Way too Poor ................ for a SIG.

Techsoup.org is a good source (1)

vrTeach (37458) | more than 8 years ago | (#13546803)

As you are a non-profit, you may be able to purchase software from techsoup ( http://www.techsoup.org/ [techsoup.org] ). This is a non profit that helps other non profits with technology questions. They also have corporate partners who will provide licenses at lower costs.

It still would help to filter at the mail server, as per the numerous suggestions for ClamAV and spamassassin.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...