Virus Prevention in the Small/Medium Business? 89
Morti asks: "I've been asked to select a virus scanner to be installed on the network at work. It's only a small office with six Windows XP PCs, two Linux servers and any number of Windows XP laptops that random people bring in. And I'm wondering, not just in this case but generally, what is the virus scanning / Internet security solution of choice for the small business these days? Costs need to be kept at a minimum, particularly because this business is a registered charity (a church, no less). We used to have Norton Internet Security but I'm not really keen to keep it. Besides Linux (which I've been pushing but nobody's interested), what is the most cost-effective and generally 'best' virus prevention and Internet security solution for the small/medium business?"
AVG free (Score:2, Informative)
Small, reliable and free.
Re:AVG free (Score:5, Informative)
Re:AVG free (Score:1)
Re:AVG free (Score:2)
Re:AVG free (Score:2)
While AVG is free for personal use it is NOT free for organizations, even a church.
Re:AVG free (Score:2)
You must not use the program in a network or on more than one computer.
Re:AVG free (Score:2)
Of course no one's interested in Linux... (Score:3, Funny)
*ducks*
Re:Of course no one's interested in Linux... (Score:5, Insightful)
I'll get on a slight rant: I've said as much to nonprofits as well as my city government. Why do you need to buy Windows and Office? Oh, they say, we need to remain compatible with everyone else. OK, I reply, what kinds of document exchange do you do? Well, they say, looking at each other, we print things out on letterhead.
So yeah, squandering is what you're doing.
Re:Of course no one's interested in Linux... (Score:1)
Last time I ordered 2003 server was $128 and Office Pro was $90.
When you consider lost time do to futzing MS might be cheaper. Of course when you consider MS's hardware requirement it might be cheaper.
Dan
Three stories down (Score:3, Insightful)
you can read a spirited discussion on the pros/cons of OS X as a virus deterrent. You said that you have tried Linux to little avail--maybe they'd be happier with a non-Windows machine that can still run Microsoft Office?
Re:Three stories down (Score:1)
He needs to keep Windows
Re:One word: (Score:5, Funny)
Lots of ways (Score:3, Insightful)
Re:Lots of ways (Score:4, Informative)
here it is again with line breaks that make sense.
----
You could install an active scanner, like mcaffee or norton, on all of the machines, though this can become a headache with the machines not updating often enough. This should be done anyway.
You could also use passive scanners that are stand-alone apps that you click on and run periodically to clean viruses. This is typically the cheapest, and also by far the least reliable as it requires users to do it every once in awhile (assuming of course that you don't ant to run around to all the machines yoruself).
You could also use clamav to filter just about anywhere. Squid has a plug-in for monitoring web-traffic, amavisd-new uses it for mail filtering, and Samba can use it for scanning incoming files on file shares (this catches a lot of viruses that try to copy themselves to available shares, ie Klez).
Clamwin (Score:2)
Don't forget about spyware. Spybot and AdAware should catch just about everything.
Oh, and ask for a raise. To keep Linux up-to-date requires one command. To keep all of these (minimum of four packages) up-to-date requires four different GUI operations, per machine. Sure, they supposedly keep themselves up-to-date, bu
Re:Lots of ways (Score:1)
yep, and watch the machine crawl or worse crash from installing these horrible products.
Please tell me your not a consultant giving this adice to the business community.
"You could also use clamav to filter just about anywhere. Squid has a plug-in for monitoring web-traffic, amavisd-new uses it for mail filtering, and Samba can use it for scanning incoming files on file shares"
and then you go and redeem yourself with the best advice on Slashdot!
Re:Lots of ways (Score:2)
The workaround is to unplug your network connection(s).
I'd managed to avoid receiving the "update" be not rebooting since it started, but I had to move desks yesterday. Now bo
Re:It's for a church? (Score:1, Offtopic)
Re:It's for a church? (Score:1)
Re:It's for a church? (Score:2)
Re:It's for a church? (Score:2)
Re:It's for a church? (Score:1)
Re:It's for a church? (Score:2)
You have just made my Sunday.
I have had good luck with AVG. If you can get a good price on that I would go for it. Also Spybot and Adaware for malware. Get them off IE and outlook and on Fi
Re:It's for a church? (Score:1)
Re:It's for a church? (Score:2)
I don't know the tax laws in the UK.
Re:It's for a church? (Score:1)
Re:Of course... (Score:1)
Small businesses are run by dipshits who think they know what they're doing and like to question and micromanage every little thing.
Not all small business are run by dipshits, or horribly micromanaged.
That said, small businesses with the type of boss who like to micromanage things he/she/it doesn't understand are like the Pit of Fire (tm, why not keep the language appropriate :D) for network admins. If they hired you to manage/secure the network, they should let you do it. This ideally includes trading
Re:Of course... (Score:1)
My 2 cents (Score:3, Insightful)
not sure what you want (Score:4, Insightful)
Remember that there are many different types of antivirus solutions out there. I assume that you're looking for a basic desktop virus scanner. I've heard all kinds of great things about AVG, which is supposedly free, but have no experience with it. If they are ever planning on growing their network/userbase, a managed AV client/server is the way to go. Otherwise, you have to worry about different configurations and whether or not systems are being regularly updated with the latest definitions.
If you're looking for something on the mail gateway side, I would highly recommend looking into ClamAV [clamav.net]. The price is certainly right (free/free). Supposedly, ClamAV gets definitions for the latest and greatest viruses before commercial vendors are able to...although I have no evidence to back this claim up. The main selling points for me are first, that works. Second, it's free - there are no per-seat license fees. Third, there are no subscription models to deal with.
I'll close with a short on-topic rant. I can't stand antivirus subscriptions. Having to track, budget for, and renew subscriptions is a huge PITA. It's not a service - it's software. I'm sort of bummed that so many people have accepted this subscription BS, enabling the vendors to keep pulling it.
Re:not sure what you want (Score:3, Interesting)
Use any anti-virus software with year-old definitions. Tell me how that works out for you.
I get annoyed with the cost of maintaining desktops in my office, but AV software pays for itself the first time it keeps a
Re:not sure what you want (Score:2)
I've never had to pay for the definitions for ClamAV, which claims to publish new definitions more quickly than the commercial versions. I remain unconvinced that the subscription-based model is customer friendly in any way.
Re:not sure what you want (Score:2)
Here [sourceforge.net] ya go!
I'd give an excerpt, but SourceForge is currently down (that's where ClamAV's [clamav.net] news is hosted). The gist is, for the most recent 50 viruses, ClamAV had the quickest response time for 77% of them. That says a lot.
The definitive answer... (Score:1)
Re:The definitive answer... (Score:1)
Minimizing viruses (Score:2)
If so, then switching to Firefox & Thunderbird would eliminate a huge vector for malware, especially if the pop-up blocker and spam filter were enabled.
You *might* not even need AV software, although if the Linux box is the mail server, it never hurts to install SpamAssassin and ClamAV.
I find (Score:2)
Re:I find (Score:3, Informative)
Pluses are, it now scans for malware, (thank god!), and is pretty automated.
Minuses, I spent 35 minutes on hold on their "Enterprise support line" to get a guy to give me a username/password to download the newest build, as the one we are using crashes randomly. (why on earth do they not have an automated update functionality for the program itself?) Also requires a server, and can slow dow
My own $0.02 - Trend Micro (Score:2)
Now, the drawbacks: You'll probably have to find a vendor, it won't be free (
some ideas (Score:3, Insightful)
2: f-prot pro is $44 per "user"
3: consider running one network for the desktops, and a separate network with a firewall/dansguardian/snort for laptops so the nasty visitors don't plague your permanent machines
Nod32 (Score:2, Interesting)
Now someone mod me down cause I didn't tell them to switch to linux.
Re:Nod32 (Score:2)
And no I don't work for NOD or Eset or whoever it is.
Re:Nod32 (Score:2)
My girlfriend's machine (which she shared with her family) had that installed on it. After playing around with the machine for half an hour cleaning out everything I knew about, it still had issues with random pop-ups and unidentifiable processes. I went out on a limb, removed Panda (which took quite some time as it embeds itself as deep as AOL) and replaced it with AVG. Sure enough, almost all the problems went away. Between AVG being able to actually find virii and ge
as mentioned on the poll... (Score:2)
ClamAV (Score:2)
This will prevent the spread of most worms. Email virii and trojans are still a concern. You might get by with running ClamWin [clamwin.com] on as much as possible. This lacks a real-time scanner, so you may still want a commercial package. All of the big names have their own pros & cons.
Firewall, firewall, firewall (Score:4, Insightful)
Ideally make windows clients perform a virus definitions update and then a virus scan as part of your Windows domain logon script. Make them install any outstanding Microsoft patches on logon too. Anything not on the domain doesn't get access to anything.
Keep laptops on an entirely separate subnet from your permanently resident machines and firewall all traffic between the two, whitelisting only the ports/protocols you absolutely need.
Then it goes without saying that you need active firewalling on the main internet gateway/router, email scanning/cleansing software on the mail server, and anti-spyware, anti-virus and maybe personal firewall software on each individual machine, as a start. Block dangerous filetypes at the web proxy. Disable any and all unnecessary Windows services, and don't let your users run with as administrators. Disable IE (don't just remove the icon - actually block it at the firewall) and Outlook (Express), install Firefox and Thunderbird or similar and keep them fully patched too.
All of the above won't guarantee the safety of your network, but it'll help. Remember that your lusers will actively attempt to circumvent all of your security policies however they can, and that they're all pathological liars.
As for what specific software you should use, I'd lean heavily towards Linux on all servers/routers, but can't help you on the Windows stuff. The last virus I got on an Amstrad 386 running DOS. I've been careful since then, but your users won't be - because they simply don't care.
Re:buy licensed to norton or other competitor (Score:2)
2. Free is aways better no matter how much money you have.
3. I never saw where he wanted to spend no money but just wanted to do the best for the least cost. Which is what every business should want to do.
Who needs a virus scanner? (Score:3, Funny)
Thank you. I'm here all week.
Re:Who needs a virus scanner? (Score:2)
No, remember Job. The Lord will from time to time allow Satan to make attempts at you, just to prove how faithful you are.
Re:Who needs a virus scanner? (Score:2)
Re:Who needs a virus scanner? (Score:2)
Hang a ballbat above your doorway.
Post memo.
Watch the infection related trouble tickets drop like a rock.
My choice... (Score:3, Insightful)
In either case, all these companies will give you trial software. Try each one out and find the one that you feel comfortable dealing with. In a small company it might be fine to use individual licenses (such as a bunch of boxed mcaffees) but when users start getting messages about expiration, or errors about incomplete updates it only makes your job harder. My setup involved 14 licenses (a few servers and a bunch of workstations) and the users never needed to deal with the software. I was also able to prevent them from turning it off or uninstalling it as well (for all but the most determined, anyway) and if they did mess with it I was alerted.
Your situation may be different, so try out several different companies. As a point of reference, my 14 licenses cost about $1,100 for two years. $40/year/computer may seem excessive, but when you start looking at corporate licensing from some other companies and the cost of recovery from a major virus break because a user disabled theirs to install a flash game then it is favorable by comparison.
As a non-profit, AVG might still be free for you (requires payment for commercial use). You may also find that other companies have discounts for non-profit or charitable entities, especially those located in your own country as they can deduct taxes.
Good luck.
-Adam
I was going to recommend Sophos as well (Score:2)
Be sure to ask sales people if there is a discount for non-profits. It might not help, but then again, the worst they can say is "no"!
--LWM
Try Avast or ZoneLab suite (Score:1)
Already running a church AV solution (Score:2, Insightful)
However, since norton has not released 2006 before the subscriptions on these systems were up, and $35 per machine was a little too much, I have been looking into CA eTrust. We already use it at one site, and it works really wel
Trend Micro (Score:2)
AVG is worth looking at though as others have pointed out, it won't be free for you.
Re:Trend Micro (Score:1)
NOD32 (Score:3, Informative)
On the Linux side, I'd recommend AntiVir. It works. You might be asking why you'd need anti-virus on a Linux box. If it's serving files to Windows clients, it can still CARRY the viruses even if it can't be infected. It's best to have the server side covered if at all possible in case a workstation misses something.
Trend CSM (Score:2)
Sophos is best for me (Score:1)
It has multple OS support!!! It almost became an obsession to have as many OS's an my network as possible just to see sophos on them all:-)
I just loved the .ide downloading, so small are these files, so we run in full paranoid mode (every 20 minutes) the client machines check with OUR central serv
Re:Sophos is best for me (Score:1)
WebAdmin (Score:1)
McAfee SMB (Score:1)
It also comes with a stripped down version of ePolicy Orchastrator called Pro
Did anyone else... (Score:1)
Good security policy + Free Software (Score:1)
A couple of points (Score:2)
@ Segment your laptops off onto their own LAN. This should only cost as much as a new Ethernet card in your router, maybe a few more wires and time for configuration. Set a restrictive egress policy (maybe only allow port 80 and enable the rest on request), to minimise random virus port usage and other evils such as P2P programs.
@ Turn off or minimise use to IE. ActiveX
Norton? (Score:1)
Squid proxy, forbid downloads of .dlls... (Score:1)
acl downloads rep_mime_type -i ^application/unknown$
acl downloads rep_mime_type -i ^application/octet-stream$
acl downloads rep_mime_type -i ^application/zip$
#acl downloads rep_mime_type -i ^application/x-javascript$
acl downloads rep_mime_type ^$
#acl downloads rep_mime_type -i ^image/gif$
acl downloads-url urlpath_regex -i \.exe$
acl downloads-url urlpath_regex -i \.zip$
acl downloads-url urlpath_regex -i \.dll$
acl downloads-url urlp
Avast! for SMB (Score:1)
Kaspersky (Score:2)
1 - Detection rates are supposed to be very good.
2 - The price was great.
3 - Linux support is on par with Windows.
4 - Administration is done from a single (unfortunately Windows only) PC.
5 - Companies like Astaro Security Linux license the Kaspersky scanner.
6 - Kaspersky had one of the first mail scanners for Sendmail, Postfix, etc.
This project was funded because a day after I started a trojan infected th
techsoup.org (Score:1)
Keeping Viri out of the office (Score:1)
First the boring but necessary stuff (Topics 1-7). (Really important stuff follows in Topic 8):
1. We use Grisoft at the office (not free for commercial use, but it works and is relatively low cost). We make sure that EVERY server and PC has antivirus AND firewall. We also add Microsoft's anti-spyware to all Windows PCs. We also run ad-aware or spybot against all files about once a month.
2. The b
Techsoup.org is a good source (Score:1)
It still would help to filter at the mail server, as per the numerous suggestions for ClamAV and spamassassin.