Forgot your password?
typodupeerror

Alternative Enterprise Anti-Virus Solutions? 148

Posted by Cliff
from the a-reasonable-request dept.
Darth_brooks asks: "I admin for a great non-profit organization that has spent the last year rebuilding after a massive fire. We've got a pretty tight system running now, especially compared to the unmanaged chaos that existed before the fire. Firefox for surfing and T-bird for for e-mail, WSUS for updates, and we're slowly replacing Office with OpenOffice. But out anti-virus solution (command AV, a holdover from our old system) is not cutting the mustard. Specifically the management console isn't exactly reliable, and we just don't feel like we're getting our money's worth. What alternatives can the Slashdot crowd suggest?"
"The two obvious names that come to mind are Norton and Mcafee. Since all of our machines are donated, we really don't have the resources for Norton (who does?) and Mcafee's just been dealt a black eye. In addition, we're on a limited budget. Our machines are mostly P2 & P3's, and we're an XP / Active Directory shop with some scattered Fedora & BSD boxes scattered about for non-desktop tasks.

The biggest features we're looking for are the ability to centrally manage updates (which rules of AVG's free edition), and a reasonable price tag for licenses for 50-60 machines. Our current solution is only in place because we signed a long term licensing agreement, and I don't want to see us get into another deal for a product that doesn't turn out to be as god as advertised. I'd also like to hear some of the Horror / Success stories from users."
This discussion has been archived. No new comments can be posted.

Alternative Enterprise Anti-Virus Solutions?

Comments Filter:
  • NOD32 (Score:5, Informative)

    by ikejam (821818) on Thursday May 18, 2006 @11:41PM (#15363077)
    • Re:NOD32 (Score:3, Informative)

      by NormHome (99305)
      I'll second that, I've been using NOD32 in a small non-profit enterprise for 18 months and we haven't had a single problem after flushing Norton with which we had hugh problems. The enterprise management console works really well and if you are also a non-profit make sure you mention that since Eset does give an additional discount to non-profits over their standard business pricing.
    • Re:NOD32 (Score:3, Interesting)

      by MaineCoon (12585)
      I can't agree enough; NOD32 is superior to anything else I have used. We use it on all our computers at home, I had my mom get it, and every friend who I have convinced to give the 30 day demo a try, has ditched whatever they were using and bought it.

      It's low impact on system resources, extremely effective, and they update frequently. It catches stuff Norton/McAfee don't bother with - things not quite 'viruses' but not exactly good for you either (such as intrusive activex controls and the like).
  • by Howard Beale (92386) on Thursday May 18, 2006 @11:41PM (#15363083)
    techsoup.org - donated and discount technology equipment products. We support a local Boys and Girls Club, and they got their software through there.

    Good luck!
    • I second Tech Soup...Symantec Antivirus 9 (or whatever it is now) is a snap to install and roll out on a Windows network. When I was at a non-profit we shifted over to it and it was a pretty good experience moving over and it was relatively inexpensive. I'm not sure how many computers you're dealing with, but I easily got my tight-fisted Executive Director to shell out $85 for 25 licenses of an Enterprise quality product. And $130 for 50 is a steal.

      http://www.techsoup.org/stock/category.asp?catalog _name [techsoup.org]
      • Of course we've been using Macs.

        But I will second the reccomendation for Tech Soup, they have NAV enterprise edition with bulk licenses and all that server based virus administration goodness that Windsows people seem to need. Plus there are a bunch of other non-profit items you can get (MS Licensing is dirt cheap).

        Big tip though - read the fine print on 'donatioon' limitations and plan your orders accordingly. Some of them limit to which types of NPs they will 'donate' to (Macromedia), some tie in an

      • Mod the parent up. But just to be clear, unlike the submitter and someone in the thread mentioned, you do not want to use any of Symantec's Norton or NAV (home) products. You do want to use Symantec Antivirus or SAV (corporate/enterprise) products. SAV offers central management, deployment, quarentine, and updates, and is far less resource intensive for those older machines. That price from Tech Soup is crazy good, normally it would ten-fold. Like some of the other posters have mentioned, there are oth
    • We've dealt with them on several purchases already, and they've been a god-send.
  • Clam AV (Score:5, Informative)

    by shadwwulf (145057) on Thursday May 18, 2006 @11:42PM (#15363091) Homepage
    I would highly recomend checking out Clam AV.

    It comes in both *nix [clamav.net] and Windows [sosdg.org] varients and works pretty well for system scanning. It also works very well in a mail server tool-chain.

    MTW
    • Re:Clam AV (Score:3, Informative)

      by Anonymous Coward
      ClamAV isn't an "anti-virus solution". It doesn't offer protection, just after-the-infection scanning. The on-access module to fix this is, last time I checked, still in alpha and will take a while to arrive.
      • Then tell me why my ClamAV is scanning real time as we type? After implementing ClamAV on my mail gateway and work stations, as well Snort for packet inspection looking for adware/spyware/virri my internal network has not seen a virus. I should also note that ClamAV beats out the big boys about 70-80% of the time when updating new virus sig's as well.

        Now-a-days I don't think you will find an all inclusive anti-virus solution, all of them one way or another has flaws and will allow an infection to take place
  • by Tweekster (949766) on Thursday May 18, 2006 @11:43PM (#15363092)
    Two year licenses are incredibly useful and their software doesnt suck like Norton.

    AVG takes the approach of just working behind the scenes and doing it well...Norton takes the approach of "I need to constantly justify my existance by letting the user know I am doing...something"

    AVG works great, so go with it. Their support is pretty good too from the couple of times when I needed to contact them.

    It sounds like you pretty much said AVG is good and reasonable so just go with it.
    • Mod +1, That's What We Just Did.

      AVG does the job well, doesn't completely take over any machine it's installed on causing massive performance problems, is dead simple to deploy & administer, and was the best value for money of all the various AV solutions we looked at.
    • I've heard two common complaints regarding AVG: It is only an anti-virus program (It doesn't deal with spyware), and it's performance is bad compared to some other AV programs.

      What's your opinion? Are these valid complaints?

      I use AVG free on my home systems, and recommend it to many friends-- performance does seem much worse when AVG is running (this is my non-objective opinion). I've never seriously evaluated it for the business (I'm not the Windows admin).
      • by RedDirt (3122) * on Friday May 19, 2006 @01:22AM (#15363456) Homepage
        I've not ever had a slowdown that I can attribute to AVG. Prior to trying them I used F-Secure (ate CPU like candy to no appreciable benefit), McAfee (Random crashes on shutdown and the occasional munged update file that'll eat my data? Are we sure that NAI isn't in the virus WRITING business?!?!), and Norton (gods above, make the pop-up notifications and tray icons and wacky security alerts stop! Plus it also makes my system crawl). AVG just gets the job done and doesn't (well, other than at log in) get in my face. Certainly it doesn't bundle anti-spyware but why aren't you using MS Defender for that? And firewalls? D-Link has some nice hardware that'll augment the Windows boxed package nicely as well as giving you wireless and other toys. =P
      • I've never seen a slowdown with AVG on my machines here and I've used it for years. Hell, I play 3-D games all the time while it is running, even scanning the hard drives, without a bobble in the game. I'd nose around in your system to see if it is something else or an interaction problem (esp. if you are running two AV programs in real-time, a real no-no).
      • performance does seem much worse when AVG is running

        My laptop is a P-III 600MHz / 512Meg RAM running WinXP Pro and frankly, AVG doesn't seem to have any impact on performance at all. If I do nothing, Task Manager reports 0% usage, so I don't think that AVG gets much in the way.
        What AVG does do is a dayly check and if you're working while it does that, you might "feel" it. Normally it's at 8am for me, but I don't know if its a rule (or if I configured it that way) At 8am, I'm so sleepy that I usuall

      • you can't depend on one program to deal with spyware anyways. i suggest using AVG free only if necessary and would never use it in a business environment.

        i use mcafee enterprise and it's a great program and much less intrusive than norton in my opinion. the home editions of mcafee and norton are just pieces of crap though. if i was given the choice between those or AVG free, AVG free wins.

        i've see norton miss many viruses as well, even with updated def's.
      • Performance is worse compared to what? I've run AVG, Norton Antivirus, and McAfee's Antivirus and AVG blows the doors off the other two. McAfee's used to bog my system down horribly and NAV is even worse. I don't even notice AVG running.
      • I'va actually got an interesting story regarding AVG and slowdown. Back before my vidcard flamed out on me, I was doing a little early morning Doom 3 playing before going to work. Given that my system is a 1.8 Ghz Athlon and the RAM (at the time) was 512MB, it was less than perfect, but I'd managed to find a happy compromise between speed and looks. Anyway, about 20 minutes into the game, there was a short, noticeable slowdown which I ignored as it was fairly common. 10 minutes later, when I quit the gam
        • You probably don't care (since you're shilling for 'em) but Ad-Aware stopped giving away updates for their free edition quite some time ago, which is when I stopped using and recommending them. I took the same position when redhat went to enterprise, made you pay for getting updates through their services instead of manually, and then kicked us out fedora core, aka red hat alpha version, as a consolation prize... Anyway I only promote spybot now... Since Microsoft made you have to be a "genuine" customer to
          • by Morel (67425) <eugenioNO@SPAMperea.com> on Friday May 19, 2006 @06:58PM (#15369535)
            You should check your facts before calling people shills.

            Ad-Aware's free edition is called Ad-Aware Personal and updates have never stopped being free. In fact, I just tried it myself, just to make sure. Go here [lavasoftusa.com] and see for yourself.

            • Well, maybe they started providing updates again, but they definitely stopped and for well over a year. I got into an argument with someone over this, which is why I have any personal investment in it - I was wrong when I claimed they still gave updates. While the update function still functions, at least last time I checked, it only would update you to an old detection file - over a year ago, it was months old already.

              If they are giving updates for the personal version that are actually up to date, thi

              • Probably what happened was something related to this. [lavasoft.com] I remember that Ad-Aware slowed down their releases a lot while the transition was going on.

                In any case, what bothered me was not the innacuracy of your comment, but the fact that you were trying to discredit the poster for no good reason. I don't even like Ad-Aware that much!
          • Actually, I don't care since I don't regularly use Ad-Aware. I have used it a couple of times on other systems and found it to not be utter crap, hence the mention. But on all my Windows rigs it's Spybot and common sense. Never even bothered with the MS product either, even though I have one XP machine. Is it any good?

      • I always felt like the computer received a pretty massive upgrade when we ditched Norton for AVG. Just my perception and experience atleast.
    • One note though - during the time I used AVG it detected exactly _zero_ email viruses of 5 or 6 I got - even when I specifically asked it to scan attachment EXEs. Ok - quite probably other AVs are no better since it is the nature of such viruses to propagate within hours of being released and AV updates take days. Now I just run without any AV. Yes, corporate environment may differ but I just wanted to point it out.
      • Despite its memory hogging size, that's why I use McAfee; the updates come out rather quickly and it detects almost everything that comes in by E-mail to our LANs.

        Every time I get a new DAT, I have it scan all IMAP mail folders in case the new virus already infected a message and to date, I haven't had it find any this way in almost a year. IOW, it finds the active viruses well before they hit my networks.
        • All indications I've seen say that AVG is the fastest, bar none, at releasing datfile updates. McAfee was horribly slow and unreliable for me last I tested it, so I dropped it and I don't plan to even look at other solutions (for desktop use anyway) until AVG does me wrong. I've also gone through this process with AVP and Symantec. Kaspersky's AVP used to be the BEST for NT, but it is now the most slowdown-inducing realtime scanner I've ever seen, and Norton/Symantec has problems (even in the corporate vers
    • The 7.1 version of AVG Network also includes a software firewall. You would qualify for discount pricing, as a non-profit. I just paid around 600$US to get 75 two year licenses, for example.
    • You also can trial AVG for a month I believe (even for the corporate edition)
  • ClamAV/ClamWin (Score:4, Interesting)

    by LinuxWhore (90833) * on Thursday May 18, 2006 @11:43PM (#15363093) Homepage Journal
    ClamAV might work. THe only downside is that it doesn't yet have a real-time process scanner. If you can keep people from executing what they download before scanning it for viruses, ClamWin [clamwin.com] might do the job. You could manage the virus updates via your logon script, or just use the normal internet update. Plus ClamAV works on your Linux boxen too!
  • F-Prot (Score:4, Informative)

    by Rydian (29123) on Thursday May 18, 2006 @11:45PM (#15363100)
    F-prot from Frisk software. http://www.f-prot.com/ [f-prot.com]

    I just checked, and a 60 seat corporate license with full updates would run you $240 a year.
    • Re:F-Prot (Score:3, Interesting)

      by Reziac (43301) *
      My choice for over a decade. Reliable, competent, and lightweight.

      And they've never once given me any reason to believe they're in anyone's pocket or have any hidden agendas. Just a good reliable AV solution at a minimal price.

  • pay for avg (Score:4, Informative)

    by sdnoob (917382) on Thursday May 18, 2006 @11:50PM (#15363116)
    The biggest features we're looking for are the ability to centrally manage updates (which rules of AVG's free edition)

    actually, wouldn't the license agreement rule out AVG FREE edition in your situation?
    AVG Free Edition is for private, non-commercial, single-home computer use only. Use of AVG Free Edition within any organization or for commercial purposes is strictly prohibited. (from http://free.grisoft.com/doc/1/ [grisoft.com])

    however, they do have a fairly decent commercial product for the price. look at their network edition http://www.grisoft.com/doc/Networks/lng/us/tpl/tpl 01/ [grisoft.com] only $8.20 per seat, per year, at the 50-74 seat price point. this version includes centrialized management and lan updates. runs on all released windows win95 and up, and i386 linux.

    • I also vote for AVG not because they offer me a free edition for personal use or their paid products are cheaper, it's simply more powerful.

      I don't want to bore you with my personal experience, AVG can really detect virus/adware that Norton ignored, and these are not false-negative detection.
  • Why are you paying for this software if you're a non profit? On, or before your mail server, chain together ClamAV and Bitdefender using Mailscanner or Amasis-new - have a cron updating each of these daily (or hourly if you're a tin foil hat type)

    Do you have any specific requirements that would not allow this to work?
    • Maybe because he needs to protect the clueless users who download stuff off the internet too? Incoming E-Mail is a major source of viruses, but it's not the only source. Users as a group are generally too dumb to not download the latest virus-ridden software from whoknows.com. He needs a network solution and something that can be installed on the users desktops.
    • by Anonymous Coward
      Why are you paying for this software if you're a non profit? ... chain together ClamAV and Bitdefender using Mailscanner or Amasis-new

      Yeah! Really! This solution is so... obvious. Anybody with half a brain would see that this is the clear choice!

      (Here's a hint--- drop your pompous additude and people might take you seriously more often)
    • True, being a nonprofit means you don't have much money to spend on computer software. However, it also means you are probably VERY shortstaffed and cannot spend a ton of time trying to cobble together a complicated solution.

      Nonprofits can get very sweet deals on discounted software (WinXP for $50 a seat, etc). This organization should seek out a low cost commericial solution-- and save time AND money, rather then waste time on intellectual masturbation.
  • I'd call AVG... (Score:3, Interesting)

    by masdog (794316) <masdog&gmail,com> on Friday May 19, 2006 @12:02AM (#15363168)
    It wouldn't hurt to call up Grisoft and explain that you're a non-profit looking for a good AV solution. You might get a pretty sweet deal if you talk to them.
    • Re:I'd call AVG... (Score:5, Informative)

      by From A Far Away Land (930780) on Friday May 19, 2006 @01:38AM (#15363492) Homepage Journal
      I know libraries can get a 30% discount, and when you renew you pay only 50% of the inital purchase, which lasts for 2 years instead of only 1. Considering AV is more important at the firewall and email filter than the desktop anyway, it's great to save on the desktop install price with AVG.

      AVG Admin will save you time. If you use Windows Desktop Protection in the Shared Computer Toolkit, Grisoft will even send you the script for auto-updates when Windows Updates from your WSUS run.

      AVG Free edition is ruled out by the licensing which doesn't cover non-home users pretty much. Even libraries are excluded from using it legally.
  • AVG (Score:2, Informative)

    by Conception (212279)
    AVG has a enterprise version that's much cheaper than norton. You should check it out.
  • Sophos AV (Score:5, Informative)

    by tulare (244053) on Friday May 19, 2006 @12:06AM (#15363183) Journal
    We just switched to it after battling the behemoths, and it's been a real boon to me. Management console works well, the product has been catching a ton of stuff that Symantec didn't, price was good, and it does a nice job of push installation (even here - we've got Samba domain controllers - it didn't care). I've had good experiences with their phone jockeys also. Downside - simple file sharing has to be turned off on winxp clients, but if you're on AD that's easy enough to fix.
  • by scdeimos (632778) on Friday May 19, 2006 @12:06AM (#15363185)
    Although it has great corporate management capabilities, like a centralized program/dictionary update server and permissions on settings (so end users can't stop/break it), it's better than your average ghoul at sucking the life out of your desktop computers.
    • by giorgiofr (887762) on Friday May 19, 2006 @07:06AM (#15364366)
      Uhm yeah it took me all of two minutes to disable it on my box at work, even though it was locked down. The fact that TrendMicro put a backdoor (a default password for when you forget the real one) in it helped quite a bit.
      • Uhm yeah it took me all of two minutes to disable it on my box at work, even though it was locked down. The fact that TrendMicro put a backdoor (a default password for when you forget the real one) in it helped quite a bit.

        The windows boxes I administer are protected by an old version of Officescan (from three or so years ago, with renewed support, of course). Disabling the protection isn't really an issue with me as long as it's hard to do unless you know what you're doing (in which case you should be

        • Disabling the protection isn't really an issue with me as long as it's hard to do unless you know what you're doing (in which case you should be entitled to it anyway, imho).

          That's exactly what I think. And it turns out I'm not the one, at work, to catch viruses and malware and whatnot, even if I've disabled the AV. Pretty soon I will switch to a more IT-adminish role in the company and I will try to respect this rule. If you're good enough to disable protected stuff... you're not the one I have to be con
  • Get Sophos (Score:3, Informative)

    by a.koepke (688359) on Friday May 19, 2006 @12:10AM (#15363197)
    I would invest in Sophos Antivirus. I am using it in our office and the program is great. Install the enterprise manager on the server and it will automatically download new versions when available and all the desktops will then download them from there.

    Setup MailMonitor on a Linux box for incoming email scanning and you will end up with a solid AV solution.
  • I've had pretty good luck with SAV, it doesn't have the same problems that Norton (the consumer product) does. Both resource utilization hasn't been an issue even on our sloweest Celeron 500 running XP and it keeps getting AV updates perpetually.

    Cost will still be an issue though.
  • I only use ClamAV at home, but if I was compelled to buy some anti-virus software, Bitdefender is the software I would get. http://www.pcmag.com/article2/0,1895,1850851,00.as p [pcmag.com] shows how it detected 6 viruses, without signatures. For home use it is cheap, and for corporate use it seems to have reasonable prices as well.
  • I don't know much about enterprise AV, however a friend of mine is the IT manager for a decent sized food packing plant and I know he runs the corporate PCCillin (from TrendMicro [trendmicro.com]) and raves about it.

    I use their personal edition and have been very happy about it (doesn't feel nearly as bloated as symantec and mcafee will often feel). However this is all based on feel... I don't have any benchmarks or evidence for you...
  • I would highly suggest you try out Trend Micro. Centrally managed scans and updates, installs across a web-browser, and it works. They sell by block, so if you need 60 licenses you get each license for cheaper than if you needed 50 or less. It also keeps a good watch on spyware.

    http://www.cdw.com/shop/products/default.aspx?EDC= 639856 [cdw.com]
    • But they lost their focus. The AV definition files are pushing 15MB, the new spyware tool isn't great, and their anti-spam offering is terrible.

      Try AVG.
  • AVAST! (Score:4, Interesting)

    by Verteiron (224042) on Friday May 19, 2006 @12:42AM (#15363313) Homepage
    Try Avast Antivirus. It's got a far more powerful and configurable network manager than Symantec's, costs about half as much (for 3 years!), and updates MUCH more frequently, using smaller updates. It also automatically uses a local mirroring system so that your clients don't hog the bandwidth trying to get updates from the internet. The client has a smaller memory footprint than Symantec's client.

    The best part is you can download it and run it completely unrestricted for 60 days to see if it works for you.
    • I think Avast! is a good scanner - I started using it on all of my computers after I dumping Norton Internet Security 2005 ealier in the year.
    • Avast also has many other versions, such as a linux edition, among others:
      • avast! 4 Professional Edition Download
      • avast! 4 Home Edition FREE Download
      • avast! Linux Home Edition FREE Download
      • avast! U3 Edition Download
      • ADNM Download (includes the avast! Managed Client)
      • avast! 4 Server Edition Download
      • avast! 4 SBS Edition Download
      • avast! 4 for Linux Server Download
      • avast! BART CD Download
      • avast! for Kerio Download
      • avast! PDA Edition Download

      The home edition is free, you merely have them send

      • Re:AVAST! (Score:3, Informative)

        by Mistshadow2k4 (748958)

        I agree. I recommended AVG for years to my customers, but decided to give Avast! a try on a customer's infected PC after AVG. Avast! found a virus AVG didn't and uses 15%-20% less memory.

        But I also recommend winpatrol [winpatrol.com]. Not an AV program, it blocks out most malware, including some of the nastier stuff that can stealth-download itself into a Windows computer as long as the user is online. It only uses about 4 mb of memory to run in the background -- but I have no idea how much an enterprise solution would co

      • No one else offers this feature, as far as I know.

        Unfortunately, Avast Home edition for Windows does not offer a certain feature I consider extremely useful — a command-line scanner. I'd love to set up family members with Firefox and the Download Scan [mozdev.org] extension so that new downloads get checked automatically, but that's not an option with Avast Home.

  • Linux (Score:2, Insightful)

    by MarkByers (770551)
    Use Linux and be done with it. No need for AV software.
    • Re:Linux (Score:2, Insightful)

      by TheRealDamion (209415)
      Although this is marked troll, and possibly was meant as one. The original article does mention having switched to firefox, thunderbird and OOo. So frankly I fail to see why it wouldn't be quite an easy step. It would probably provide faster and certainly cheaper desktops. Ignore the "is it ready for the desktop" waffle we've seen on /. for years, this is a place where there is a support staff, so users just need to use their desktops for work and the hard stuff is done by the admin.
      • This is slashdot though. You get modded down for going against the brainthink and suggested a perfectly reasonable alternative.
  • What's a "reasonable" price? Sophos Small Business is a good product, and less than $50 a head. That's reasonable for not having the machines get eaten alive by viruses - but if you're a non-profit I'm disappointed you're paying all that money to Microsoft in license fees instead of putting it into your core mission. Go Linux and the price will be very "reasonable". Anti-everything software is just part of the cost of running a Windows shop. Microsoft also specifies server-based imaging software now as
  • Kaspersky has good multi-year and multi-PC discounts, and central-administration options. It also does a MUCH better job than Norton or (God-forbid) McAfee do.

    Hit their website [kaspersky.com] and you can even get a 1-month demo [kaspersky.com] from them to see if it'll work for you.
  • McAfee with EPO server to manage deployment and updates works very well. It might be overkill for a small place such as yours, but if you want to maintain a 'tight shop', EPO is a good fit. Besides updating clients, it also collects data on any infections, and the clients with the "rougue system sensor*" installed can notify you of clients on the network who don't have AV installed or don't have the "Epo agent*" (the client part) installed.

    *Note to open Source software makers - this is a good example how to
    • I wasn't affected by McAfee either, but I sure won't recommend McAfee to anyone.

      The fact is that McAfee allowed that to happen. For something like that to pass their internal (nonexistent?) testing procedures means their processes are really _crap_.

      Sure most companies have crap processes, but when it comes to mass deletion of files crap, it's time to walk away and not look back (unless you're going to sue them).

      A few other AV companies also have had similar problems: Sophos had a false positive for Mac OSX
  • Last year, I replaced an old NT4 server with Linux in a small business with around 20 XP clients. I hoped to find a Linux solution to manage antivirus and replace the very expensive Symantec Enterprise licenses, but I didn't.

    I do have ClamAV scanning incoming emails, but it is still necessary to have a local AV on the machines. I don't like Symantec and find it too expensive, but I must say it really works. So I did a fresh minimal install of Win2K on the old server box, and setup Symantec Enterprise on tha
    • No, really, why?

      If you are letting users download random EXEs off the Internet and running them... ugh. Well, you could always set up a proxy to run them through ClamAV...

      Personally, I use ClamWin on my Windows desktop, and I scan maybe once or twice a year. Other than that, I just keep things sane -- no random downloads of EXEs, no running EXEs from email attachments...

      And how do you know it really works? Maybe Symantec just "finds" something now and then in order to keep you scared...
      • Why do you need "a local AV"?

        Because people insert random CDs and USB keys, and they check their personal email through webmail, etc. (and someone infected his brand new laptop on which the AV was not installed yet, with an exe in a password protected zip, which he got from his private webmail acount! Yes, they do that sort of thing. At least once)

        I don't scan my own machine regularly either, and also just "keep things sane" and occasionally scan a virus out of curiosity to see what it is.

        You obviously don'
  • Relatively few people have heard of them, but it is by far the best antivirus software I've ever used (and most reviews agree).

    Uses even fewer resources than AVG (they claim to work with Pentium Is, but I've never used with anything lower than a 500 MHz P3), and far better at actually stopping viruses.

    Their info can be found here: http://www.kaspersky.com/kav6 [kaspersky.com]
  • I'm a really big fan of Trend Micro ever since installing it a year and a half ago at a small business I consulted with. Their CSM solution covers all the bases for a small company (includes a very effective spam blocker at the Exchange level), their web-based management interface is great, updates are quick and painless, and remote managment is a breeze.

    Before that I'd used Norton's solution, and while it worked, I never want to go back. In that version (7-something, I think, maybe 8) it was a real pain
  • I just want to know. If you're using recent Firefox/Thunderbird/OpenOffice, then how would a virus even get onto your machine?

    ClamWin [clamwin.com] may be all the AntiVirus you need, if you need any at all. You're already scanning incoming email, after all...

    Nevermind. I use Linux, I obviously will never fully get the stupidities of Windows Malware Control.
  • by inflex (123318) on Friday May 19, 2006 @03:35AM (#15363827) Homepage Journal
    As with most solutions to these situations you may find yourself needing a -mix-.

    Personally, I use ClamAV on the mailserver (incombination with Xamime - http://xamime.com/ [xamime.com] works well and keeps a majority of the things out.

    However, you really need an orthagonal approach too, that includes banning things that aren't meant to be coming into your network in the first place, as well has having perhaps a different branded AV agent on the client machines.

    Getting rid of (if possible) the vectors used by the viruses on the workstations helps a lot too. ActiveX, Macros (okay, not many people can live without those in office I suppose).

    • However, you really need an orthagonal approach too, that includes banning things that aren't meant to be coming into your network in the first place, as well has having perhaps a different branded AV agent on the client machines.

      Definitely. While not sure-fire (webmail is a big hole) our mailserver simply rejects messages with common virus-laden file extensions. Here's our list from postfix's filtering:

      #block unsafe attachments
      /^Content-(Type|Disposition):.*(file)?name=.*\.
      (asd|bat|chm|cmd|com|dll
  • The full not-free AVG has all the features you need, and they have a generous discount for nonprofits, and are generally nice and flexible. Sure, it's not free, but it's not as expensive as you might think.
  • F-Prot (Score:3, Interesting)

    by Bob Cat - NYMPHS (313647) on Friday May 19, 2006 @04:05AM (#15363910) Homepage
    http://www.f-prot.com/ [f-prot.com]

    $5 per PC/yr, less in volume. At >100 it goes down to $2/yr.

    A bit of a clunky interface, but the users will never have to bother with it. Set it to auto-update from a server (which updates from f-prot), tell it to mail you when a virus hits the real-time scanner. Simple, cheap, fast, and effective. The updater and real-time scanner take less than 1MB memory.

    Try the free trial, keep the (free) DOS scanner on a bootable CD with your tools, even if you don't buy the GUI version.
  • Don't rely on a virus scanner since they are usually bloated and there is no guarantee they catch the latest malware. Windows provides a mechanism called Software Restriction Policies [microsoft.com] that allows you to prevent the execution of unknown programs. Might be a bit difficult to configure but eliminates the possibility of running a virus or other malware.
    • Thats like saying, don't use a firewall if you have NAT...

      Anti-virus is not something you just decide something else will take care of. It's a necessity in any environment that your systems are required for everyday business. Even if you arn't running Windows.
      • Anti-virus is not something you just decide something else will take care of.

        People using anti-virus software try to prevent the execution of malicious code based on a blacklist (the virus definitions and heuristics). Software Restriction Policies do exactly the same except that they use a whitelist instead of a blacklist. Every security professional will acknowledge that this is a superior approach.
        • Until it comes to managing that approach. Securing something and making that something actually usable are two different things that do not work in harmony. The tighter you secure something and the more usage required from that something (i.e. locking down desktops and having 500 desktop users that do 400 different tasks) the more of an administrative nightmare it becomes. Especially when you have some of the top sales people in the industry and what they want can carry more weight than what the CFO want
  • Norman is pretty decent. It's good at being quiet and sitting in the background without bothering the user. The central managing service is also quite good. The main server distributes updates via the LAN so clients don't have to hit the net for updates. It's pretty easy to set up multiple configuration and scheduling groups. Even installing and uninstalling clients from the main server is easy as pie.

    I suggest you take a look at it. I have no idea how much it costs, but it "just works" pretty well.
  • I haven't seen any BitDefener recommendations yet. I will be considering it along with Kaspersky, F-Secure and NOD32.

    BitDefender
    http://www.bitdefender.com/ [bitdefender.com]

    The New Virus Fighters: Our Antivirus Picks
    http://www.pcworld.com/reviews/article/0,aid,12416 3,pg,3,00.asp [pcworld.com]
  • Kaspersky's latest software is great, I've been testing them for several months. They're also the highest rated virus checker on virus.gr, if you want some independent validation. They have a corporate edition called Kaspersky Antivirus for Workstations that has a centralized control panel for managing all of the installations on the network. Talk to them about the fact that you are a not-for-profit organization and see if they'll give you a discount.

    Damien
  • by a9db0 (31053)
    As another alternative, check out Panda Security. I've used their software on a couple of small networks and found it stable and effective. Their managment software easily allows remote installation as well as signature distribution.

    http://www.pandasoftware.com/home/empresas/default [pandasoftware.com]

  • Are there any OSS distros that are specifically made for scanning email for viruses and flagging spam? Something akin to say Smoothwall or IpCop for firewalls.

    At work we have a 30 seat license to SAV w/server based email scanning. I'd happily switch to something cheaper than SAV; however, once I price in the server based email scanning, there hasn't been much savings in the past. The email scanning is pretty much half the cost, but it is something that could be done well by an OSS disto. I am NOT wi
  • I've heard some good things about CA's eTrust antivirus (that it's a good virus catcher and has low resource usage), although I have not used it myself, so would be curious to see what folks here think.

    Regarding costs, they claim on their page that: "Affordability. eTrust Antivirus gives you industrial-strength protection at a low price. We guarantee a lower price over the cost of renewing your current antivirus subscription, and we offer the lowest total cost of ownership of any antivirus software solution
  • Great response (Score:4, Informative)

    by Darth_brooks (180756) <clipper377@@@gmail...com> on Friday May 19, 2006 @08:30PM (#15369944) Homepage
    First and foremost, thanks for all of the responses! Lots of information and (so far) no suggestions that I just [freaking] google it. My faith in slashdot has been revived.

    Second: cripes, I've finally developed computer user grammer. It passes spell check but not basic grammar.

    Third: some clarifications. The reason we keep AV running is that is because it's the right thing to do. Firefox, T-bird, and the firewall keep most of the bad stuff out. OpenOffice will cut down the risks even further, but we've still got a couple of points of entry to worry about. One is laptops. Even though no one has admin except those who need it (me and the other members of the tech. group), users can still install some simple programs. It's only a matter of time before somebody gets a network aware worm and brings the machine on site. Another point of entry is USB drives. We're pushing people towards those instead of floppies for the sake of relieability. In order to balence safety with usability, we add the layer of protection offered by AV.

    In addition, WSUS isn't always on the ball. Occasionally you get a machine that quits grabbing updates, or one that never showed up in the first place. It's nice that I can keep those machines somewhat better protected with an additional program. On top of all that, we're an all volunteer group, so AV software gives us an addition layer of "false sense of security." I know that I can count on the firewall, the patch server, AND AV to buy me 48 to 72 hours of safety should the crap hit the fan like it did with Sasser or Blaster. Anti-virus, like any single layer of protection, isn't infallable, but it damn sure helps.

    Linux: We're doing that in some areas, but the whole site isn't an option right now. Most of our users are technophobes, usually retirees. Actually, recovering technophobes now :). We concern ourselves with WW2 Aircraft, Radial engines, things of that nature. Technology didn't play a big role for the masses pre-fire. We wanted to change that, but never had a good starting point. When the rebuild started, we had to get the organization up and running in some capacity *YESTERDAY*. We had the proverbial chance to "strike while the iron was hot" and there wasn't time to hem and haw about the possiblity of mass migration. Right now, the machine that sees the most use by our least technical users (the Museum docents) is a Fedora Core box. The logic being that it would be the hardest for them to break. So far that has proven true. But our users that had experience had it using windows so, in order to aid in our evolution from "a couple machines here and there connected by coax (yes, coax. at the end of 2004.) with no real network connection" to "50-ish machines, ethernet, on a domain, network storage, off site backup, and an honest to god professional grade network that I would be proud to show off, and that moves this organization from 1993 to 2006 and beyond" we sacrificed and opted to stick with windows. Linux keeps coming up, but it's going to be a slow move.

    Thanks again for the responses. I've gotten exactly what I wanted, solid reading material for a few days and some worthwhile points to ponder.

Opportunities are usually disguised as hard work, so most people don't recognize them.

Working...