Alternative Enterprise Anti-Virus Solutions?

Darth_brooks asks: "I admin for a great non-profit organization that has spent the last year rebuilding after a massive fire. We've got a pretty tight system running now, especially compared to the unmanaged chaos that existed before the fire. Firefox for surfing and T-bird for for e-mail, WSUS for updates, and we're slowly replacing Office with OpenOffice. But out anti-virus solution (command AV, a holdover from our old system) is not cutting the mustard. Specifically the management console isn't exactly reliable, and we just don't feel like we're getting our money's worth. What alternatives can the Slashdot crowd suggest?"

"The two obvious names that come to mind are Norton and Mcafee. Since all of our machines are donated, we really don't have the resources for Norton (who does?) and Mcafee's just been dealt a black eye. In addition, we're on a limited budget. Our machines are mostly P2 & P3's, and we're an XP / Active Directory shop with some scattered Fedora & BSD boxes scattered about for non-desktop tasks.

The biggest features we're looking for are the ability to centrally manage updates (which rules of AVG's free edition), and a reasonable price tag for licenses for 50-60 machines. Our current solution is only in place because we signed a long term licensing agreement, and I don't want to see us get into another deal for a product that doesn't turn out to be as god as advertised. I'd also like to hear some of the Horror / Success stories from users."

NOD32

[ikejam (821818)]

http://www.nod32.com.sg/home/home.php [nod32.com.sg]

Re:NOD32

[Norm@Home (99305)]

I'll second that, I've been using NOD32 in a small non-profit enterprise for 18 months and we haven't had a single problem after flushing Norton with which we had hugh problems. The enterprise management console works really well and if you are also a non-profit make sure you mention that since Eset does give an additional discount to non-profits over their standard business pricing.

Re:NOD32

[MaineCoon (12585)]

I can't agree enough; NOD32 is superior to anything else I have used. We use it on all our computers at home, I had my mom get it, and every friend who I have convinced to give the 30 day demo a try, has ditched whatever they were using and bought it.

It's low impact on system resources, extremely effective, and they update frequently. It catches stuff Norton/McAfee don't bother with - things not quite 'viruses' but not exactly good for you either (such as intrusive activex controls and the like).

Considering you're a non-profit, check out...

[Howard Beale (92386)]

techsoup.org - donated and discount technology equipment products. We support a local Boys and Girls Club, and they got their software through there.

Good luck!

Virus free for over a decade...

[JoeCommodore (567479)]

Of course we've been using Macs.

But I will second the reccomendation for Tech Soup, they have NAV enterprise edition with bulk licenses and all that server based virus administration goodness that Windsows people seem to need. Plus there are a bunch of other non-profit items you can get (MS Licensing is dirt cheap).

Big tip though - read the fine print on 'donatioon' limitations and plan your orders accordingly. Some of them limit to which types of NPs they will 'donate' to (Macromedia), some tie in an

Clam AV

[shadwwulf (145057)]

I would highly recomend checking out Clam AV.

It comes in both *nix [clamav.net] and Windows [sosdg.org] varients and works pretty well for system scanning. It also works very well in a mail server tool-chain.

MTW

Re:Clam AV

[by Anonymous Coward]

ClamAV isn't an "anti-virus solution". It doesn't offer protection, just after-the-infection scanning. The on-access module to fix this is, last time I checked, still in alpha and will take a while to arrive.

Just get AVG and be done with it

[Tweekster (949766)]

Two year licenses are incredibly useful and their software doesnt suck like Norton.

AVG takes the approach of just working behind the scenes and doing it well...Norton takes the approach of "I need to constantly justify my existance by letting the user know I am doing...something"

AVG works great, so go with it. Their support is pretty good too from the couple of times when I needed to contact them.

It sounds like you pretty much said AVG is good and reasonable so just go with it.

Re:Just get AVG and be done with it

[palndrumm (416336)]

Mod +1, That's What We Just Did.

AVG does the job well, doesn't completely take over any machine it's installed on causing massive performance problems, is dead simple to deploy & administer, and was the best value for money of all the various AV solutions we looked at.

Re:Just get AVG and be done with it

[stefanlasiewski (63134)]

I've heard two common complaints regarding AVG: It is only an anti-virus program (It doesn't deal with spyware), and it's performance is bad compared to some other AV programs.

What's your opinion? Are these valid complaints?

I use AVG free on my home systems, and recommend it to many friends-- performance does seem much worse when AVG is running (this is my non-objective opinion). I've never seriously evaluated it for the business (I'm not the Windows admin).

Re:Just get AVG and be done with it

[RedDirt (3122)]

I've not ever had a slowdown that I can attribute to AVG. Prior to trying them I used F-Secure (ate CPU like candy to no appreciable benefit), McAfee (Random crashes on shutdown and the occasional munged update file that'll eat my data? Are we sure that NAI isn't in the virus WRITING business?!?!), and Norton (gods above, make the pop-up notifications and tray icons and wacky security alerts stop! Plus it also makes my system crawl). AVG just gets the job done and doesn't (well, other than at log in) get in my face. Certainly it doesn't bundle anti-spyware but why aren't you using MS Defender for that? And firewalls? D-Link has some nice hardware that'll augment the Windows boxed package nicely as well as giving you wireless and other toys. =P

Re:Just get AVG and be done with it

[Decker-Mage (782424)]

I've never seen a slowdown with AVG on my machines here and I've used it for years. Hell, I play 3-D games all the time while it is running, even scanning the hard drives, without a bobble in the game. I'd nose around in your system to see if it is something else or an interaction problem (esp. if you are running two AV programs in real-time, a real no-no).

Re:Just get AVG and be done with it

[jawtheshark (198669)]

performance does seem much worse when AVG is running

My laptop is a P-III 600MHz / 512Meg RAM running WinXP Pro and frankly, AVG doesn't seem to have any impact on performance at all. If I do nothing, Task Manager reports 0% usage, so I don't think that AVG gets much in the way.
What AVG does do is a dayly check and if you're working while it does that, you might "feel" it. Normally it's at 8am for me, but I don't know if its a rule (or if I configured it that way) At 8am, I'm so sleepy that I usuall

Re:Just get AVG and be done with it

[Morel (67425)]

You should check your facts before calling people shills.

Ad-Aware's free edition is called Ad-Aware Personal and updates have never stopped being free. In fact, I just tried it myself, just to make sure. Go here [lavasoftusa.com] and see for yourself.

Re:Just get AVG and be done with it

[ceeam (39911)]

One note though - during the time I used AVG it detected exactly _zero_ email viruses of 5 or 6 I got - even when I specifically asked it to scan attachment EXEs. Ok - quite probably other AVs are no better since it is the nature of such viruses to propagate within hours of being released and AV updates take days. Now I just run without any AV. Yes, corporate environment may differ but I just wanted to point it out.

ClamAV/ClamWin

[LinuxWhore (90833)]

ClamAV might work. THe only downside is that it doesn't yet have a real-time process scanner. If you can keep people from executing what they download before scanning it for viruses, ClamWin [clamwin.com] might do the job. You could manage the virus updates via your logon script, or just use the normal internet update. Plus ClamAV works on your Linux boxen too!

Re:ClamAV/ClamWin

[LinuxWhore (90833)]

Excellent! I've been waiting for ClanWin to do this. It's great to see that it's already available! Thanks!

F-Prot

[Rydian (29123)]

F-prot from Frisk software. http://www.f-prot.com/ [f-prot.com]

I just checked, and a 60 seat corporate license with full updates would run you $240 a year.

Re:F-Prot

[Reziac (43301)]

My choice for over a decade. Reliable, competent, and lightweight.

And they've never once given me any reason to believe they're in anyone's pocket or have any hidden agendas. Just a good reliable AV solution at a minimal price.

pay for avg

[sdnoob (917382)]

The biggest features we're looking for are the ability to centrally manage updates (which rules of AVG's free edition)

actually, wouldn't the license agreement rule out AVG FREE edition in your situation?

AVG Free Edition is for private, non-commercial, single-home computer use only. Use of AVG Free Edition within any organization or for commercial purposes is strictly prohibited. (from http://free.grisoft.com/doc/1/ [grisoft.com])

however, they do have a fairly decent commercial product for the price. look at their network edition http://www.grisoft.com/doc/Networks/lng/us/tpl/tpl 01/ [grisoft.com] only $8.20 per seat, per year, at the 50-74 seat price point. this version includes centrialized management and lan updates. runs on all released windows win95 and up, and i386 linux.

Uh, use open source?

[fak3r (917687)]

Why are you paying for this software if you're a non profit? On, or before your mail server, chain together ClamAV and Bitdefender using Mailscanner or Amasis-new - have a cron updating each of these daily (or hourly if you're a tin foil hat type)

Do you have any specific requirements that would not allow this to work?

I'd call AVG...

[masdog (794316)]

It wouldn't hurt to call up Grisoft and explain that you're a non-profit looking for a good AV solution. You might get a pretty sweet deal if you talk to them.

Re:I'd call AVG...

[From A Far Away Land (930780)]

I know libraries can get a 30% discount, and when you renew you pay only 50% of the inital purchase, which lasts for 2 years instead of only 1. Considering AV is more important at the firewall and email filter than the desktop anyway, it's great to save on the desktop install price with AVG.

AVG Admin will save you time. If you use Windows Desktop Protection in the Shared Computer Toolkit, Grisoft will even send you the script for auto-updates when Windows Updates from your WSUS run.

AVG Free edition is ruled out by the licensing which doesn't cover non-home users pretty much. Even libraries are excluded from using it legally.

AVG

[Conception (212279)]

AVG has a enterprise version that's much cheaper than norton. You should check it out.

Sophos AV

[tulare (244053)]

We just switched to it after battling the behemoths, and it's been a real boon to me. Management console works well, the product has been catching a ton of stuff that Symantec didn't, price was good, and it does a nice job of push installation (even here - we've got Samba domain controllers - it didn't care). I've had good experiences with their phone jockeys also. Downside - simple file sharing has to be turned off on winxp clients, but if you're on AD that's easy enough to fix.

Don't get TrendMicro OfficeScan

[scdeimos (632778)]

Although it has great corporate management capabilities, like a centralized program/dictionary update server and permissions on settings (so end users can't stop/break it), it's better than your average ghoul at sucking the life out of your desktop computers.

Re:Don't get TrendMicro OfficeScan

[giorgiofr (887762)]

Uhm yeah it took me all of two minutes to disable it on my box at work, even though it was locked down. The fact that TrendMicro put a backdoor (a default password for when you forget the real one) in it helped quite a bit.

Get Sophos

[a.koepke (688359)]

I would invest in Sophos Antivirus. I am using it in our office and the program is great. Install the enterprise manager on the server and it will automatically download new versions when available and all the desktops will then download them from there.

Setup MailMonitor on a Linux box for incoming email scanning and you will end up with a solid AV solution.

Symantec Antivirus Corporate is Better than Norton

[raitchison (734047)]

I've had pretty good luck with SAV, it doesn't have the same problems that Norton (the consumer product) does. Both resource utilization hasn't been an issue even on our sloweest Celeron 500 running XP and it keeps getting AV updates perpetually.

Cost will still be an issue though.

Bitdefender

[youknowmewell (754551)]

I only use ClamAV at home, but if I was compelled to buy some anti-virus software, Bitdefender is the software I would get. http://www.pcmag.com/article2/0,1895,1850851,00.as p [pcmag.com] shows how it detected 6 viruses, without signatures. For home use it is cheap, and for corporate use it seems to have reasonable prices as well.

AVAST!

[Verteiron (224042)]

Try Avast Antivirus. It's got a far more powerful and configurable network manager than Symantec's, costs about half as much (for 3 years!), and updates MUCH more frequently, using smaller updates. It also automatically uses a local mirroring system so that your clients don't hog the bandwidth trying to get updates from the internet. The client has a smaller memory footprint than Symantec's client.

The best part is you can download it and run it completely unrestricted for 60 days to see if it works for you.

Re:AVAST!

[Alien54 (180860)]

Avast also has many other versions, such as a linux edition, among others:

• avast! 4 Professional Edition Download
• avast! 4 Home Edition FREE Download
• avast! Linux Home Edition FREE Download
• avast! U3 Edition Download
• ADNM Download (includes the avast! Managed Client)
• avast! 4 Server Edition Download
• avast! 4 SBS Edition Download
• avast! 4 for Linux Server Download
• avast! BART CD Download
• avast! for Kerio Download
• avast! PDA Edition Download

The home edition is free, you merely have them send

Re:AVAST!

[Mistshadow2k4 (748958)]

I agree. I recommended AVG for years to my customers, but decided to give Avast! a try on a customer's infected PC after AVG. Avast! found a virus AVG didn't and uses 15%-20% less memory.

But I also recommend winpatrol [winpatrol.com]. Not an AV program, it blocks out most malware, including some of the nastier stuff that can stealth-download itself into a Windows computer as long as the user is online. It only uses about 4 mb of memory to run in the background -- but I have no idea how much an enterprise solution would co

Linux

[MarkByers (770551)]

Use Linux and be done with it. No need for AV software.

Re:Linux

[TheRealDamion (209415)]

Although this is marked troll, and possibly was meant as one. The original article does mention having switched to firefox, thunderbird and OOo. So frankly I fail to see why it wouldn't be quite an easy step. It would probably provide faster and certainly cheaper desktops. Ignore the "is it ready for the desktop" waffle we've seen on /. for years, this is a place where there is a support staff, so users just need to use their desktops for work and the hard stuff is done by the admin.

Sophos SBE

[bill_mcgonigle (4333)]

What's a "reasonable" price? Sophos Small Business is a good product, and less than $50 a head. That's reasonable for not having the machines get eaten alive by viruses - but if you're a non-profit I'm disappointed you're paying all that money to Microsoft in license fees instead of putting it into your core mission. Go Linux and the price will be very "reasonable". Anti-everything software is just part of the cost of running a Windows shop. Microsoft also specifies server-based imaging software now as

Kaspersky Anti-Virus

[The Rizz (1319)]

Kaspersky has good multi-year and multi-PC discounts, and central-administration options. It also does a MUCH better job than Norton or (God-forbid) McAfee do.

Hit their website [kaspersky.com] and you can even get a 1-month demo [kaspersky.com] from them to see if it'll work for you.

Don't discount McAfee

[toadlife (301863)]

McAfee with EPO server to manage deployment and updates works very well. It might be overkill for a small place such as yours, but if you want to maintain a 'tight shop', EPO is a good fit. Besides updating clients, it also collects data on any infections, and the clients with the "rougue system sensor*" installed can notify you of clients on the network who don't have AV installed or don't have the "Epo agent*" (the client part) installed.

*Note to open Source software makers - this is a good example how to

Don't get McAfee

[TheLink (130905)]

I wasn't affected by McAfee either, but I sure won't recommend McAfee to anyone.

The fact is that McAfee allowed that to happen. For something like that to pass their internal (nonexistent?) testing procedures means their processes are really _crap_.

Sure most companies have crap processes, but when it comes to mass deletion of files crap, it's time to walk away and not look back (unless you're going to sue them).

A few other AV companies also have had similar problems: Sophos had a false positive for Mac OSX

Symantec, unfortunately

[rduke15 (721841)]

Last year, I replaced an old NT4 server with Linux in a small business with around 20 XP clients. I hoped to find a Linux solution to manage antivirus and replace the very expensive Symantec Enterprise licenses, but I didn't.

I do have ClamAV scanning incoming emails, but it is still necessary to have a local AV on the machines. I don't like Symantec and find it too expensive, but I must say it really works. So I did a fresh minimal install of Win2K on the old server box, and setup Symantec Enterprise on tha

Why do you need "a local AV"?

[SanityInAnarchy (655584)]

No, really, why?

If you are letting users download random EXEs off the Internet and running them... ugh. Well, you could always set up a proxy to run them through ClamAV...

Personally, I use ClamWin on my Windows desktop, and I scan maybe once or twice a year. Other than that, I just keep things sane -- no random downloads of EXEs, no running EXEs from email attachments...

And how do you know it really works? Maybe Symantec just "finds" something now and then in order to keep you scared...

Re:Why do you need "a local AV"?

[rduke15 (721841)]

Why do you need "a local AV"?

Because people insert random CDs and USB keys, and they check their personal email through webmail, etc. (and someone infected his brand new laptop on which the AV was not installed yet, with an exe in a password protected zip, which he got from his private webmail acount! Yes, they do that sort of thing. At least once)

I don't scan my own machine regularly either, and also just "keep things sane" and occasionally scan a virus out of curiosity to see what it is.

You obviously don'

Kaspersky

[neomage86 (690331)]

Relatively few people have heard of them, but it is by far the best antivirus software I've ever used (and most reviews agree).

Uses even fewer resources than AVG (they claim to work with Pentium Is, but I've never used with anything lower than a 500 MHz P3), and far better at actually stopping viruses.

Their info can be found here: http://www.kaspersky.com/kav6 [kaspersky.com]

ClamAV is quite good - but there are tricks

[inflex (123318)]

As with most solutions to these situations you may find yourself needing a -mix-.

Personally, I use ClamAV on the mailserver (incombination with Xamime - http://xamime.com/ [xamime.com] works well and keeps a majority of the things out.

However, you really need an orthagonal approach too, that includes banning things that aren't meant to be coming into your network in the first place, as well has having perhaps a different branded AV agent on the client machines.

Getting rid of (if possible) the vectors used by the viruses on the workstations helps a lot too. ActiveX, Macros (okay, not many people can live without those in office I suppose).

AVG's Pro Edition

[SleepyHappyDoc (813919)]

The full not-free AVG has all the features you need, and they have a generous discount for nonprofits, and are generally nice and flexible. Sure, it's not free, but it's not as expensive as you might think.

F-Prot

[Bob Cat - NYMPHS (313647)]

http://www.f-prot.com/ [f-prot.com]

$5 per PC/yr, less in volume. At >100 it goes down to $2/yr.

A bit of a clunky interface, but the users will never have to bother with it. Set it to auto-update from a server (which updates from f-prot), tell it to mail you when a virus hits the real-time scanner. Simple, cheap, fast, and effective. The updater and real-time scanner take less than 1MB memory.

Try the free trial, keep the (free) DOS scanner on a bootable CD with your tools, even if you don't buy the GUI version.

Boot From CD

[DrSkwid (118965)]

n/t

Software Restriction Policies

[hweimer (709734)]

Don't rely on a virus scanner since they are usually bloated and there is no guarantee they catch the latest malware. Windows provides a mechanism called Software Restriction Policies [microsoft.com] that allows you to prevent the execution of unknown programs. Might be a bit difficult to configure but eliminates the possibility of running a virus or other malware.

Great response

[Darth_brooks (180756)]

First and foremost, thanks for all of the responses! Lots of information and (so far) no suggestions that I just [freaking] google it. My faith in slashdot has been revived.

Second: cripes, I've finally developed computer user grammer. It passes spell check but not basic grammar.

Third: some clarifications. The reason we keep AV running is that is because it's the right thing to do. Firefox, T-bird, and the firewall keep most of the bad stuff out. OpenOffice will cut down the risks even further, but we've still got a couple of points of entry to worry about. One is laptops. Even though no one has admin except those who need it (me and the other members of the tech. group), users can still install some simple programs. It's only a matter of time before somebody gets a network aware worm and brings the machine on site. Another point of entry is USB drives. We're pushing people towards those instead of floppies for the sake of relieability. In order to balence safety with usability, we add the layer of protection offered by AV.

In addition, WSUS isn't always on the ball. Occasionally you get a machine that quits grabbing updates, or one that never showed up in the first place. It's nice that I can keep those machines somewhat better protected with an additional program. On top of all that, we're an all volunteer group, so AV software gives us an addition layer of "false sense of security." I know that I can count on the firewall, the patch server, AND AV to buy me 48 to 72 hours of safety should the crap hit the fan like it did with Sasser or Blaster. Anti-virus, like any single layer of protection, isn't infallable, but it damn sure helps.

Linux: We're doing that in some areas, but the whole site isn't an option right now. Most of our users are technophobes, usually retirees. Actually, recovering technophobes now :). We concern ourselves with WW2 Aircraft, Radial engines, things of that nature. Technology didn't play a big role for the masses pre-fire. We wanted to change that, but never had a good starting point. When the rebuild started, we had to get the organization up and running in some capacity *YESTERDAY*. We had the proverbial chance to "strike while the iron was hot" and there wasn't time to hem and haw about the possiblity of mass migration. Right now, the machine that sees the most use by our least technical users (the Museum docents) is a Fedora Core box. The logic being that it would be the hardest for them to break. So far that has proven true. But our users that had experience had it using windows so, in order to aid in our evolution from "a couple machines here and there connected by coax (yes, coax. at the end of 2004.) with no real network connection" to "50-ish machines, ethernet, on a domain, network storage, off site backup, and an honest to god professional grade network that I would be proud to show off, and that moves this organization from 1993 to 2006 and beyond" we sacrificed and opted to stick with windows. Linux keeps coming up, but it's going to be a slow move.

Thanks again for the responses. I've gotten exactly what I wanted, solid reading material for a few days and some worthwhile points to ponder.

Trend used to be good

[blueZ3 (744446)]

But they lost their focus. The AV definition files are pushing 15MB, the new spyware tool isn't great, and their anti-spam offering is terrible.

Try AVG.