Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security

Anti-Viral Software Recommendations? 64

Posted by Cliff from the we've-been-getting-a-lot-of-these-lately dept.
Kris_J asks: "My InoculateIT Personal Edition anti-virus scanner will no longer be updated from around mid-March. I've really enjoyed this package, particularly the price (it's free for personal use). The company is complaining that so many new ways are being found for virii/worms/trojans to spread that they can't afford to keep the personal edition updated. Whatever. Does anyone have a recommendation for either a particular anti-virus package/bundle, or a good place for trusted, independant, reviews of anti-virus software, or even products to avoid. (If Zonealarm Pro was bundled with an anti-virus option I'd just get that.)" For those of you who have to deal with operating systems where viruses are a problem, what software do you use to detect them and weed them out? How about software that will scan your entire network?
This discussion has been archived. No new comments can be posted.

Anti-Viral Software Recommendations? More

Anti-Viral Software Recommendations?

Comments Filter:

  • I have heard ver nice things about GriSoft [grisoft.com].

    • From the license:

      If your country is not on the list, you are not allowed to use AVG 6.0
      Free Edition - you may download AVG Trial version instead.

      North, Middle and South America - all countries
      Europe - United Kingdom only
      Asia - all countries
      Africa - all countries
      Australia, New Zealand


      What's wrong with the rest of Europe using it, I wonder?
      • Good question, the EU is pretty well harmonised with regard to the relevent laws, and even those countries outside the EU are in better position than some in Asia and Africa it would appear the "Axis of Evil" are allowed to use this software even!
      • Could it be it uses imperial, not metric measures? Two pounds of UDP packets, one pound of icmp unreachable packets ... you get the idea.

        /Pedro
    • I recommend Grisoft's AVG. It's doesn't seem to slow my XP at all. In comparison I installed Norton and my machine slowed to a crawl. It checks all email and can be intergrated into the shell making it very easy to scan files. I download sharware and other programs a lot so I need to scan them. You can download updates regularly also. I has so far found a couple infected files and let me delete them safely.

  • AVGuard (Score:1, Redundant)

    by SpaceLifeForm ( 228190 )
    I use AVGuard [free-av.com] because it's free. It caught something once, which may have been a false positive, and it is thorough. Otherwise, I don't worry about virii because I don't use m$ lookout!

    I also recommend iptables on a linux firewall. Never had a virus yet (knocking on wood).

    • I also recommend iptables on a linux firewall. Never had a virus yet (knocking on wood).

      How does iptables protect against Windows viruses? I could see a Perl script that filters incoming mail to remove VBScript, et al, but I fail to see how iptables can protect your Windows boxen from infectious code.

      That said, running an iptables based firewall is generally a good idea...

      • Because if the Windows machine is behind a NATing firwall, it isn't possible to access any services from the outside without specificaly configuring them.

        IE/Outlook viruses still have a fair chance of course.
      • Using iptables means you know what's going on. Well, at least you have a better chance. That can be very helpful if you have Windows boxen behind your firewall. You never know when some builtin trojan crap from Redmond will attempt to suck something off the net that could be infected. That doesn't mean it can or will happen, but the less unknown net traffic going on, the better I say. Firewalls do work both ways fortunately.

        In other words, I don't fsck'n trust m$.

  • I've been running some form of Windows for a little over 5 years with nary a virus. Instead of going with a system-resource-hogging-anti-virus program, I'd stick with a good firewall [tinysoftware.com] (free) and a bit of saviness (not opening strange attachements, etc...).
    • However, there have been cases where e.g. cover disks for magazines have been infected with virii, as well as some other disks. Even if you only open 'trusted' attachments, you can still get hit. Also, some viruses have been able to launch themselves despite not being explicitly opened in some cases.
      • Indeed, I've had both. I thought I was quite clever when it came to avoiding virii. You can spot them a mile off in your inbox. One day I went to delete one, and it ran on its own accord. I now no longer use the preview pane, and suggest others refrain from using it too.

        Also, we scan every CD which comes in the door of this office, and have on occasion had cover CDs with virii. They're more popular than you'd think.

        A third point, you'd often not notice if you had a virus if it showed no external signs of being there. I've seen computers which were infested with virii, but the user was completely unaware as nothing had changed.

        Beware
        • Hehe, I remember when we eventually got our AV installations done when I worked at a university. 90% of the machines were infected (mostly with Ethan), some with 2 viruses!

          Of course, we were running in a fairly unregulated environment with internet access and floppies/zip drives/CD-Rs being rampant. Once we got the virus scanners in place, we managed to get a handle on it, but it shows how much you need anti-virus software in almost any organisation.

        • "You can spot them a mile off in your inbox. One day I went to delete one, and it ran on its own accord. I now no longer use the preview pane"

          they're only gonna run this way if you use an email program stupid enough to automatically run sripts when presented with them (see Outlook and Outlook Express). other programs (see Pegasus Mail) wouldn't go near a script on principle
          • they're only gonna run this way if you use an email program stupid enough to automatically run sripts when presented with them (see Outlook and Outlook Express). other programs (see Pegasus Mail) wouldn't go near a script on principle

            I wholeheartedly agree, but when it's your office machine, and it's company standard....
    • and use an email program and web browser that don't enthustiasticly launch any JS or VB script they're sent. I use Pegasus Mail and Mozilla instead of the virus magnets Outlook/Outlook Express and Internet Explorer; that, and the previous posters saviness, makes ALL THE DIFFERENCE when it comes to virii
  • If your current operating system vendor is unable to provide you with a hassle-free environment, maybe your company should be looking elsewhere for those services? Of course, switching operating system is not something you do in a jiffy, but considering the problems you seem to be having, have you at least evaluated the alternatives? What was the result?

    Cheers //Johan

  • Norton Internet Security 2002 (Score:3, Informative)

    by Tumbleweed ( 3706 ) on Thursday February 21, 2002 @05:02AM (#3043323)
    This is a great product. It includes Norton's AntiVirus product (much better than McAfee, in my experience), as well as their 'software' firewall product (based on AtGuard). It also can block web ads in your browser. Very nice product, lots of features, and well worth the price.

    • Definately, I use this both at work and at home, very good product.

      The firewall allows you to configure rules based on applications, ports, local address, remote address, or any combination of the above. When you use a new product that tries to access the 'net you get a popup warning box which allows you to one-off block/allow or to configure a rule. Nortons "Live Update" allows you to stay easily up to date, and the firewall software automatically contains blocks for the most common trojan ports.

      The firewall also allows you to have "privacy" controls to prevent your browser accepting / returning cookies and off-site information, along with add blocking, very nice.

      The Anti-Virus seems pretty effective as well with the usualy quaranteen, dis-infect, delete options, and a nice auto-update facility.

      You can find nortons page here [symantec.com]

    • I miss the days where you had a lightweight anti-virus scanner that ran only when you wanted it to, or at most scheduled itself to run overnight and that's it. I was a big fan of F-Protect software but it seems to be prohibitively expensive now.

      If there's one piece of software that can make your 2Ghz system perform like a Pentium 200 it's overly aggressive anti-virus software. It seems like Norton is the worst offender. It causes a noticable resource drain whenever you do anything with files. It's resident in memory all the time in various different places. It's hooked into the OS in so many different places that I worry if it will break when updates, hotfixes, etc are applied. I suppose it's great from a IT perspective where you have to assume your users are stupid, but I can't stand to deal with software like that at home.

      Not like I use windows that much these days at home, but I sure don't miss all those "treat your user like a moron" anti-virus packagages.
      • Like the original poster, i too use InoculateIT in my personal machine, and have been warned at update time that in May Computer Associates will stop supporting the product. It is a very lightweight anti-virus, with a simple and effective interface (is it me or aren't there getting so cheesy these days), that doesn't get in the way of work, and doesn't try to be everything to everybody and the same time. And guess what, it is also free. Practical alternatives nowadays, even non-free ones, are little to none. So one of these days, in one of my intellectual honesty attacks, i hatched up something it may end up being a radical idea: if this is such a great product, why can't i just upgrade to the e-trust version they are offering now? It has the same charm as InoculateIT, and the price is a little less than $10 each year. I mean, we all love free software and all, but i spend almost that each time i go out with my wife and daughter and we want to sit down have a coffee or whatever. $10 for peace of mind? It is as much as free. So you may ask, why haven't i upgraded yet? Well ... i am waiting for May. That way i get a couple months extra on yearly updates. ;-)

        /Pedro

        • if this is such a great product, why can't i just upgrade to the e-trust version they are offering now? It has the same charm as InoculateIT, and the price is a little less than $10 each year.

          eTrust Antivirus [my-etrust.com] ($19.95, $9.95 annual renewel) will give you what InoculateIT Personal Edition did. eTrust EZArmor [my-etrust.com] ($49.95, $19.95 annual renewel) is a broader package providing the features of their Antivirus, Personal Firewall and Content Inspection offerings. I haven't worked with EZArmor, yet, but I've used Inoculan, InoculateIT and eTrust Antivirus, liked them all (and the improvements made over the years) and expect good things from Armor.

        • Thanks everyone. In the end I paid US$9.95 and "upgraded" to the commerical replacement.

          BTW: I like Sophos too, but a personal licence is around A$295.

      • If there's one piece of software that can make your 2Ghz system perform like a Pentium 200 it's overly aggressive anti-virus software. ...but I sure don't miss all those "treat your user like a moron" anti-virus packagages.

        I use Norton AV software at home, and it, like the Command AV product I use at work, allows the user to configure how "aggressive" it is. Perhaps if you couldn't figure this out you shouldn't have left those packages so quickly...

    • Based on my experience, Norton's Personal Firewall is really good at breaking network configurations and needing to be uninstalled to get things working.

  • AV solutions (Score:2, Informative)

    by ReluctantBadger ( 550830 )
    At work, we use Sophos [sophos.com] for Windows 2000 and 98 workstations. Antigen [sybari.com] for Exchange 2000 (which utilises McAfee & Sophos engines in our config, but there are more). Norton [norton.com] with wrapper for Mailsweeper. Personally, I use Sophos on my Win2k workstation. It is constantly updated, and the support from Sophos is great. Plus it's a UK company ;) so I'm biased!
    • Antigen is GREAT. A lot of people haven't heard of it, but they should. It beats every other Exchange anti-virus tool, hands down.

      We had a lot of problems with GroupShield at work and just went to Antigen. So much better. Everywhere I've deployed GroupShield there has been problems. The general answer in their KB is REINSTALL! Which is not a good thing on a production mail server.
  • then Alwil Software supplies the Avast antivirus package: avast.com [avast.com]
    I haven't tried it and have no idea if it's any good, but it's free!

  • Mcafee or Panda (Score:2, Informative)

    by troels ( 56872 )
    Im personally using Mcafee [mcafee.com], mainly because i have good experiences with it from work where we have it running both on all windows clients and linux file servers. And if you aren't behind a "real" firewall it does come with McAfee firewall included, which i haven't actually tried myself. I think there is a trial version but im not sure. And if you like all kinds of other crap^H^H^H^Hutilities then you can get it from McAfee as well.

    An alternative i have heard some good things about though is Panda antivirus [pandasoftware.com]. One of the good things is that you can get an evalution version so you can try it before shelling out the money.

    Another one i haven't seen mentioned on here, and that i actually own but havent tried (came with my motherboard) is PC-cillin [antivirus.com]. This one allows you to download an evaluation version as well.

    I could mention a few others, but they have already been mentioned by others... (Norton antivirus for instance)
  • I dont like windows based anti-virus software because it often requires infected parts of the os to run. i have seen Norton not clean stuff up properly and out right miss things witht the latest definitions.

    Personally i use the free version of f-prot from f-secure [f-secure.com]
    it runs in any version of windows, is updated weekly, is free, and works.
  • Norton Antivirus, here, [sarc.com], has proven itself to me over and over. I've never used or administered a system that was affected by a virus that NAV didn't catch, unless I hadn't updated the virus definitions. One other trick that many miss, is that you need to keep your "symevent" files updated. You can get the updates from ftp.symantec.com.

    If you use Windows, you have to spend money to get some basic software products. One of these is a good antivirus utility. It sucks, but that's life for the Windows user.

  • McAfee (Score:1)

    by spt ( 557979 )
    I have used the e500 [mcafeeb2b.com] email/http scanning appliance, ePolicy orchestrator [mcafeeb2b.com] management tool and NetShield NT [mcafeeb2b.com].

    If you don't have the resources to manage all this yourself, there is a managed service called VirusScan asap [mcafeeb2b.com].

  • Keep your systems patched, especially office and the browser, and don't run in the administrators account. If the user base is likely to run executables that they download, list the executables that can be run in a policy. Problem solved. I have not seen a virus on my workstation farm in over 2 years, even when they are floating the rest of the company like crazy, and yet the workstations don't run NAV etc. 'cos it gets in the way of AutoCAD and SAMBA.
  • If cost is not an issue, I would recommend Norton Antivirus Coperate Edition. It is totally managed from the server which makes it much easier to administer in a large (and even small) workplace. The server is setup to download the latest virus definitions on the schedule that you choose. The clients then update from the server.

    From what I've seen of it, once it is installled there isn't anything you have to touch after. It just does its thing.
    • Norton Corporate also works well in the stand alone mode as well. I send a copy home with all my Physicians at home. The licensing is pretty flexible and its quite cheap. I also like the fact that Norton Corporate can be set to check for update automagically. It is absolutly the best product for business applications or personal use.

      • Norton Corporate also works well in the stand alone mode as well. I send a copy home with all my Physicians at home.
        My school has NAV Corporate 7. The standalone version has no email support for anything that isn't Outlook (or Lotus, I think). "Hi, an email with a virus has arrived, I'll just lock your inbox file while the client is still trying to save other incoming emails to it". ARGH!

        NAV Personal 2002 however parses emails before they reach the client program; very nicely done. I wish Norton had included their Personal edition instead of the sucky standalone version of their Corporate edition.

    • The only problem I've come across is that soemtimes when you use Outlook Express and a virus is found in an email, the entire mail database file for that email account is locked up (good but hamfisted) until the administator disables the AV on the machine with the virus (dangerous), the culprit email is deleted and then AV is restarted. With files (exe, com, doc, etc...) and Office Outlook it's fine though. It does suck up a lot of juice from lower end machines (P3-500 and under, terrible with our old low-end Celeron 433s). P3-600 and above run fine.
    • You stole the words from my mouth. Symantec Corporate Edition is far and away the best anti-viral application on the market due to the following reasons:
      1) Relatively light on resources
      -server scans all transactions with little apparent performance hit, at least in my environment.
      -client performance is very fast
      2) It's completely different from the standard Norton sieve AV product for personal use
      -I've seen Norton Personal squashed by crappy little kit viruses, but Corporate Ed. has killed them all.
      3) Price is competitive for multi-license products of this nature
      4) Auto update. Everything's automatic, and so far, entirely reliable. I still double-check it.

  • I use McAfee (Score:3, Funny)

    by Eigenray ( 317237 ) on Thursday February 21, 2002 @12:46PM (#3045176)
    Unfortunately, I can't tell you [slashdot.org] what I think of it.
    Uh oh, by telling you I use it you might assume that I think it's great, so let me tell you right now that may or may not be the case.
  • I've had annoying problems with McAfee "finding" viruses in files that contain digitized data from scientific experiments. Plus, it seems to be somewhat buggy, crashing when it gets confused.
  • The antivirus saved me quite a few times, but the firewall is not so great (lacks configuration).

    But I had a lot of problems: I had troubles registering, their shop really sucks and I had to download different version of their registering software, after lots of mails with their support center. It took me a month to have a working version!! And a few days ago my subscription was over, well before the year I bought... but their support service wrote me that it was their fault and they will update my subscription period in a few days.

    So: buy just the antivirus, it's great and doesn't bog your pc, but don't buy it online!

  • You *need* a server side virus scanner (Score:3, Informative)

    by Nailer ( 69468 ) on Thursday February 21, 2002 @04:21PM (#3047023)
    Scanning for and removing mail viruses should be handled by your mail gateway (as well as your desktops for the following reasons).
    1) This way viruses are removed from your network at first opportunity
    2) You can bounce messages and let the sender / recipient / admin know the sender has a potential virus problem
    3) One server is easier to maintain than a few hundred desktops
    3) 2 layers provide more protection than one
    4) Why waste resources getting virus laden enail to desktops? A mail gateway provides a convenient choke point to get this stuff out of your network ASAP.

    With that in mind here's a guide I wrote for my employer [cyber.com.au] for doing so at clients, using Red Hat Linux, Postfix, and Sophos MailMonitor. [sophos.com]

    In the setup outlined below,
    1) Postfix accepts incoming mails on port 25 and leads them to a content_filter.
    2) The content_filter is Sophos MailMonitor, which takes over the mails on port 10025. After the mails have been scanned, they are placed back to postfix on port 10026.
    3) Finally postfix delivers the mails.

    Anyway, you should be able to read the guide at my rather unfinished website [cyber.com.au] in a short while. If it isn't there yet, it will be soon.
    • But what about other ways for virii to enter the network? Not everything comes in via POP/SMTP. For example, downloading from the Internet, CDs which come in from home with dodgy MP3 software on them...

      I certainly wouldn't roll out a machine to the network here without some form of AV software. As it is, we're currently evaluating alternative for InnocuLAN (network version of Innoculate IT) as it seems to be getting less and less effective.
      • Me>> Scanning for and removing mail viruses should be handled by your mail gateway (as well as your desktops for the following reasons).

        But what about other ways for virii to enter the network? Not everything comes in via POP/SMTP.

        Yes. That's why I just said that :).

  • You might be looking more toward the at-home, small-shop virus scanning, so my comments might not apply, but here they are anyway :)

    We use Trend Micro end-to-end. Officescan goes on the clients (Win95, 98, 2000, NT). ServerProtect goes on the servers (scan in+out or just one or the other). Scanmail runs on our Exchange servers. VirusWall will eventually go behind our firewall, particularly since they are a Cicso parter, and therefore allow only certain traffic to be filtered to the virus scanner inline. That's a big deal since your inline scanner can easily become a huge chokepoint (like McAfee... Network Associates is pretty clueless in this area).

    A better option on the desktop would be PC-Cillin. Officescan works great, but the new patern files and engine updates are in the 4 MB area, which is pretty slow to move to our 40+ remote offices over the average and already stressed frame relay connections (256k in many cases). Officescan uses a centralized server to push the updates and record scan results, and it can really slow down a network at the worst time (during virus proliferation... McAfee is not clueless here since they only ship the update portion to their clients). PC-Cillin pulls just the new part of the pattern file, so it's more like 200k on average.

    ServerProtect also runs from a central server (all of the consoles are web-based, requiring java). The update and reporting actions are similar, but it's not as big a hassle since bandwidth to them is not a problem. Scanmail updates directly from the internet, has options to scan smtp, mapi or both as well as block attachments by type.

    Performance-wise, we're pretty happy with them. Scanmail adds the most overhead, but it is well worth the effort. We also had an unresolved issue with backup software (Veritas BackupExec) running amuck on one particular system during the nightly ServerProtect scan, but we think it was related to the install of that particular machine. Reporting could be a bit less cumbersome, but it's still useful.

    Our solution wasn't cheap for a network our size, but all the players charge pretty much the same thing. Trend did miss Nimda until the second day after all the trouble, but Symantec and McAfee miss lots of other virii too (not to hear them tell it, but I'll attest to it), so you're in pretty much the same boat either way.

  • I work with a virus removal group on the undernet that works from the channel #dmsetup. We often locate new stuff all the time. Below Im pasting all my links I usually give out to users. Included are keepers of the gates of hell (stuff you use before you get infected.) and some stuff that gets out out of hell (what you use after your girlfriend opened that attachment)

    Cleaners and virus scanner suites

    Housecall online antivirus scanner [antivirus.com]
    PC-Cillin virus scanner suite [antivirus.com]
    Central command Virus Scanner Suite [centralcommand.com]
    Puppet's Cleaner [moosoft.com]
    Puppet's Cleaner Alternate Site [dynamsol.com]
    Mcafee virus removal suite [nai.com]
    Norton Antivirus, virus removal suite [symantec.com]
    Frisk software's f-prot antivirus suite for windows dos and linux [f-prot.com]

    Firewall software

    Zone Alarm Firewall [zonelabs.com]
    Conseal Firewall [consealfirewall.com]

    Various tools used to get out of hell or figure out what hell you are in.

    Boot disk images [bootdisk.com]
    Dmsetup.org [dmsetup.org]
    Common port usage/abuses [securetips.com]

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close