Anti-Viral Software Recommendations? 64
Kris_J asks: "My InoculateIT Personal Edition anti-virus scanner will no longer be updated from around mid-March. I've really enjoyed this package, particularly the price (it's free for personal use). The company is complaining that so many new ways are being found for virii/worms/trojans to spread that they can't afford to keep the personal edition updated. Whatever. Does anyone have a recommendation for either a particular anti-virus package/bundle, or a good place for trusted, independant, reviews of anti-virus software, or even products to avoid. (If Zonealarm Pro was bundled with an anti-virus option I'd just get that.)" For those of you who have to deal with operating systems where viruses are a problem, what software do you use to detect them and weed them out? How about software that will scan your entire network?
I don't use windows, but (Score:2, Informative)
I have heard ver nice things about GriSoft [grisoft.com].
Re:I don't use windows, but (Score:1)
What's wrong with the rest of Europe using it, I wonder?
Re:I don't use windows, but (Score:1)
Re:I don't use windows, but (Score:2, Funny)
/Pedro
I do use windows and (Score:2, Informative)
AVGuard (Score:1, Redundant)
I also recommend iptables on a linux firewall. Never had a virus yet (knocking on wood).
Re:AVGuard (Score:1)
How does iptables protect against Windows viruses? I could see a Perl script that filters incoming mail to remove VBScript, et al, but I fail to see how iptables can protect your Windows boxen from infectious code.
That said, running an iptables based firewall is generally a good idea...
Re:AVGuard (Score:2)
IE/Outlook viruses still have a fair chance of course.
Re:AVGuard (Score:1)
In other words, I don't fsck'n trust m$.
Who needs anti-viral software? (Score:1)
Re:Who needs anti-viral software? (Score:3, Insightful)
Re:Who needs anti-viral software? (Score:1)
Also, we scan every CD which comes in the door of this office, and have on occasion had cover CDs with virii. They're more popular than you'd think.
A third point, you'd often not notice if you had a virus if it showed no external signs of being there. I've seen computers which were infested with virii, but the user was completely unaware as nothing had changed.
Beware
Re:Who needs anti-viral software? (Score:2)
Of course, we were running in a fairly unregulated environment with internet access and floppies/zip drives/CD-Rs being rampant. Once we got the virus scanners in place, we managed to get a handle on it, but it shows how much you need anti-virus software in almost any organisation.
Re:Who needs anti-viral software? (Score:1)
they're only gonna run this way if you use an email program stupid enough to automatically run sripts when presented with them (see Outlook and Outlook Express). other programs (see Pegasus Mail) wouldn't go near a script on principle
Re:Who needs anti-viral software? (Score:1)
I wholeheartedly agree, but when it's your office machine, and it's company standard....
Re:Who needs anti-viral software? (Score:1)
Somebody has to say it (Score:1, Offtopic)
Cheers //Johan
Norton Internet Security 2002 (Score:3, Informative)
I agree (Score:1)
Definately, I use this both at work and at home, very good product.
The firewall allows you to configure rules based on applications, ports, local address, remote address, or any combination of the above. When you use a new product that tries to access the 'net you get a popup warning box which allows you to one-off block/allow or to configure a rule. Nortons "Live Update" allows you to stay easily up to date, and the firewall software automatically contains blocks for the most common trojan ports.
The firewall also allows you to have "privacy" controls to prevent your browser accepting / returning cookies and off-site information, along with add blocking, very nice.
The Anti-Virus seems pretty effective as well with the usualy quaranteen, dis-infect, delete options, and a nice auto-update facility.
You can find nortons page here [symantec.com]
Norton is Aggravating (Score:1)
If there's one piece of software that can make your 2Ghz system perform like a Pentium 200 it's overly aggressive anti-virus software. It seems like Norton is the worst offender. It causes a noticable resource drain whenever you do anything with files. It's resident in memory all the time in various different places. It's hooked into the OS in so many different places that I worry if it will break when updates, hotfixes, etc are applied. I suppose it's great from a IT perspective where you have to assume your users are stupid, but I can't stand to deal with software like that at home.
Not like I use windows that much these days at home, but I sure don't miss all those "treat your user like a moron" anti-virus packagages.
Re:Norton is Aggravating (most anti-virus are) (Score:1)
/Pedro
Re:Norton is Aggravating (most anti-virus are) (Score:1)
if this is such a great product, why can't i just upgrade to the e-trust version they are offering now? It has the same charm as InoculateIT, and the price is a little less than $10 each year.
eTrust Antivirus [my-etrust.com] ($19.95, $9.95 annual renewel) will give you what InoculateIT Personal Edition did. eTrust EZArmor [my-etrust.com] ($49.95, $19.95 annual renewel) is a broader package providing the features of their Antivirus, Personal Firewall and Content Inspection offerings. I haven't worked with EZArmor, yet, but I've used Inoculan, InoculateIT and eTrust Antivirus, liked them all (and the improvements made over the years) and expect good things from Armor.
Re:Norton is Aggravating (most anti-virus are) (Score:1)
Yes, but the upgrade cost for current InoculateIT Personal Edition users is just $9.95 yearly.
/Pedro
Re:Norton is Aggravating (most anti-virus are) (Score:2)
BTW: I like Sophos too, but a personal licence is around A$295.
Re:Norton is Aggravating (Score:1)
I use Norton AV software at home, and it, like the Command AV product I use at work, allows the user to configure how "aggressive" it is. Perhaps if you couldn't figure this out you shouldn't have left those packages so quickly...
Re:Norton Internet Security 2002 (Score:1)
Re:Norton Internet Security 2002 (Score:2)
AV solutions (Score:2, Informative)
Re:AV solutions (Score:2)
We had a lot of problems with GroupShield at work and just went to Antigen. So much better. Everywhere I've deployed GroupShield there has been problems. The general answer in their KB is REINSTALL! Which is not a good thing on a production mail server.
If you're looking for free software... (Score:1)
I haven't tried it and have no idea if it's any good, but it's free!
Mcafee or Panda (Score:2, Informative)
An alternative i have heard some good things about though is Panda antivirus [pandasoftware.com]. One of the good things is that you can get an evalution version so you can try it before shelling out the money.
Another one i haven't seen mentioned on here, and that i actually own but havent tried (came with my motherboard) is PC-cillin [antivirus.com]. This one allows you to download an evaluation version as well.
I could mention a few others, but they have already been mentioned by others... (Norton antivirus for instance)
the problem with windows based software (Score:1)
Personally i use the free version of f-prot from f-secure [f-secure.com]
it runs in any version of windows, is updated weekly, is free, and works.
Re:the problem with windows based software (Score:1)
Free version of f-secure? Unless you still use Windows 3.1x, you are out of luck.
/Pedro
Norton Antivirus (Score:1)
If you use Windows, you have to spend money to get some basic software products. One of these is a good antivirus utility. It sucks, but that's life for the Windows user.
McAfee (Score:1)
If you don't have the resources to manage all this yourself, there is a managed service called VirusScan asap [mcafeeb2b.com].
Take a tip from *nix systems (Score:1)
Norton Antivirus Coperate Edition (Score:1)
From what I've seen of it, once it is installled there isn't anything you have to touch after. It just does its thing.
Re:Norton Antivirus Coperate Edition (Score:2)
Re:Norton Antivirus Coperate Edition (Score:2)
NAV Personal 2002 however parses emails before they reach the client program; very nicely done. I wish Norton had included their Personal edition instead of the sucky standalone version of their Corporate edition.
Re:Norton Antivirus Coperate Edition (Score:1)
Re:Norton Antivirus Coperate Edition (Score:1)
1) Relatively light on resources
-server scans all transactions with little apparent performance hit, at least in my environment.
-client performance is very fast
2) It's completely different from the standard Norton sieve AV product for personal use
-I've seen Norton Personal squashed by crappy little kit viruses, but Corporate Ed. has killed them all.
3) Price is competitive for multi-license products of this nature
4) Auto update. Everything's automatic, and so far, entirely reliable. I still double-check it.
The best anti-viral software is now available (Score:1)
get the latestAntiVirus Software [redhat.com] now!
I use McAfee (Score:3, Funny)
Uh oh, by telling you I use it you might assume that I think it's great, so let me tell you right now that may or may not be the case.
False Alarms (Score:2)
Norton Internet Security (Score:1)
But I had a lot of problems: I had troubles registering, their shop really sucks and I had to download different version of their registering software, after lots of mails with their support center. It took me a month to have a working version!! And a few days ago my subscription was over, well before the year I bought... but their support service wrote me that it was their fault and they will update my subscription period in a few days.
So: buy just the antivirus, it's great and doesn't bog your pc, but don't buy it online!
You *need* a server side virus scanner (Score:3, Informative)
1) This way viruses are removed from your network at first opportunity
2) You can bounce messages and let the sender / recipient / admin know the sender has a potential virus problem
3) One server is easier to maintain than a few hundred desktops
3) 2 layers provide more protection than one
4) Why waste resources getting virus laden enail to desktops? A mail gateway provides a convenient choke point to get this stuff out of your network ASAP.
With that in mind here's a guide I wrote for my employer [cyber.com.au] for doing so at clients, using Red Hat Linux, Postfix, and Sophos MailMonitor. [sophos.com]
In the setup outlined below,
1) Postfix accepts incoming mails on port 25 and leads them to a content_filter.
2) The content_filter is Sophos MailMonitor, which takes over the mails on port 10025. After the mails have been scanned, they are placed back to postfix on port 10026.
3) Finally postfix delivers the mails.
Anyway, you should be able to read the guide at my rather unfinished website [cyber.com.au] in a short while. If it isn't there yet, it will be soon.
Re:You *need* a server side virus scanner (Score:1)
I certainly wouldn't roll out a machine to the network here without some form of AV software. As it is, we're currently evaluating alternative for InnocuLAN (network version of Innoculate IT) as it seems to be getting less and less effective.
Re:You *need* a server side virus scanner (Score:2)
But what about other ways for virii to enter the network? Not everything comes in via POP/SMTP.
Yes. That's why I just said that
Corporate-oriented Virus scanning (Score:1)
We use Trend Micro end-to-end. Officescan goes on the clients (Win95, 98, 2000, NT). ServerProtect goes on the servers (scan in+out or just one or the other). Scanmail runs on our Exchange servers. VirusWall will eventually go behind our firewall, particularly since they are a Cicso parter, and therefore allow only certain traffic to be filtered to the virus scanner inline. That's a big deal since your inline scanner can easily become a huge chokepoint (like McAfee... Network Associates is pretty clueless in this area).
A better option on the desktop would be PC-Cillin. Officescan works great, but the new patern files and engine updates are in the 4 MB area, which is pretty slow to move to our 40+ remote offices over the average and already stressed frame relay connections (256k in many cases). Officescan uses a centralized server to push the updates and record scan results, and it can really slow down a network at the worst time (during virus proliferation... McAfee is not clueless here since they only ship the update portion to their clients). PC-Cillin pulls just the new part of the pattern file, so it's more like 200k on average.
ServerProtect also runs from a central server (all of the consoles are web-based, requiring java). The update and reporting actions are similar, but it's not as big a hassle since bandwidth to them is not a problem. Scanmail updates directly from the internet, has options to scan smtp, mapi or both as well as block attachments by type.
Performance-wise, we're pretty happy with them. Scanmail adds the most overhead, but it is well worth the effort. We also had an unresolved issue with backup software (Veritas BackupExec) running amuck on one particular system during the nightly ServerProtect scan, but we think it was related to the install of that particular machine. Reporting could be a bit less cumbersome, but it's still useful.
Our solution wasn't cheap for a network our size, but all the players charge pretty much the same thing. Trend did miss Nimda until the second day after all the trouble, but Symantec and McAfee miss lots of other virii too (not to hear them tell it, but I'll attest to it), so you're in pretty much the same boat either way.
LINKS #dmsetup give from time to time (Score:1)
I work with a virus removal group on the undernet that works from the channel #dmsetup. We often locate new stuff all the time. Below Im pasting all my links I usually give out to users. Included are keepers of the gates of hell (stuff you use before you get infected.) and some stuff that gets out out of hell (what you use after your girlfriend opened that attachment)
Cleaners and virus scanner suites
Housecall online antivirus scanner [antivirus.com]
PC-Cillin virus scanner suite [antivirus.com]
Central command Virus Scanner Suite [centralcommand.com]
Puppet's Cleaner [moosoft.com]
Puppet's Cleaner Alternate Site [dynamsol.com]
Mcafee virus removal suite [nai.com]
Norton Antivirus, virus removal suite [symantec.com]
Frisk software's f-prot antivirus suite for windows dos and linux [f-prot.com]
Firewall software
Zone Alarm Firewall [zonelabs.com]
Conseal Firewall [consealfirewall.com]
Various tools used to get out of hell or figure out what hell you are in.
Boot disk images [bootdisk.com]
Dmsetup.org [dmsetup.org]
Common port usage/abuses [securetips.com]