AV for Business

Discussion in 'other anti-virus software' started by joao_proscrito, May 20, 2007.

Thread Status:
Not open for further replies.
  1. joao_proscrito

    joao_proscrito Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    38
    Hi! A friend of mine has a medium business, and he wants to buy an AV to protect his computers. What do you think is the best AV solution for a business with 30-40 computers?

    Thanks!
     
  2. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    for 30-40 PCs. Your friend should hire a tech guy and give him a CIO title.

    Symantec , if you ask me.
     
  3. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    F-Prot Corporate license.
    Solid no-nonsense protection.
    30-40 mach.s = $130 - $170.
     
  4. MalwareDie

    MalwareDie Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    500
    definitely not sophos.
     
  5. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    Trend is also a very good one
     
  6. glentrino2duo

    glentrino2duo Registered Member

    Joined:
    May 8, 2006
    Posts:
    310
    Another vote for F-Prot
     
  7. mich

    mich Registered Member

    Joined:
    Mar 20, 2007
    Posts:
    9
    also avira antivir has a good corporate antivirus.

    :thumb:
     
  8. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Corporate AV? Depends. If you want a cost effective solution then AVG is good. Otherwise I can recommend McAfee, AntiVir, F-Prot and Trend Micro. AVG doesn't have a very user friendly interface, but in all other respects it is pretty good. So, it depends on whether your priority is cost, or ease of use/deployment. :)
     
  9. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
  10. JAB

    JAB Registered Member

    Joined:
    Apr 17, 2007
    Posts:
    36
    We currently use Trend and are actively looking for a replacement. Our problems with Trend can be summarized in three points:

    1. Clients that mysteriously stop updating to the latest pattern. Sometimes we get an email alert. Sometimes we don't. Thus, we are forced to review the pattern deployment for every machine weekly by flipping through the security groups in the management console. Solving update problems usually involves uninstalling and reinstalling Trend on the client.

    2. Overall abysmal performance in benchmarking tests. Trend has apparently stopped participating in benchmarking tests, because they know the news will be bad. Their VB100 testing history is 15 pass, 8 fail and 27 no entry. They've never received better than a Standard rating on av-comparatives and nothing in recent history.

    When av-comparatives did a one-off test of Trend, they concluded that even with a two-month advantage in pattern updates, Trend barely qualified for Standard. The suspicion is that its detection rate would have been less than 80% had it been tested at the same time as the other products.

    3. The latest version of their SMB suite (3.5) has caused problems on one of our domain controllers, placing it in a non-functioning state. Trend has acknowledged that other users have reported similar problems on various machines since the update, but they didn't have a fix for us other than rolling back to 3.0. BTW, the big benefit of 3.5 was integrated spyware protection.

    I will concede that other than the above, Trend is rock solid.

    /jab
     
  11. JAB

    JAB Registered Member

    Joined:
    Apr 17, 2007
    Posts:
    36
    I've been evaluating AntiVir corporate products, and I really want to like them, but it is clear that they aren't quite ready for primetime in the corporate world. Their management tool, SMC, just isn't built for effectively managing large numbers of clients.

    Here are the outstanding issues I have with AntiVir:

    1. No alert emails if client patterns go out-of-date.

    2. Scheduled tasks set to execute even if the client is offline (not in communication with SMC) aren't displayed at the security group level, even though you can create them there and they are obviously stored there in some way. To delete one of these client tasks, you have to click on every single client in the security group and delete the tasks individually.

    3. Viewing AntiVir Server log files from SMC is an exercise in frustration. The logs are not intuitively named, nor do they include the date and time the log was generated, so you have to play a bit of a guessing game to find the right one. Strangely, this isn't a problem with AntiVir Workstation logs viewed from SMC.

    4. No rootkit detection in AntiVir Server and no plans to introduce it.

    5. If a scheduled scan is running and the client receives a pattern update, the scan is restarted. However, no notifications are sent regarding malware detected (and possibly dealt with) during the aborted scan.

    6. SMC cannot automatically download new versions of products stored in its repository. Attempting to do so produces a 628 error. Known bug to be fixed in a future release. Workaround is to delete the old versions, download new ones and manually place them in the repository.

    7. AFAIK, it is impossible to produce a report showing the patterns installed on AntiVir Workstation clients. Reports only include AntiVir Server clients. Given that there is no email notification in the event of outdated patterns, this is a deal killer for me. This issue has been escalated by technical support.

    8. Despite installing the English version of the product, all reports have reverted to German. Reinstallation doesn't help. This issue has been escalated by technical support.

    The positives? Great VB100 record and great av-comparatives results. Reportedly, superb detection, very fast and excellent heuristics.

    /jab
     
  12. JAB

    JAB Registered Member

    Joined:
    Apr 17, 2007
    Posts:
    36
    And, while I'm at it, I might as well share the following discovered during my search for a new corporate AV:

    Eset:

    1. Cannot exclude folders or files from an on-demand scan, making on-demand scans practically unusable on domain controllers, exchange servers and presumably certain other servers.

    2. Recent failures in detection, apparent lack of responsiveness to submitted malware and poor detect showing in the latest av-test have me concerned.

    Positives for Eset are of course a sterling VB100 record, great av-comparatives performance, fast scans and great heuristics.

    Kaspersky:

    1. I terminated the trial when Kaspersky locked up my computer consistently upon scanning a particular file.

    2. High performance hit during web browsing is a concern.

    3. Concerned about heuristic/pro-active defense performance in a non-interactive environment. Does PDM even come into play on a server? Obviously, you can't respond to pop-ups on an unattended server.

    Positives for Kaspersky are their fantastic reputation for responding to submitted malware, rapid updates and stellar detection rates.

    I'm about ready to concede defeat and try Symantec.

    /jab
     
  13. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Personally I would give F-prot corporate license a try. It's a good offer and if needed the support on their forum for both private and corporate users is excellent.
     
  14. JAB

    JAB Registered Member

    Joined:
    Apr 17, 2007
    Posts:
    36
    My concern with F-Prot is that they perform well neither on the VB100 nor on av-comparatives. Plus, their proactive detection isn't very good. From a technical perspective, Symantec would seem to be a better choice.

    /jab
     
  15. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    drweb of course,

    must be good enough, as the russian ministry of defence use it :)

    if not that, ive heard nod32 have a good buisiness solution, although its not cheap.
     
  16. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    F-Prot is on the rise. They achieved and advanced rating on the last av-comparatives and should do well on the upcoming retrospective. The heuristics have improved dramatically.
     
  17. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    As an addendum, I would recommend trying out eSafe and Fortinet. They're good corporate solutions, with decent detection rates (not too sure about eSafe but I hope they are still using the KAV engine as backup, but Fortinet is definitely good).
     
  18. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    The Inspector has posted interesting comments about Fortinet.:eek:
     
  19. ASpace

    ASpace Guest

    o_O o_O o_O

    Other products (which often get VB 100% and Advanced+) are good , Fortinet is not good .
     
  20. JAB

    JAB Registered Member

    Joined:
    Apr 17, 2007
    Posts:
    36
    Multi-engine products in general have slow scan speeds, which might not be suitable for servers in a production environment.

    /jab
     
  21. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Symantec is the market leader for enterprise level AV protection, that is what you should get.
     
  22. JAB

    JAB Registered Member

    Joined:
    Apr 17, 2007
    Posts:
    36
    True, and sad as it is, it may be what I end up with, but here's what I don't like about Symantec:

    1. A relatively mediocre track record at av-comparatives. They only made Advanced+ once in the past four tests. In total, they've only made Advanced+ 31% of the time. And, they've gotten a Standard rating 38% of the time.

    2. Their proactive detection rate is poor.

    Those two points may be the lesser of the available evils for enterprise protection. But, I wouldn't purchase Symantec just because they are the market leader.

    /jab
     
  23. tamdam

    tamdam Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    88
    JAB, I think because business needs more comprehensive security solution, they aren't too worried about detection rates of AVs. Because a business relying on an AV with a supposedly high detection rate is obviously not a good security model. AV is just one piece of the jigsaw puzzle - personally I wouldn't worry too much about poor av-comparative results, and probably worry more about impact within the workplace, how it would fit in etc. So if you were really satisfied with f-prot or norton or whatever then detection rates shouldn't deter you (within reason).

    Just my opinion anyway.
     
  24. JAB

    JAB Registered Member

    Joined:
    Apr 17, 2007
    Posts:
    36
    Relying solely on AV is definitely a poor decision. However, I see no reason to compromise on relatively poor AV detection if it's not necessary. I want it all! :)

    Honestly, for corporate protection, you want good detection, good heuristics, fast scanning, low false positives and manageability. That leaves only a few choices:

    1. Eset - except for lack of exclusions
    2. Avira - except for manageability
    3. Symantec - except for heuristics
    4. McAfee - except for heuristics

    /jab
     
  25. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I missed those comments, can you show me the post? :)
     
Loading...
Thread Status:
Not open for further replies.