Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Anti-virus software recommendation required
- Thread starter wilsona
- Start date
CitrixEngineer
Technical User
My vote goes to Trend Micro
Cannot give you a comparison as the firms (10K+ users each) that I have worked for over the past 6 years have all used McAfee. This by no means says that it's the best. Why do you say that you have been unable to find an acceptable product? Have you tested some or just going by white papers? -- Devil Dog --
- Thread starter
- #4
We would like per server licensing, with a server/client model - per user is much too expensive. Lets face it, virus protection although necessary, is not rocket science. We seem to be getting squeezed from all sides at the moment. How can anyone justify £2500 per 200 users (e.g. Trend)? If CA-InoculateIT was supported on terminal server it would be the best value at £500 for 10 servers. I would like to know what others think is the best value.
- Thread starter
- #6
CitrixEngineer
Technical User
The cheapest option is not to install any Anti-virus software on your Terminal Servers at all.
While this may sound like madness, I've implemented this solution successfully at government sites.
The trick is to make sure that all sources of data are protected, such as Exchange servers, proxies, file servers and the like.
This used to be my number one recommendation, until I started getting overruled by corporate managers who wouldn't hear of it. The only argument seems to be "We must protect all of our servers".
Here's the theory, showing how the servers can be indirectly protected;
A terminal server runs applications in user sessions that are spawned after the user authenticates to the domain.
If correctly configured, absolutely no data is stored on the terminal server, except temporary data that belongs to each session - which is isolated in a specific folder. This folder is typically purged regularly, and is subject to restrictions on the owner.
Given that data processed on a terminal server will be stored elsewhere (ie a file server containing home directories, shares, etc), it is only susceptible to viruses embedded in source data coming from outside.
This means virus-protecting all servers that have contact with "the outside world", and all client devices that can access data from outside (eg PC floppy disks, external e-mail clients).
This way, at least, it's per-device licensing, and you don't have the worry about whether it'll work with Terminal Services or not - many packages don't, or at least require significant "tweaking".
I hope this helps
While this may sound like madness, I've implemented this solution successfully at government sites.
The trick is to make sure that all sources of data are protected, such as Exchange servers, proxies, file servers and the like.
This used to be my number one recommendation, until I started getting overruled by corporate managers who wouldn't hear of it. The only argument seems to be "We must protect all of our servers".
Here's the theory, showing how the servers can be indirectly protected;
A terminal server runs applications in user sessions that are spawned after the user authenticates to the domain.
If correctly configured, absolutely no data is stored on the terminal server, except temporary data that belongs to each session - which is isolated in a specific folder. This folder is typically purged regularly, and is subject to restrictions on the owner.
Given that data processed on a terminal server will be stored elsewhere (ie a file server containing home directories, shares, etc), it is only susceptible to viruses embedded in source data coming from outside.
This means virus-protecting all servers that have contact with "the outside world", and all client devices that can access data from outside (eg PC floppy disks, external e-mail clients).
This way, at least, it's per-device licensing, and you don't have the worry about whether it'll work with Terminal Services or not - many packages don't, or at least require significant "tweaking".
I hope this helps
- Thread starter
- #8
- Status
Similar threads
- Locked
- Question
- Locked
- Question