I work for a small business. We wi 2

[mountainmike]

I work for a small business. We will soon be installing a new server running Windows Server 2000 with ISA firewall protection. I have been looking for some anti-virus software to supplement the firewall capabilities of the server.

Trend Micro has a product named WebProtect that should fit fine, but they make no mention of email scanning in their sales pitch. It's $320. Another product OfficeScan seems more robust but it's $625.

My question is this: if each workstation runs desktop anti-virus software (like PC-cillin 2003), and we make it an office policy to never download anything onto the server, is that a better plan for anti-virus protection than investing the hundreds of dollars to purchase software to run on the server ?

Any thoughts, anybody ?

 

[smah]

Here's one way to think about it. Even if your server is protected by the best antivirus software out there and you create a policy like you mentioned, there are still many ways for users to infect their desktops. Can you afford your desktops to be down while the server is protected? Next, you don't mention what services will be running on the server, so you'll have to answer this question - How could a virus have be run on the server to infect it?

So, how you protect your server will probably depend on how a virus could get access to it, but I highly recommend desktop protection. Users can do things that can not possibly be forseen.

How you protect your desktops may depend on how many users you have. For a small company, you could install individual protection on each machine seperately, and periodically walk over and check them to make sure it hasn't been disabled and updated. Another service that is quite good for a fairly small group is McAfee's ASaP service. Have a look at

http://www.mcafeeasap.com/

 

[InnoTech]

you are also looking at trusting the employees to keep the anti-virus program up to date and that just won't work. for example... I worked in one of the top 5 tech companies in Dallas and last year (2001 i believe) we were hit HARD by NimdaE! We had a very elaberate network needless to say that was partaly protected and others not. Everything was firewalled but nothing secure. In my dept. we all had norton corp and come to find out they weren't all up to date. Someone must of hit the wrong web link and BAM. All files were pre-scanned along with email on our server so it had to have been a website. Guess what happened to the network admin.... yep, fired...right after he got the whole company back up (we were down all day!!). "Jack of all trades. Master of none."

 

[smah]

That's one of the reasons I like McAfee's ASaP service. It updates automatically when the computer is booted (or every 24 hrs if it's always on). Also, using the web based reports, I can see if any machines are out of date for whatever reason.

 

[InnoTech]

good idea!! "Jack of all trades. Master of none."

 

[mountainmike]

What if the server is the internet access point ? If the server is running AV software, doesn't that mean that all of the stations behind it are protected ?

On the other hand, if the AV software runs at the workstations, and nothing is ever directly downloaded onto the server, isn's the server protected by the workstations ?

 

[InnoTech]

if access comes through "proxy" and "proxy" is the server itself that has the antivirus software then it would be something to look at. however, i doubt your network is running this way.

even if the server has some kind of "protection" through the workstations, its just not good enough. the server is still "online" and accessable from outside. "Jack of all trades. Master of none."

 

[smah]

Also as I said, even if the server (as an internet acces point or not) is protected, what's to stop a user from putting an infected floppy into their pc?

 

[Databaseguy]

I use Trend CE and Love it. Centralized, web-based management, automatic downloading of new patterns to workstations, etc.

That said, you should also be running server protect or something like that on your server(s).

Tyrone Lumley
augerinn@gte.net

 

[KimberTech]

Sorry to differ, but I have a habit of getting back to basics.
As for how much money you should spend and how "robust" you want your protection, you will have to decide how important your data is and how much down time you can afford on your network.

The Trend stuff isnt too painful to use, as Databaseguy mentioned.

I have set up most of the small business I have dealt with on dedicated and ISOLATED internet access PC's. That way, there is nothing to access except a dummy PC or two that is not critical to the network or the company at all.

Even the best firewall protection and antivirus can be circumvented sorry to say.
I always vote for NOT possible when I am able to. Not connected, no risk.

Something to consider....

Kimber

The more I learn,I realize how much more there is to know!

 

[KimberTech]

SMAH:

Good post...
can you tell me from experience how much the system resources are hogged by the McAfee stuff in your post?
Will DL the trial if you say its a good buy...might look into installing on my next job if I can test it in time.
What about the end user interface and ease of use?
These users aren't that computer savvy....

Kimber

The more I learn,I realize how much more there is to know!

 

[smah]

Kimber, I can't tell you specifically about the system resources until Monday. But, it is being run on some machines as weak as PII 233Mhz & Win95 without noticeable slowdowns. It is installed via an active-X control or can be pushed to workstations in an NT server environment. Once installed, the user interface is only the VShield icon in the system tray. The users can manually scan from here and manually update. The service can't be disabled without the correct keyboard + mouse combination. At the lowest support level (KB access, M-F email support) the cost per station is roughly in line with the retail version (considering the retail version only allows automatic updates for 1 year). Even machines not connected to the internet are supposed to be able to update virus definitions through the Rumor function, but I haven't verified this as all machines on that network have internet access. On Monday, I will disable access (throught the router) for one of the lightly used machines to see if it updates properly.

 

[KimberTech]

Wonderful....thanks so much for your input, and the extra effort in order to answer my questions.
I look forward to hearing from you next week....have a great weekend! Kimber

The more I learn,I realize how much more there is to know!

 

[smah]

Kimber, the different components seem to be using about 11MB of Ram when idle. Unfortunately, the internet blocked machines did not update during my test. I remember seeing something in McAfee's KB about this, but never worried about it because it doesn't apply here. I haven't had time to look this situation up, but when I do, I'll post back.

 

[KimberTech]

Thanks a lot smah....I am looking into this too..
I look forward to hearing from you again about this.
Kimber

The more I learn,I realize how much more there is to know!

 

[smah]

Well I finally got around to looking into why the internet restricted machines didn't update. It seems that to do this requires that a machine with an internet connection be set up as a 'relay server'. This is done with an additional switch when installing or can be set after the fact. The suggested ratio of non-connected machines to 'relay servers' is 50:1. It's also worth noting that this won't work very well without an always-on internet connection.

 

[KimberTech]

smah...
Thank you for all of the extra information, particularly your last post. There is no more valuable information than someone actually using the software IRL..
I have read reviews and purchased and things crash and burn...nasty stuff.
MUCH appreciated.

Kimber

The more I learn,I realize how much more there is to know!