Thursday, July 21, 2011

The Search for Antivirus Part 1

Given the proliferation of viruses and malware over the last few years (Antivirus 2010 and 2011 anyone?), and the recent hacking trend, you'd think protecting systems would be at the fore of every company's mind. However you'd be surprised at just how many companies are still using a hodgepodge of antivirus methods, if they're using anything at all. I've seen a lot of small businesses relying on free offerings from Microsoft and AVG, despite it being a blatant violation of their EULAs. That's bad enough, but these offerings, being made for the extremely small business (we're talking 10 or fewer PCs) or home use, don't have any kind of centralized management included, so you're leaving it up to the end user to keep their AV up to date and perform the occasional scan. I can't tell you how many times I've sat down at someone's desk to see the icon in the system tray warning of out-of-date definitions, or even worse, the AV being disabled all together!

It makes sense in a way. AV solutions are notorious for slowing down machines with memory leaks and intensive scans of every file you open or send. Users understandably get pretty frustrated with it and decide they can do without it. This usually stems from misconfiguration though, and isn't always the plain fault of the application in question. Let's face it: you're a sys admin who has to manually install AV on every person's machine. You're not likely to go into the settings each time and exclude file types or delve into any of the other options-- that is, if they're even available. MSSE is pretty straight-forward and doesn't have a ton of configuration options, one of the reasons it's geared towards home users.

This is why a centralized solution is so important. You set your clients to download AV definitions and signatures from a central location on your LAN instead of everyone heading out to the internet to connect, you can schedule it to run at off-peak times for everyone, it can alert you if anyone's file is out of date, you can set scan schedules and see what kind of dreck is getting onto your LAN and verify that it's being dealt with properly (and harass the repeat offenders), and you can tailor the scan details to ignore certain file types if need be.

In my previous life there were only two options out there: Symantec and AVG Professional. AVG was offered as a managed service, and Symantec was installed at the client's premises. Sky's are wide open now though and there are a lot of options to wade through. I'm going for cost-effective and plain old effective. There are some names I'm investigating automatically based purely on brand recognition, like Kaspersky and NOD32.

I started out with Kaspersky. There are two things that will annoy me right away about a company and bias me towards not using their service: bad websites and pushy sales tactics. Kaspersky managed to do both. I started off at viewing the options shown to the left:

Note that I have the options of Work Space Security, Business Space Security, Enterprise Security, and Total Space Security. I reviewed all 4 and decided that Work Space Security was sufficient. I also found out that all versions offered a central admin console and support for smartphone security.

However, if you click the link to compare versions of Kaspersky, under Mobile Devices it lists Android as well. Understandably I was confused, so I emailed I received an Out-of-Office reply:

Thank you for contacting Kaspersky Lab U.S.  Please direct your questions through the appropriate channel:

I took a break at this point. Figured it'd be good to step back. I came back later and resumed my research. This time my Kaspersky search landed me on a US-specific page,, which no longer had the Kaspersky Work Space Security option.

Where did it go? Apparently it's not a US offering? What did I do differently? But I wanted to see what the price was like on that one!

I went to the e-store. Suddenly, there was yet another new option: Small Office Security. Is this the same thing as Work Space Security, re-branded? Why didn't it show up in the Open Space Security list? Well, turns out Small Office Security can only be used for up to 10 PCs. fair enough, I just like to be able to look at all the options when I'm going to be spending money. I certainly don't want to be the one saying, "I didn't see that option" later on.

I went to get pricing on the Business Space Package, and ran into one of my arch nemesis: call for pricing. You could see pricing for 10 nodes online, but if you wanted to get pricing for more than that you had to call Sales, and of course you want more than that otherwise you'd go with Small Office Security, wouldn't you? They want you to call your Sales office so that they can get your name and number and the name of your business and start harassing you with follow-up phone calls and emails.

I called to get the pricing, and it turns out it's not even direct through Kaspersky. It's some 3rd party reseller. I suppose this explains why they couldn't give pricing online since they would likely not know what the reseller is charging at any given moment.

Despite all of that, I know Kaspersky is still tops for consideration. They are a well-known player in the industry, they certainly provide all of the features I was looking for (and some unexpected extras by way of the Android app), low package size and CPU utilization...the only downer so far is that you can't run the administration kit on Linux. Unfortunately, there aren't a lot of reviews out there on the business suite by reliable sources, unlike the consumer product, which is really too bad. They do have a trial version that you can download, so I'll be testing that out shortly.

No comments:

Post a Comment