Antivirus / anti-spyware applications for my workplace

Hello goodjers,
I am an IT guy for a graduate school in Pasadena CA, and recently we have experienced dissatisfaction and nagging doubts about our antivirus / antispyware programs, and are looking to make a change.

We are not a huge school, but my department supports about 550 PCs (and almost as many Macs, but that does not enter into this particular discussion). Here is where we stand-

Antivirus: We used to use Symantec, then we switched to LANDesk (TOTAL disaster, no virus could do as much damage to productivity as LANDesk has already done). We could switch back to Symantec (I believe there is a paid for corporate license we could buy that might be more aggressive than our past setup), but I'm just not sure they are the most effective anymore. Also, last time I checked their anti-spyware portion was not up to par.

Anti-spyware: We've only ever had free-ware for this. Its been all SpyBot S&D up to this point, but once again I get the feeling they have lost relevance / effectiveness. AVG is out because their installs always pop up boxes making it sound like you need to purchase the product, which would confuse our userbase (and cause them all to call me).

Here's where you guys come in: What is an effective antivirus client for medium size business that is affordable? How bout for spyware (free-ware is always great, but we would consider a paid product as well). For bonus points, are Symantec and Spybot as out of touch as I think they are?

Goodjer community....ACTIVATE.

Symantec came out on top of the EndPoint Protection Product review WinITPro did back in January.

Symantec Corporate remains the best IMO. It is the only mainstream antivirus I used that actually has a clue how to deal with an infection AFTER it happened. Norton AV (consumer version) also has this strength, even if the interface is bloated.

My love affair with Kaspersky has ended once I realized just how many technically sophisticated features it has that are completely useless (which are only there for marketing purposes and for crashing Gears of War) and how many viruses slip right past it and it can't even detect them after it learns about them, either.

I mean, it can't deal with something as mainstream as VUNDO... on several occasions, on my father's and girlfriend's computers... come on !

Most AV programs are lagging behind technologically... Symantec is not perfect but, out of my stints with F-Prot, BitDefender, Kaspersky, AVG and TrendMicro Officescan, it's the one that lags behind the least.

Throwing in my nod for Nod32. eset.com

I'll vote for NOD32 as well. Lean, mean and effective. It is also currently the only product to have the Advanced+ rating from AV Comparatives. We recently started selling it over Kaspersky for this reason and the ones shihonage mentioned. Norton products seem to have all around improved of late but they've been in the dumpster for way too many years for me to trust them again yet. If your security software is good at dealing with a virus after it hits that's good but if it let the virus in to begin with, it isn't good enough. I strongly suggest staying away from AVG (buggy as Hell with v8), Trend (bloated and ineffective) and McAfee (same.) I can't speak for F-Prot and BitDefender right now.

We just rolled out Endpoint, and I can't say I'm terribly happy with it. It's had some weird issues that Symantec hasn't been great about helping with (e.g. 20000+ files in the "xfer" directory every scheduled scan, all "viruses"). Three quarters of my users complain daily that their machines are slow, and still do even though I've turned heuristic scanning completely off.

Parallax Abstraction wrote:

If your security software is good at dealing with a virus after it hits that's good but if it let the virus in to begin with, it isn't good enough.

Sadly no amount of heuristics protects against zero-hour threats, and I've seen my family fall for them a number of times, no matter the antivirus. I doubt NOD32 has the magical ability to detect unknown viruses, as no antivirus I've ever seen before could do that with any degree of reliability. The best one can hope for is that it can detect a variation of an existing virus manufactured with a "virus customizer program".

Wow, zero-hour threats. I wonder how long it will be before we're thinking in terms of zero-minute threats?

Oh, I believe you, I was just being quietly amazed. The security people have been warning that the speed of malware distribution would continue to accelerate. I just hadn't really internalized that their warnings are no longer about 'someday', but rather 'right now'.

I don't know, but let me assure you this is not fiction. I regularly see new "waves" of Emails linking to harmful sites which disappear in matter of hours, but the virus signatures detecting those executables (which I temporarily keep, out of curiosity) don't appear till 3 days later.

Putting it through "Online Malware Scan" at the moment of receiving the Email usually yields 0-2 detections, and from completely random antiviruses every time.

Malor wrote:

Oh, I believe you, I was just being quietly amazed. The security people have been warning that the speed of malware distribution would continue to accelerate. I just hadn't really internalized that their warnings are no longer about 'someday', but rather 'right now'.

Yeah, I remember working as a database programmer temporarily at a crappy job a few years back and getting hit with a 0-day virus (probably 0-hour but I can't prove it). Shut down the whole company for 7 work-days. Had it almost completely patched out manually before our antivirus released an update for it.

Thankfully I'm in a better place now.
Keep up the great suggestions guys. Our LANDesk subscription runs out beginning of this summer (halle-LOO-jah!) so my final decision will be implemented then. I'm leaning towards Symantec corportate ATM, and now I'm off to check out this NOD32 of which you speak.

Parallax Abstraction wrote:

I can't speak for F-Prot and BitDefender right now.

F-Prot is an absolute disaster. My local ISP provides it for free to it's customers and... just wow.

BitDefender is decent in terms of detection and removal but it seems to have a lot of stability issues.

Indeed F-Prot is so bad it doesn't even uninstall properly.

Wow, that's crazy. I'll make sure to stay far away from that one then.

So far, we've had very good results with NOD32 and I'm happy we switched to it. Despite being seemingly one of the best products, we can also get it cheaper than any of its competitors which is also nice. It is a lot easier to sell it to someone who is used to Norton and has never heard of NOD32 when they can get the latter for less than half the price.