Opinions Needed: What AntiVirus to Recommend at Work?

[Thorin]

Yeah, so I found out that there are computers here at work being used by, shall we say, less-confident computer users, and that said computers have no antivirus installed.  Luckily when encountering a click-to-install website, the user asked what the hell "malware" was and why the website told them their computer was infected.  The "dialog" popped up by the website had an XP-standard dialog box look (blue bubbly title bar) while this particular computer was set to the Windows Classic theme.  Turns out the site was trying to trick her into installing stuff on her computer.

When I first started here, there appeared no impetus to purchase antivirus software - we were told to just install one of the free ones.  Of course, the free versions are only for home use.  I choose not to violate the EULA on these, as the people who make them are programmers just like me and need to make money just like me.

So, I will be making the case for purchasing proper antivirus programs to cover each and every workstation, but what antivirus program should I be telling them to get?

[Melbosa]

I have experience with TrendMicro, Symantec and McAfee in a corporate environment.  I am about to start testing ForeFront at work, as I am thoroughly impressed with Microsoft Security Essentials and ForeFront for Exchange.

Overall out of the three I have experience with in a corporate location, McAfee has been the best, in terms of supportability, patching, and deployment/policies, at both a large environment and small business.    I have a "guess" that ForeFront will be even better, but I cannot verify it.

[Thorin]

Being a small shop (8 users in this office, probably 10 workstations and 5 servers between us), I've been poking around for desktop-only non-centrally-managed security suites.  Right now, I'm considering Avira AntiVir Professional and ESET Nod32 Smart Security.  Avira's about 2/3 the price of ESET, but I hear (read?) more good things about ESET's software than I do about Avira's.

Feel free to weigh in with opinions - I'm taking each of 'em for a test run to see how intrusive they are in everyday work.

[Melbosa]

The McAfee Total Protection Suite, geared for small business, is really cheap IMO, and has a web management centralization hosted by McAfee (no need to install any type of central management service).  I have two businesses running it, about the size you indicated (one is less, one is more).  It installs and works on servers, desktops and even comes with an email spam gateway service to put in front of your email server.  Software installation is also done through a website.

http://mcafeeasap.com/MarketingContent/default.aspx

I can even connect you with an Alberta reseller for a quote if you want.

[Thorin]

I got a good laugh out of this dialog for scanning files:

[Lazybones]

We switched from McAfee to Forefront, however it is ment to be centrally managed so I would not recomend it for a small shop.

Looking at standalone products, detection rate and false positive rates are key.

antivar, kesparsky and nod32 are all very well rated products however I think nod32 recently had a bad update that killed win x64 systems.

I nolonger trust symantec or mcafee, regardless of their current detection rates.

[Thorin]

Thanks for the feedback Mel and Lazy.  I agree with you, Lazy, I'm soured on Symantec and McAfee.  Several times in the past I've had slowdowns and memory usage spikes that appeared to trace back to one of them.  And I've yet to successfully completely uninstall either of them.

AntiVir seems to be working good so far, not too intrusive.  However, there was an unhandled runtime exception.  This rather surprised me, especially since the unhandled runtime exception a) happened when trying to quarantine a file, and b) caused the scanner to quit on the spot (everything else stayed running, though).

It may be that I installed it wrong, as I did not follow the instructions and get the test license before installing.  I'm going to uninstall and reinstall it, following the directions this time.

Still, the scanner just popped up an unhandled exception and then *poof* disappeared.  Sorta scary.

Also, I appear to have an old virus in files that were sent to me by our old web hosting company, which means they would have this virus on their servers...  Another scary thought.

[Lazybones]

Finding virus in old files that have not had a full scan in a long time, isn't that odd. I had the same thing happen to me a few years ago..

The one thing I disliked about the AntiVir (free version) was that the auto update did not appear to be a background service and was always pooping up a download progress screen when my test system was offline for a long period of time.

Kaspersky is a very popular engine, I haven't used it on a desktop product but it is one of the engines in antigen/forfront for exchange. It is also the optional integrated virus scan engine in our new Juniper network equipment. It has a long history of having a good detection rate.

Here are some good links:

Independent tests and reports
http://www.av-comparatives.org/

Single File On line, multi engine scans:
http://www.virustotal.com/ - I like this one since there is context menu plugin for windows that lets you scan files.. This can be great for those suspect 0 hour files as you can quickly see which engines are fastest to respond
http://www.viruschief.com/
http://virscan.org/