corporate security

voxpop

Im currently update my companies security systems and im thinking of going for kaspersky or sophos antivirus, any opinion on either ?
Im also thinking some sort of personal firewall would be good for the laptop guys when the are working from home or over vpn, any suggestions of a good soft firewall. I also want the firewall disabled when they are in the office so some sort of profile based firewall would be ideal, any ideas ?

aidan_walsh

Can I recommend that if you are getting an antivirus solution, you can save bandwidth on update downloads and make sure that you are completely up-to-date by investing in a solution that includes a management server? This way, you download definitions from the internet to the server once, and to the individual clients over your LAN from there. Sophos small business products happen to offer such a product, so at least it keeps in your line of thinking...

voxpop

Yeah i was heading down the line of central admin - both sophos and kaspersky have a central admin - Sophos is very easy to admin, kaspersky a bit more difficult/complicated but sophos doesnt seem to have an email scanner. At the mo im waiting for Sophos to get back to me on prices and info about desktop email scanner. Kaspersky does have an email scanner, reasonable price but I like the Sophos eval more, what to do.

Martyr

Eugene Kaspersky is very good hacker, if you're looking to buy av product, then buy it.
just an opinion.

nutzboutstuff

For corporate anti-virus we used to use Symantec antivirus and for what you get the prices are through the roof. Last week we switched to Kaspersky and apart from long scan times and it picking up .class's with network related code as a warning its brilliant, picks up everything!

Zoned

We use Sophos and never had an infection, we get updates every half hour, just to be sure.
We have never had a problem with the software, either with installation or maintenance.

SouperComputer

NOD32 from Eset. Comes in corporate livery too.

Excellent detection\hurisitics, written mostly in machine code and as a result is VERY low on resources.

Covered the WMF expolit early enough too:

AN DIEGO, Calif. (January 4, 2005)

ESET, a global provider of security software for enterprises and
consumers, announced today that its NOD32 protects against the new
Windows Metafile (WMF or .wmf) vulnerability for which Microsoft does
not yet have an available resolution. Users running Microsoft Windows
ME, 2000, XP and Windows 2003 systems are vulnerable to a loophole in
WMF which enable cyber criminals to take control of online devices and
execute malicious code. With a patch from Microsoft pending for January
10, 2006 at the earliest, ESET is renewing its offer of a free 30-day
trial of its popular NOD32 antivirus software to non-customers.

Users of both Microsoft Internet Explorer and Firefox browsers are in
especially vulnerable to system compromise. As WMF are a main component
of graphic code that determines how users view web pictures, simply
selecting to display athumbnail in Windows Explorer or visiting a
website with an altered banner ad could trigger execution of the file
exploit. Additionally, ESET researchers have determined that the
Googledesktop search product and corrupted files within MSPaint can
result in execution of the vulnerability.

ESET's NOD32 utilizes ThreatSenseR technology, a sophisticated detection
system based on advanced heuristics and generic signatures, to
proactively identify previously-unknown malware, including the current
WMF exploit, in real-time. ThreatSense is built into NOD32 s single,
unified scanning engine to provide comprehensive protection so users do
not need to rely on additional point solutions for spyware and adware
protection. Without proactive heuristic detection, users must wait for
updated versions of their antivirus software, creating a critical window
of vulnerability that can last hours or even days. Additionally, NOD32
has been independently verified by AV-Test.org to proactively protect
against 206 of 206 tested WMF vulnerability exploits.

The use of Microsoft's operating system and software solutions is
prolific, which makes a very large user base susceptible to the current
WMF vulnerability, said Rick Moy, vice president of marketing and sales
for ESET. In order to prevent any propagation of the vulnerability,
ESET recommends that organizations take immediate preventative action.

The advanced detection methods used by ESET's NOD32 anti-virus stops
hackers from using this exploit. Customers running NOD32 are protected
without having to take any special actions. For more information or to
download a trial version of NOD32 please visit www.eset.ie/download

its easy enough to use and administer. I haven't yet used it in any networks with more than 8 nodes, but I would have no problems using it in bigger networks.

bungeecork

Might be an idea to have a policy of restricting home access to people with an ADSL hardware routers/firewall. That and the built-in XP SP2 firewall should be enough for the home users.

Don't know what that would mean once in the office though.