How to better secure my server?
November 8, 2005 12:43 PM   Subscribe

Help me better secure my server (and workstations). I sit behind a Firebox X700, with an Exchange server, active directory, etc. Today the external address became blacklisted on the CBL. A machines are on SP2 and everything is up to date patch wise. I'm currently running malware detection on all machines. I'd like an effective antivirus program...

My users for the most part are smart enough not to get a virus. I'd used to get each workstation (about 25) a copy of McAfee but the amount of popups ("Do you want to update now", "Please extend registration 5 years in advance") would overwhelm the users and they were always calling to see if they should proceed to do whatever McAfee wanted. Also I found it missed some adware.

So I have two questions really, is there a basically "blind to the user" antivirus program that I can deploy from the server and will require limited admin. Basically beyond an install (which I'd like to do remotely) the users shouldn't have to touch it unless it detects something.

Also is there a way to detect which computer is the one who has the virus by monitoring the network? How would this be done? The firewall logs are constantly innundated and I can't figure out how to see what's good and what's bad.
posted by geoff. to Computers & Internet (4 answers total)
 
Symantec Antivirus Corporate Edition includes tools to silently push updates from a server to client machines. The server itself grabs patches from Symantec directly. This reduces your outbound traffic, which is preferable given you have a hardware firewall.

When a virus is found, the Symantec AV client can inform the server. The server in turn can be configured to email the administrator (i.e., you) which machine has the virus, what virus it is, and what has been done (or not done — it is not always advisable to clean/delete some types of files by default) to neutralize the virus (e.g., quarantine the file, clean it, or do nothing).

You (or your support staff) would then visit (or not visit) the workstation in question to do any follow-up work, if needed.

Version 10 of the Windows-based AV client now scans for spyware. I'd give one of their sales reps a call and see if you can get your hands on a demo.
posted by Rothko at 12:53 PM on November 8, 2005


I can confirm that Symantec Client Security works in the way you're looking for -- a single 'server' computer has a mangement console that lets you configure the client installations remotely, and push updates on whatever schedule you want. It has antivirus and firewalling.

You can also look at the logs and virus warnings for any of the clients via the management console.

The documentation bites, though. It took me a couple of hours of pure 'Huh?' before I was sure I had all the licenses, config and updating set up properly. Once that's sorted, though, going and checking on stuff is pretty straightforward.
posted by chrismear at 12:58 PM on November 8, 2005


One of the schools I work in uses SAV Corporate. I hate it. The master update process is fragile and needs constant poking to make it work, and when it fails all the clients get popups saying that the virus database is more than eight days old and you should update, which of course they can't do because they're all locked down and reliant on the master.

Another school uses VET, support for whose minimal central deployment/update facility has just been dropped from the latest version. Based on uniformly positive experiences with AVG Free on home computers, I'm going to push for that site to install AVG 7.1 for Computer Networks.
posted by flabdablet at 2:11 PM on November 8, 2005


BTW: IMO you should run, not walk, away from McAfee.
posted by flabdablet at 2:13 PM on November 8, 2005


« Older Intranet Design Suggestion   |   What the fudge just happened to me? Newer »
This thread is closed to new comments.