Introduction
This time I'll explain how to use antivirus programs to protect a whole network segment: for example a company one. In the company where I work we've got constant problems with viruses, spyware and trojans so we needed a global change in our protection system in order to deal with the constant infection problems.
Problem
Usually when one computer gets infected then the virus uses the network to spread over the other computers. So instead of cleaning just 1 computer we ended up cleaning a whole network segment.
Global solutions
There are many possibilities to prevent trojans and viruses from exploiting your network. I'll emphasize on two of them:
One of them is called honey pots - fake alarm triggering actions implemented with Itrusion Detection System IDS on a linux/unix machine to trap the intruders(viruses/torjans/hackers). There exist complicated honey pot versions allowing to exploit the trojan horse and clean it automatically even before it has propageded over the local network.
Another very effective type of protection is to implement antivirus programs using windows's group policies. So for example if you've got 250 windows machines they'll boot using a predefined set of policies. Since you can control the number of running programs on the computer using group polices could be started: realtime virus resident protection programs as McAffee, Kaspersky etc.
In that case the only problem arises when a computer catches a virus unknown to the antivirus/antispyware program. In such case the virus will again spread over the whole network.
Rescue: As a last resort if you have group of identical computers you might use preburned ISO backup images having the main software and operating system and just copy them back thus fresh reinstalling everything on the system. This approach is much faster than a complete reinstall of windows distribution with drivers and needed software.
How to choose a good antivirus program?
Lot of opinions I've heard about antivirus programs. Among recommended from friends and proffesionals were: NOD32, Kaspersky, Panda, Avast, Dr.Web, Mc-Affee, F-prot, AVG, AVP. I'll discus practial issues one might encounter when using those programs.
First off we started with Nod32 - very good and fast program. The problem after 2 weeks of use was that Kaspersky, Dr. Web, AVG and AVAST found viruses that NOD32 could not catch.
Conclusion: NOD32 is good for stopping trojans and filtering infected e-mails but there are viruses and spyware that it could not catch.
Panda - it's said that only Panda protects agains massive attact with viruses and worms.
Conclusion: Good for general protection, but didn't catch the newest in wild trojans and slows a little bit the computer.
AVAST is very good free complex antispyware and antivirus software. Now my network is almost fully equipped with Avast and NOD32. Avast cleans almost all apyware/trojans by having resident on demand scanner that scans the files priror every request to them. The program moves infected emails rewriting their header. This way it protects the user from accidental opening using Outlook Express.
Avast speaks and gives alarms to the user. It has an intuitive user interface that looks like an audio player. The integrated resident scan engine doesn't decrease the perforamance of the computer as much as Kaspersky.
One problem that you might experience that Avast still misses some trojans so when browsing actively(it misses the massive 20 trojans attack reported by Panda) and you have to use alternative programs.
Another issue is how AVAST treats its infected files - when AVAST finds an unknown virus then it prompts the user for action which is almost usually Delete. But this is a real issue because this way you can erase lots of important system files. A good feature of this program is the Virus Recovery Database(VRDB) that automatically repairs(restores to previous state) the infected by unknown virus file.
So when users don't browse ultimate "bad" or "restricted" web sites AVAST provides definitely good protection.
Conclusion: use it, but check your network also with other antispyware tools such as AVG!
SpyBot vs Ad-aware
Well the discussion for free anti spyware program is enormous but after months of practice I've discovered that AdAware and Spybot antispyware databases are fluctuating. The only difference according to my tests is that the engine of Ad-aware is faster than Spybot's. Now Spybot has again regained his prerfect accuracy by cleaning lots of modern toolbars and spyware that Adaware misses. That is the reason why I prefer Spybot - you could wait a few minutes but the revenue is having more fully cleaned system. The only cons is that due to the enormous adware/spyware/trojan database Spybot scanning is now very slow.
Spyware Terminator
I recommend using Spyware Terminator. It is free, faster than the most antispyware software and has an active system protection.
Microsoft Antispyware - it requires genuine MS Windows distribution. Using that check Microsoft restricted lots of people from using their Antispyware Product - aka Giant Antivirus.
Conclusion: The leader in the fight with spyware is definitely Microsoft Antispyware but I hope that Spybot & Adaware will evolve and cause faster cleaning and better detection.
The Windows Defender which is the new version of Microsoft Antispyware now takes up lots of system resources and thus slows down the overall system performance. That's why I recommend Spyware Terminator as a whole system protection.
Kaspersky has very big antivirus database that's why I recommend it, although it slows down a bit the computer. One could also use the free personal version from AOL active virus shield http://www.activevirusshield.com/powered by Kaspersky.
Dr.Web - definitely better than Kaspersky. It has an integrated network scanner and resident schield. Best of all antivirus program - very light and fast Dr.Web has an integraged virus protection and its larger database recognizes viruses marked by Kaspersky as Unknown - > for example BkCln.Unknown. Now Dr.Web has a free stand alone scanner CureIt! which you can use for emergency scans.
AVG AntiSpyware - excellent antispyware program with updated engine and huge database aka ewido antispyware. It is fast & reliable.
CounterSpy has one of the biggest spyware database. It also scans and detects hidden viruses in alternate data streams. Use this program to check your overall system.
A-Squared free - although not offering resident protection this tool has detected hidden trojans that Spyware Terminator had missed - so give it a try once in a month for a full system scan.
Conclusion:
For a complete protection use combination of free antivirus & antispyware program: for example Spyware Terminator and BitDefender or Spybot and AVG.
Update: It's known that most of the pests come from websites. Here is one story behind offering a great service and staying up to your principles: Statcounter refused to play this unfair game.
Receive new articles
Categories
2 коментара:
Hi,
I tested the free software all the ones that are popular. They all lack one important function that is causing ALL the problems.
It is the problem that is causing the other problems... They have no real time protection. Free software lack that function. They can only scan not block.
(Excluding Avast which has real time protection and some others - spybot or ad-aware free versions doesn't have)
So that's important to look out for when searching for a spyware/virus software in my opinion.
Try using Spyware Terminator - it has its own resident shield for blocking spyware attempts. Also you can integrate it with ClamAV for better protection.
Post a Comment