This time I'll explain how to use antivirus programs to protect a whole network segment: for example a company one. In the company where I work we've got constant problems with viruses, spyware and trojans so we needed a global change in our protection system in order to deal with the constant infection problems.
Usually when one computer gets infected then the virus uses its local area network to spread over the other computers. So instead of cleaning just 1 computer you end up cleaning a whole network segment.
There are many possibilities to prevent trojans and viruses from exploiting your network. I'll emphasize on two of them:
- Honey Pots
First one is the so called honey pot - fake alarm triggering actions implemented with Intrusion Detection System IDS on a linux/unix machine to trap the intruders(viruses/torjans/hackers). There exist complicated honey pot versions allowing to exploit the trojan horse and clean it automatically even before it has propagated over the local network.
- Group Policies
Another very effective type of protection is to implement antivirus programs using windows's group policies. So for example if you've got 250 windows machines they boot using a predefined set of rules (global policies). Since the number of running programs on the computer could be controlled via these polices it's becoming easy to start up real time virus resident protection programs such as McAffee, Kaspersky etc.
The only problem could arise when a computer catches a virus unknown to the antivirus/antispyware program. In such case the virus will again spread over the whole network.
Rescue: As a last resort if you have group of identical computers you might use preburned ISO backup images having the main software and operating system and just copy them back thus fresh reinstalling everything on the system. This approach is much faster than a complete reinstall of windows distribution with its drivers and specific software.
Lot of opinions I've heard about antivirus programs. Among recommended from friends and professionals were: NOD32, Kaspersky, Panda, Avast, Dr.Web, Mc-Affee, F-prot, AVG, AVP. I'll discus practical issues one might encounter when using those programs.
First off we started with Nod32 - very good and fast program. The problem after 2 weeks of use was that Kaspersky, Dr. Web, AVG and AVAST found viruses that NOD32 could not catch.
Conclusion: NOD32 is good for stopping trojans and filtering infected e-mails but there are viruses and spyware that it could not catch.
Panda - it's said that only Panda protects agains massive attacts with viruses and worms.
Conclusion: Good for general protection, but didn't catch the newest in wild trojans and slows a little bit the computer.
AVAST is very good free complex antispyware and antivirus software. Now my network is almost fully equipped with Avast and NOD32. Avast cleans almost all apyware/trojans by having resident on demand scanner that scans the files priror every request to them. The program moves infected emails rewriting their headers. This way it protects the user from accidental opening using Outlook Express.
Avast really speaks and gives alarms to the user. It has an intuitive user interface that looks like an audio player. The integrated resident scan engine doesn't decrease the perforamance of the computer as much as Kaspersky.
One problem that you might experience that Avast still misses some trojans so when browsing actively(it misses the massive 20 trojans attack reported by Panda) and you have to use alternative AV applications.
Another issue is how AVAST treats its infected files - when AVAST finds an unknown virus then it prompts the user for action which is almost usually Delete. But this is a real issue because this way you can erase lots of important system files. A good feature of this program is the Virus Recovery Database(VRDB) that automatically repairs(restores to previous state) the infected by unknown virus file.
So when users don't browse ultimate "bad" or "restricted" web sites AVAST provides definitely good protection.
Conclusion: use it, but also check your network with other antispyware tools such as AVG!
SpyBot vs Ad-aware
Well the discussion for free anti spyware program is enormous but after months of practice I've discovered that AdAware and Spybot antispyware databases are fluctuating. The only difference according to my tests is that the engine of Ad-aware is faster than Spybot's. Now Spybot has again regained his perfect accuracy by cleaning lots of modern toolbars and spyware that Adaware misses. That is the reason why I prefer Spybot - you could wait a few minutes but the revenue is having more fully cleaned system. The only cons is that due to the enormous adware/spyware/trojan database Spybot scanning is now very slow.
I recommend using Spyware Terminator. It is free, faster than the most antispyware software and has an active system protection.
Windows Defender - aka Microsoft Antispyware requires genuine MS Windows distribution. Using that check Microsoft restricted lots of people from using their Antispyware Product.
Conclusion: Windows Defender is definitely better than some others but I hope that Spybot & Adaware will evolve and cause faster cleaning and better detection. Beware that the application takes up lots of system resources and thus slows down the overall system performance. That's why I recommend Spyware Terminator as a whole system protection.
Kaspersky has very big antivirus database that's why I recommend it, although it slows down a bit the computer. One could also use the free personal version from AOL active virus shield http://www.activevirusshield.com/ powered by Kaspersky.
Dr.Web - definitely better than Kaspersky. It has an integrated network scanner and resident shield. Best of all antivirus program - very light and fast Dr.Web has an integrated virus protection and its larger database recognizes viruses marked by Kaspersky as Unknown - > for example BkCln.Unknown. Now Dr.Web has a free stand alone scanner CureIt! which you can use for emergency scans.
AVG AntiSpyware - excellent antispyware program with updated engine and huge database aka ewido antispyware. It is fast and reliable.
CounterSpy has one of the biggest spyware database. It also scans and detects hidden viruses in alternate data streams. Use this program to check your overall system.
A-Squared free - although not offering resident protection this tool has detected hidden trojans that Spyware Terminator had missed - so give it a try once in a month for a full system scan.
For a complete protection use combination of free antivirus & antispyware program: for example Spyware Terminator and BitDefender or Spybot and AVG.
Now AVG goes shareware so you might want to try the new AVP - Antivirus Toolkit Pro. by Nevyan Neykov