Time for new Anti-Virus software... suggestions?

[Marie (Zionkowski) Gozikowski]

I need to vent a little :-)

We have one user who has downloaded the fake 'virus-scan'
malware 3 times in the last 4 months...instead of reprimanding the
user, I am the one getting yelled at for "allowing" it to happen....

I have installed a new router, new firewall, blocked a bunch
of sites, switched the office to Firefox, and purchased a separate
off-the-network laptop for them to use for non-business browsing.
So, looking for suggestions on how to shut her down.... I guess I
can go to 'whitelisting' but that is a royal pain...

Our 2 year agreement is up on our anti-virus (AVG Pro now)...
Looking at AVG, Trend, Avast, F-Secure & Avira....
Looking for great protection and a small footprint... AVG
seems to crawl sometimes.... Trend doesn't seem to do well
on independent testing sites (such as av-comparatives.com)...

Any thoughts (no, guns are not a viable solution!)?

Thanks!
Marie

[Gene Foraker]

To answer the question specifically on Anti-Virus, I'd say Norton.   It used to really be awful, but the past 2 years have shown big improvement.

Your problem is one employee going where she should not during work hours and doing things she shouldn't.  Your manager won't manage the employee.  The real solution for you is white list.  Explain to everyone that the situation made you do it and hint that it is all her fault.   Put in the white list all of the insurance company domains along with a few others and make changes only with a written request and good business reason.   This will be far easier than any other solution.

The other solution is the freeze program others have mentioned which makes it easy to restore the computer.   I think that might be more work for you, but is viable.

[JohnGage]

I would also find out exactly where s/he is going on the web.  Perhaps with more evidence your mgmt will take a harder stance. 

[Marie (Zionkowski) Gozikowski]

Sigh -

I am leaning towards white-listing myself... more things to do in my
spare time.... :-)

[Che Guevara]

I agree with Gene that this is more of a management problem

You need a clear policy outlining termination if people use their PCs for web surfing or if they load anything on without pre approval.

I too have a non-network PC in the lunch room for web serfing that cant hurt us and this puts weight to the policy and there is no excuse for anyone to go to sites that have Malware on them on their workstations

[Bloody Jack Kidd]

If your company had the budget for it, now would be a good time to switch to application whitelisting in lieu of AV.  If you still are sold on AV technology, Sophos would be my choice.  Recently switched from Sophos to our parent companies brand - Symantec, blech.  We've had to disable the majority of Symantec Endpoint bells and whistles to make it play nice with our servers.  

Since your current major issue is really the web-vector, URL / content-filtering / web security is worth considering.  I don't condone the use of UTMs, open source or commercial, but purpose built devices are worth a look.  I have clients on Portcullis For Business, and it's working well for them in this very capacity.

That said - nothing is 100% effective, application whitelisting is likely the most effective technology to date though.  If you know the URLs where this user has been to get infected, let me know, I'm always interested.

[Marie (Zionkowski) Gozikowski]

Yep - I have been reading a lot on the question of whether or not you even NEED
anti-virus programs, as that is not where the main threats come from now.  AV
programs do nothing to stop stupid people from actively allowing malware to
execute, they just stop most passive threats...

I need something to stop people from activating these things... or not allowing
them to get to them in the first place...

I also need an answer for my boss --- he doesn't understand that NO security
is 100% full-proof.  He just gets upset that another one got through, and
wants to know why I am not 'doing my job'.  Any ideas on how to explain
this better to him?

On the upside... I am now an expert at cleaning up computers infected with
these fake anti-virus scanners, if anyone needs help :-)

[Bloody Jack Kidd]

there isn't a security vendor out there who claims their product is 100% effective in the real world - old school AV is signature based, which means you need a sample of the stuff first in order to produce a signature.  So guess what(??)-- until a new virus or variant has infected a few thousand hosts and the vendor has some samples of this "new bug" to work with - everyone is exposed and susceptible.

You need to talk to your boss about Defense in Depth and limiting risk.  Control when/where your users can surf.  Do you do any virtualization or have any spare hardware?  Setting up a proxy server seems like black magic, but it's not all that hard.

Firewall + Proxy + decent AV = a good security base

[JohnGage]

I'm looking at installing an Untangle box to help with issues such as this.  UT has a web filter, virus filter and malware filter in their free open source product.  Some folks swear by it so it seems worth looking at, and you can't beat the price.  It basicly installs iteself so no need to know Linux.

[Che Guevara]

http://www.ccsoftware.ca/wingate/features.cfm

This can do what you want in a Windows enviroment with pretty much total control of your users surfing habits. Kaperski engine is pretty solid as well

[Bloody Jack Kidd]

http://www.ccsoftware.ca/wingate/features.cfm

This can do what you want in a Windows enviroment with pretty much total control of your users surfing habits. Kaperski engine is pretty solid as well

wow - WinGate still exists!?