Security Software preference - Home/Work?

T

tjwenger

Weaksauce
Joined
Sep 20, 2009
Messages
123
I'm just curious on what everyones Security Software package of choice was?

I run AVAST @ home and we run SEP @ work. Both seem to do the job, But I'm just curious to see what everyone else's experiences have been.
 
MSE for home rigs
For our business clients, majority are on Eset Business Edition. Some on SAV, a few on Trend Micro, uhmm...can't think of any other brands at the moment, think we phased out the last McCrapee clients.

DNS (be it router, or..if active directory)...forwarders to OpenDNS for all. Helps cut down on malware...as OpenDNS blocks known malware distribution sites, they maintain a regularly updated list. So it's an added layer of protection.

Some business clients of mine I have on Untangle for their firewall..it's helped quite a bit...adding more and more to it as we go on. AV and anti spyware scanning at the gateway of all traffic.

99.9% of our clients with Exchange Servers get filtered either through Postini, or MXLogic, or Appriver...or....to our recently setup in house solution...we have an Untangle unit in our office, we wash the mail through our own mail servers now...and deliver to our clients via a mail connector we setup. Untangle running ClamAV, Kaspersky, and CommTouch for spam filtering. They get their own Quarantine digests.

Microsoft Updates set to maintain. WSUS at clients where I can. Just as important as a desk AV product IMO.
 
I like Avast 5 a lot for my home rig. MSE was good too, just a personal preference between Avast, MSE and Avira.
 
Rolling out WFBS 6.0 to most clients now to replace the aging Symantec 10.x. (hated Endpoint). Don't like the resource usage, but I've gotta have something to protect the servers that is manageable.
 
YeOldeStonecat said:
99.9% of our clients with Exchange Servers get filtered either through Postini, or MXLogic, or Appriver...or....to our recently setup in house solution...we have an Untangle unit in our office, we wash the mail through our own mail servers now...and deliver to our clients via a mail connector we setup. Untangle running ClamAV, Kaspersky, and CommTouch for spam filtering. They get their own Quarantine digests.

Microsoft Updates set to maintain. WSUS at clients where I can. Just as important as a desk AV product IMO.
Click to expand...

how do you have that setup? you pass the mx records to your server then out again to the clients?

any reason? figure as postini reseller just let that handle it as you get spooling and a better solution than untangle.
 
marley1 said:
how do you have that setup? you pass the mx records to your server then out again to the clients?

any reason? figure as postini reseller just let that handle it as you get spooling and a better solution than untangle.
Click to expand...

We setup a routing group connector on our Exchange Server ...with a virtual SMTP connector for each client. It forwards mail to a DNS alias we make for each client...."exchange.clientsname.com", which points to their networks static public IP address. Clients MX record points to us...so their mail filters through our Untangle Super Bundle....passes onto our Exchange Server...which spits it to that DNS name...and onto their Exchange Server. Their Exchange Server has their SMTP set to receive only from our group of IP addresses.

The Untangle daily quarantine gets sent to the recipients mailbox just fine every morning at 6am...so they can easily manage that.

My colleagues son is a Cisco 'n *nix guru. He does a lot of customized services for people. He built us a few SMTP servers in some of his hosted servers out there....doing a couple of things. First..they perform backups for the MX record..in case for some reason our network is down...his servers are MX2 backups...and will "spool" the mail intended for clients until our server is back online. Second...they're both uses as outbound SMTP for our clients...so I setup our clients Exchange Servers to send their outbound mail through him. Custom ports..and he only allows the IP of their servers to connect.

We can do this solution fairly cheap..couple hundge a year for peeps. For small clients, Postini 'n stuff works great, or MXLogic or Appriver. But one thing...it's expensive as you start to get large..like above 40-50 users And for clients with high turnover..managing all those mailboxes at Postini or other is a pain in the friggin arse. What's nice about the solution we're doing...it does it on the domain level...don't have to worry about maintaining mailboxes for each user of each client. As staff come and go with each client...it requires no changes to their mail setup ..unlike postini or whatever.
 
YeOldeStonecat said:
We setup a routing group connector on our Exchange Server ...with a virtual SMTP connector for each client. It forwards mail to a DNS alias we make for each client...."exchange.clientsname.com", which points to their networks static public IP address. Clients MX record points to us...so their mail filters through our Untangle Super Bundle....passes onto our Exchange Server...which spits it to that DNS name...and onto their Exchange Server. Their Exchange Server has their SMTP set to receive only from our group of IP addresses.

The Untangle daily quarantine gets sent to the recipients mailbox just fine every morning at 6am...so they can easily manage that.

My colleagues son is a Cisco 'n *nix guru. He does a lot of customized services for people. He built us a few SMTP servers in some of his hosted servers out there....doing a couple of things. First..they perform backups for the MX record..in case for some reason our network is down...his servers are MX2 backups...and will "spool" the mail intended for clients until our server is back online. Second...they're both uses as outbound SMTP for our clients...so I setup our clients Exchange Servers to send their outbound mail through him. Custom ports..and he only allows the IP of their servers to connect.

We can do this solution fairly cheap..couple hundge a year for peeps. For small clients, Postini 'n stuff works great, or MXLogic or Appriver. But one thing...it's expensive as you start to get large..like above 40-50 users And for clients with high turnover..managing all those mailboxes at Postini or other is a pain in the friggin arse. What's nice about the solution we're doing...it does it on the domain level...don't have to worry about maintaining mailboxes for each user of each client. As staff come and go with each client...it requires no changes to their mail setup ..unlike postini or whatever.
Click to expand...

Don't you have to pay for Exchange CALs for each of the mailboxes you're filtering, though? I would think that would be expensive...
 
Not to my knowledge...as far as I could tell with the licensing, since the mailboxes aren't hosted on ours...the Exchange Server and CALs are purchased on the clients end....they're just passing through our Untangle, and being routed through the connector onto their Exchange Server.

It's going through its first month of testing...so far so good, and if this works well, C2 is going to build a couple of *nix servers that we'll host to take the place of the Exchange connectors...since we'd anticipate heavier volume and don't want to place that on ours...
 
I run a copy of windows xp with the FCKGW key, connected directly to the internet...

Home, I use UT, along with the spyware and av modules, and the protocol control, and IPS.

Then, on my servers and laptop(s) I use eset. I don't think there is any AV on my gaming machine.
 
YeOldeStonecat said:
Not to my knowledge...as far as I could tell with the licensing, since the mailboxes aren't hosted on ours...the Exchange Server and CALs are purchased on the clients end....they're just passing through our Untangle, and being routed through the connector onto their Exchange Server.

It's going through its first month of testing...so far so good, and if this works well, C2 is going to build a couple of *nix servers that we'll host to take the place of the Exchange connectors...since we'd anticipate heavier volume and don't want to place that on ours...
Click to expand...

Ahhh, yeah, that makes sense. Pardon my brain fart. :p
 
Home: ESET NOD32 v4

Work: ESET NOD32 v4

Clients are a mix of Symantec Endpoint Protection 11, Sophos Anti-Virus and ESET NOD32 v4.

Friends and family that I support I've all moved over to Microsoft Security Essentials.
 
Looks like a lot of Fans of ESET out there. Any particular reason? I've never used it so I'm just curious.
 
tjwenger said:
Looks like a lot of Fans of ESET out there. Any particular reason? I've never used it so I'm just curious.
Click to expand...

It's consistently been one of the better performing AV products, usually always in the top 3 over at AV-Comparatives.org.

And its management interface, in my experience in using quite a few different brands of managed antivirus products, is one of the more granular, and reliable ones.
 
Home: MSE
Work: We switched from SAV to Sophos a few months ago.
 
I run Vipre at home, because it's extremely low on system resources and pretty cheap. When I used it to purge a malware-ridden computer about a year ago it did pretty well, but didn't find everything, so I don't expect it to provide 100% protection. At least it was able to run and do it's job while the malware prevented F-Secure from running.

I used to combine NOD32 with CounterSpy and Sunbelt Firewall, but when I got an extra computer for my wife it was a better deal to get a two computer license for Vipre to replace NOD32 and CounterSpy. Now with Vipre 4 available I'll see if I let that replace the separate firewall as well.
I did give ESET Security a glance, but it's got far more features than I need and is too costly for two computers (given the features I need).

At work it's Symantec, which seems to work. I have no real opinion about it.

Cheers
Olle
 
Avast 5 at home Avast 4.8 or forefront at offices. I have used eset's products in the past and at the time I had issues with it killing the performance of pc's. Then again that was during the p4 days. Maybe it has changed. It has consistently received high ratings. EVERY office I walk into that is running any kind of Symantec protection, if they are up for renewal, I always recommend moving away from it. It has consistently been the cause of computer slowdowns, and I've seen computers infected with crap that I had to use the new install of Avast to get rid of. I'll change the office over to Avast 4.8 pro and all the slowdowns magically vanish.

OpenDNS- I setup everyone that will pay me. This service is great for both homes and businesses. Even if they don't want to filter the safe websites kids and employees can go to, at the very least I have it filter phishing and malware sites.
 
Last edited:
Seems a "whisker" lighter. It's the first 4 I put on a server...4.2, on an SBS03 box. I haven't even attempted a v3 or v4 install on a server until this 4.2 a few weeks ago...have been doing 2.7 only up til now. Think they finally got it right. Only thing wonky I found...external USB drives, default settings seems to act up so I disabled that USB removable drive scan option.
 
So they have XMON for 4.2 now?? Nice. I've been putting v4 on servers as long as they weren't running exchange and they've all been fine so far.
 
Captain Colonoscopy said:
So they have XMON for 4.2 now?? Nice. I've been putting v4 on servers as long as they weren't running exchange and they've all been fine so far.
Click to expand...

Yeah it's one installer you slap on the Exchange server....combination of the AV plus the Exchange component built into it. Guess they're not calling it XMON anymore...but "ESET Mail Security for Microsoft Exchange Server"

They started getting good with the install routine, it auto detects where the Infostore directories are..and automatically puts those in the exclusion list. However....one still has to slap in the additional other 6 or 8 exclusions for SBS..or at least active directory..if the box is running that. And I still drop the file detection from "all" file types to the specific list of common targeted files. And I disable background scanning.
 
You only need to install that ESET Mail Security for Microsoft Exchange Server on the SBS Box? Or still have to install the ESET 4.2 as well?

I have been doing 4.2 for a few installs now all seems good, haven't touched the XMON since I let Postini handle it.
 
marley1 said:
You only need to install that ESET Mail Security for Microsoft Exchange Server on the SBS Box? Or still have to install the ESET 4.2 as well?
Click to expand...

It includes the local antivirus..so no need to install the regular AV.
I still like a local AV on the Exchange Server...say an Outlook client gets hit, or something makes its way in via another method....Postini won't keep the local Store from going apeshit.
 
YeOldeStonecat said:
Guess they're not calling it XMON anymore...but "ESET Mail Security for Microsoft Exchange Server".
Click to expand...

That's awesome. Kind of like Symantec Mail Security for Microsoft Exchange Server but with ESET instead. Hmmmm. Does it do any spam filtering or anything now or just mail store? I suppose I could get off my ass and just look . . .
 
Captain - it does mention spam. I saw NSGroup-inc who I'm a reseller through has some webcast in a few weeks describing the updates maybe I will sit in.

Looks cool, but I can never test the spam since my clients use postini.
 
marley1 said:
Captain - it does mention spam. I saw NSGroup-inc who I'm a reseller through has some webcast in a few weeks describing the updates maybe I will sit in.

Looks cool, but I can never test the spam since my clients use postini.
Click to expand...


Wow, looks like they made this a complete package. Looks pretty neat. I have a client that will be renewing in July so I'll get to test it out then when I upgrade. :D

1.3 Types of protection
There are three types of protection:
1.3.1 Antivirus protection
Antivirus protection is one of the basic functions of the
ESET Mail Security product. It guards against malicious
system attacks by controlling file, email and Internet
communication. If a threat with malicious code is
detected, the Antivirus module can eliminate it by first
blocking it and then cleaning, deleting or moving it to
quarantine.

1.3.2 Antispam protection
Antispam protection integrates several technologies
(RBL, DNSBL, Fingerprinting, Reputation checking,
Content analysis, Bayesian filtering, Rules, Manual
whitelisting/blacklisting, etc.) to achieve maximum
detection of email threats. The antispam scanning core’s
output is the spam probability value of the given email
message expressed as a percentage (0 to 100). Values of
90 and above are considered sufficient for ESET Mail
Security to classify an email as spam.

Another component of the antispam protection module
is the Greylisting technique (disabled by default). The
technique relies on the RFC 821 specification, which states
that since SMTP is considered an unreliable transport,
every message transfer agent (MTA) should repeatedly
attempt to deliver an email after encountering a
temporary delivery failure. A substantial part of spam
consists of one-time deliveries (using specialized tools) to
a bulk list of email addresses generated automatically. A
server employing Greylisting calculates a control value
(hash) for the envelope sender address, the envelope
recipient address and the IP address of the sending MTA.
If the server cannot find the control value for the triplet
within its own database, it refuses to accept the message,
returning a temporary failure code (temporary failure, for
example, 451). A legitimate server will attempt a
redelivery of the message after a variable time period. The
triplet’s control value will be stored in the database of
verified connections on the second attempt, allowing any
email with relevant characteristics to be delivered from
then on.
1.3.3 Application of user-defined rules
Protection based on user-defined rules is available for
scanning with both the VSAPI and the transport agent.
You can use the ESET Mail Security user interface to
create individual rules that may also be combined. If one
rule uses multiple conditions, the conditions will be linked
using the logical operator AND. Consequently, the rule
will be executed only if all its conditions are fullfilled. If
multiple rules are created, the logical operator OR will be
applied, meaning the program will run the first rule for
which the conditions are met.
In the scanning sequence, the first technique used is
greylisting - if it is enabled. Consequent procedures will
always execute the following techniques: protection
based on user-defined rules, followed by an antivirus
scan and, lastly, an antispam scan.
Click to expand...
 
Yes looks good, honestly what is killing me with ESET is the spyware. I know spyware/malware is getting past all the antivirus I just wish ESET would incorporate like MBAM into the mix or something =)

But I have been selling ESET for 2ish years now, probably on my 1000s of Home User Licenses.

I have a few clients I will be upgrading to the full 4.2 package with Mail Security.
 
marley1 said:
Yes looks good, honestly what is killing me with ESET is the spyware. I know spyware/malware is getting past all the antivirus I just wish ESET would incorporate like MBAM into the mix or something =)
Click to expand...

Well, the rogue are killing every brand out there...Kaspersky, Symantec, AntiVir...those 3 and Eset are fairly consistently in the tops at AV-C for detection. These rogues are getting insane with new variants....they're fast outpacing the AV products...with many..many new variants per hour now. Not long ago it was several new variants per day.of a rogue. Now it's dozens of new variants within an hour..of some of the agressive rogues.

Multiple layers of security have helped...my regular clients that I maintain all the time....they're not getting bothered by these rogues much. And if a workstation does pick one up..it doesn't get far..maybe a stub of the install, easy to clean after that because it doesn't snowball on their systems.
*OpenDNS for DNS forwarding
*Untangle at the gateway
*Maintain Windows Updates
*Eset at the desktop
*IE 8..IE8...IE8...force those IE7 and 6 users to upgrade
*Updated Flash
*Updated Java
 
You must log in or register to reply here.
Back
Top