Hello there. Last time I blogged, I talked about how we were looking to change Antivirus products. I spent the last few weeks testing products from NOD32, AVG, Sophos, Trend and of course Symantec. It may be helpful to know how I compared the products. I was looking for superiority in these categories:
- Console – Unified (all products) is important
- Console – Having a "web console" versus a "win32" console would be nice, but not critical
- Multi-client – Windows (of course) + Mac + *nix are all nice to have
- Mail – Exchange client / suite is of course required for us
- Remote Push – I need to be able to install a client remotely
- Local Install – I also need to be able to instal a client "manually" as necessary
- Previous-client Uninstall – I need to have a product that will cleanly "uninstall" previous client
Here's why I didn't choose NOD32: It has no Mac support, and it doesn't support machine names larger than 15 characters (several of our AD-joined boxes are larger than 15 characters), and the Console was very unweildy. I'm sure it's a great product, but the console turned me off because of the complexity of the featuresets. It was almost like it had too many features – not intuitive at all. Here's a looksie:
Here's why I didn't choose AVG: I didn't like the console. The servers/clients seem to require additional setup to "hide" updates. That is, every time I logged on a client, it would launch the update tool. Also, the Exchange 2007 stuff wasn't available in the console. I didn't take a screen shot. Sorry.
Here's why I didn't choose Trend: The web console was horrible for me. The remote client install process was "clunky" for me and didn't properly uninstall existing software. I couldn't get the local web console to launch – not sure why. Remotely, on my Mac, the Web Console was all jacked up in Safari, and FF made it look funky. Here's a great example of that:
Here's why I didn't choose Symantec: well, it's Symantec! I've been a longtime Symantec user. When they launched the SEP (Symantec Endpoint Protection) product line there were significant migration issues. They were widely published in online forums. The bigger issue is that Symantec is incompatible with our Microsoft Dynamics SL application & Vista. This again is a well documented issue. Finally, the update/upgrade/client-push process with Symantec is painful.
That leaves us with Sophos. Sophos wins. It's **NOT** the "lesser of all evils" here. I'm very pleased with what Sophos looks and feels like in our organization. Several of my peers in Church IT also use Sophos which really helps as well – because we all have similar needs/wants in our Antivirus products.
I'll preface this next part that the first time I install Sophos, I did not read a bit of documentation. I just "winged it" on the install and test. It was very intuitive. There were two interfaces to learn. The first interface is where you setup "packages" for distribution. It's called the Sophos Enterprise Manager and it looks like this:
I subscribed and published both the Windows and Mac OS packages. Basically that pulls down the appropriate binaries and packages them up for distribution on a file share.
The next interface to learn is the Unified Console. It's called the Sophos Enterprise Console and here's a sneak peek at it:
At a glance form this console, you can see overall health and statistics of the managed clients. This is the console where you can add computers, put them into groups, and apply appropriate policies.
From within the groups, you can also right-click on the computers and do a host of other functions as well
You can also verify specifics from the workstations like below:
There are many OTHER reasons to like Sophos, but this is a long enough post already.
I'd like like to take a moment and let you know that I was helped with our Sophos order by
Mark Moreno who owns an IT Support & Services Company out of Elkhart, Indiana. He helped us get a great price and sweet buy-2-get-one-free deal. Mark works closely with non-profits and wants to help them find the best deals. You can find him on
twitter as well.
Seems that author is a designer, who chooses protection for his network by design of GUI. Quite strange approach. This Sophos Enterprise Console for was horrible for me.
It might do us all some good for you to share your challenges with the console. Better yet, share with Sophos too (if not done already). The enterprise console works well for the 12,000+ systems in my environment. I would like to see the author discuss the other benefits of Sophos at the endpoint, such as application and device control.
Cheers,
Steve
Fair enough guys. I’m no designer and surely didn’t choose network protection for 1,000 nodes in 14 locations in 6 states based on GUI alone. That would be silly. I believe technology should “just work” – I don’t expect perfect, and I surely don’t mind RTFM. I don’t buy into all the FUD surrounding technology X, Y or Z either. That’s why I take time to fully investigate things from “our” perspective.
What was impressive to me re: Sophos specifically was how “neatly packaged” the consoles were.
I’m in process of building our production machine on Server 2008 and will certainly blog about that experience as well.
Sorry that Sophos didn’t work for you Olle. I don’t think there’s a single one-best-product for everything. Within your context, perhaps you need something else. Inside our context, Sophos looks to be the best. Sounds like it works well for Steve too.
And, like everything else, we’ll continue to evaluate all production technology and move and shape our decisions as necessary.
Thanks for the comments. I’m surprised people actually read this blog.
🙂
As for me, I use NOD32 spyware ( http://rapid4me.com/?q=NOD32 ). I think, it’s the best of antivirus program.
I wouldn’t choose a security product on how nice it looked.. I’d pick the best one in terms of protection and then learn to use/like it. This is why I always recommend Eset Nod32. It’s a better product and offers far superior protection than the competition. Check it out on av-comparatives
Brendan, I think you’re missing the point for my environment. I had to have Mac/PC. NOD32 does not do that. Also, I had a 15-character naming issue, and NOD32 would not work with that.
Sure, a nice GUI is important, but that’s not the focus – that was an “aside” to me.
Thanks for the comment.
If you are attaching a device to a Microsoft network, don’t use more than 15 characters.
That’s one of the most basic things a domain admin should know.
John–
Thanks for your comment. I respectfully disagree with you though. Active Directory DNS supports up to 24 characters. The 15 character limit is a NetBIOS legacy limitation/recommendation. We also are looking at UTF-8 in our domain names – we are moving toward global machine names.
Sure, yes, for most organization – especially US only organization, or smaller companies – the 15 character limitation of NOD32 isn’t a problem. It was a problem for me though. We are a mixed Active Directory / Open Directory shop. We are a mixed Mac / PC shop. We are NOT a small business so make sure you look through my lens.
For reference on naming conventions – the 15 characters for “NetBIOS” and the 24 characters for DNS – you can reference the Microsoft KB article http://support.microsoft.com/kb/909264
Don’t assume “only Microsoft network” – not every organization is identical to yours.
–DW
New Console v4.0 has been released for Sophos and it is Awesome. As an enterprise offering Sophos is truly the master with the new release of the console and the Endpoint security product v9.0.
Matthew–
I agree! One of my teammates, Mark, has recently upgraded us to EC 4.0 nd ESP 9.0. He’s working on making our multi-site/multi-state environment even better. We’re very pleased with Sophos.
–DW
We just renewed our symantec but we looked real hard at sophos. Decided to stick with Symantec due to the fact that sophos did just as poorly at spyware as Symantec did. Did you evaluate spyware effectivness in your assessment?
Tony–
No, I didn’t necessarily eval spyware. We have 100% local admin users. They can install whatever they want – good or bad. We do, as part of our standard image, install malwarebytes, spybot and one other (can’t remember tonight).
For Sophos, we focused strictly on AV – both on the client/server and Exchange products.
Thanks for the post,
–DW
I go for Kaspersky Antivirus..it served me the best…you can download it from here http://www.evildrome.com
looking back on your switch to Sophos from Symantec…are you still satisfied? We are looking at switching and it looks like Sophos is the better option.
I use Nod32 and have for a while now. I make it a point to review several other AV products every time our Nod32 comes up for renewal. I regularly test Sophos, Kaspersky, F-Prot, Trend, and Avast. Nod32 always wins. In my opinion, the AV must be light weight and have the very good detection rates. Nod32 does a better job than the others. Sophos is very light as well, but Nod32 consistently has much better detection rates. Kaspersky is very good, but is kinda slugish. Trend, F-Prot, and Avast just don’t function as well (lesser detection rates and performance). If you need Mac support then Nod32 isn’t for you. But of Windows/*nix it does an outstanding job. Though the admin console could use some revamping it does get the job done and once you know your way around, it actually works quite well. #1 Nod32, #2 Sophos/Kaspersky #3 doesn’t really matter.