+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 37
Enterprise Software Thread, Enterprise Anti Virus in Technical; General thoughts please people. Prelims - Small school 130 students, 120 staff, 130 Machines 3 servers (and a fog server ...
  1. #1
    bencole's Avatar
    Join Date
    Nov 2013
    Posts
    76
    Thank Post
    45
    Thanked 2 Times in 2 Posts
    Rep Power
    2

    Enterprise Anti Virus

    General thoughts please people.

    Prelims -

    Small school 130 students, 120 staff, 130 Machines 3 servers (and a fog server that wipes computers every holiday period.) Anti Virus, Currently on sofos endpoint security all machines also have Microsoft security essentials on. Internet firewall is managed by SmoothWall. USBs and Disk media are allowed.

    Problem/Idea/Thoughts -

    I am kinda of the opinion that antivirus is an unnecessary expense. The system is locked down with group policy so only certain programs can run. I am fully aware that viruses could come through with Java, ActiveX etc and not require admin permissions to do what they do. I know there is a risk can the risk be mitigated without paying large fees?

    What does everyone else use, do. Anyone already do this? Anyone thought of this before. I need some advice for the risk assessment. Any help or advice would be greatly appreciated.

    Cheers,

    Ben

  2. #2

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,787
    Thank Post
    572
    Thanked 2,154 Times in 982 Posts
    Blog Entries
    23
    Rep Power
    626
    Moving to Enterprise Software forum.

  3. #3
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    901
    Thank Post
    41
    Thanked 68 Times in 65 Posts
    Rep Power
    18
    Do you have sophos and security essential s running?

  4. Thanks to free780 from:

    bencole (2nd January 2014)

  5. #4

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,844
    Thank Post
    570
    Thanked 994 Times in 766 Posts
    Blog Entries
    15
    Rep Power
    460
    Quote Originally Posted by bencole View Post

    I am kinda of the opinion that antivirus is an unnecessary expense. Ben
    WHAT??

    Sorry, you should perhaps revisit your priorities! Being naive or massively optimistic like that will only be a detriment to the security and safety of your school.

    There's no real need or point in running multiple solutions. Do you have a licensing agreement with Microsoft like EES? Could you therefore already be entitled to use System Center Endpoint Protection?
    Last edited by synaesthesia; 2nd January 2014 at 04:39 PM.

  6. #5
    bencole's Avatar
    Join Date
    Nov 2013
    Posts
    76
    Thank Post
    45
    Thanked 2 Times in 2 Posts
    Rep Power
    2
    Quote Originally Posted by synaesthesia View Post
    WHAT??

    Sorry, you should perhaps revisit your priorities! Being naive or massively optimistic like that will only be a detriment to the security and safety of your school.

    There's no real need or point in running multiple solutions. Do you have a licensing agreement with Microsoft like EES? Could you therefore already be entitled to use System Center Endpoint Protection?
    Currently we have nothing I am pushing for Microsoft OVS-ES, Secondly being a patronising helps no one. Please don't bother to post again.

    Most antivirus software will not protect from most attacks. If I were to create a virus I would make it to defeat sofos, mcafee etc.

  7. #6
    dwhyte85's Avatar
    Join Date
    Mar 2009
    Location
    Berkshire
    Posts
    1,212
    Thank Post
    155
    Thanked 146 Times in 131 Posts
    Rep Power
    102
    It's a bad idea - sorry in advance if you don't like that response.

    If these machines are on the same network as anything important, that could leave you with red faces and a lengthy explanation to give on why you have no protection when MIS/accounting data is nabbed.

    If it's one you have no choice but to follow through with, for reasons of financials - could consider a re-image the machines nightly and pay for licensing to scan your fileserver(s)/storage or anywhere people put data, of course this is assuming this network can't access the MIS/accountancy area... also considering disabling USB access, no admin rights, mandatory profiles, no access to e-mail, use of Java ... and any site where people can potentially download work e.g, dropbox, 4shared, skydrive... but then people may complain they're too restricted. .

    If you can get something on an existing agreement, cheaper through an LEA or thrown in with any other deals would definitely take that over a bare network.

    PS - you're right they MAY attempt to do the disabling of AV, but the point is the AV will find known patterns in the files downloaded... you are always at risk to 'FUD'/crypted binaries but AV does scanning and will pick it up when it's known to be bad or if it's something it's not encountered, often they sandbox before things run to see what it tries to do. Not sure what you mean not protect from most attacks... most good AV will catch a high percentage of the likely things that are downloaded... some employ network monitoring to see what files are doing to assess the current unknowns on-top of the initial sandboxing.

    Best of luck, I understand what you're getting at but it'd be a bad idea
    Last edited by dwhyte85; 2nd January 2014 at 06:08 PM.

  8. #7

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,844
    Thank Post
    570
    Thanked 994 Times in 766 Posts
    Blog Entries
    15
    Rep Power
    460
    That wasn't meant to be patronising, but over and above the feelings of schools technicians or NM's I like most here feel obliged to protect the school *and you*. Your argument would fall flat on your face when you're at an employment tribunal explaining to a jury why you felt it wasn't necessary when data was compromised.

    If you can get OVS pushed through you'll be laughing. The cost of Sophos etc on a per-seat basis, especially for primaries isn't too bad (1.95 was it?). Are you part of an Academy chain at all? Plenty of discounts to be had when buying bulk for chains, they may even have a deal in place already.

    ** edit ** I should also point out you should probably be removing MSE from the machines as small businesses (with no educational exemption) are only able to run it on up to 10 machines to the licensing
    Last edited by synaesthesia; 2nd January 2014 at 06:10 PM.

  9. #8

    Join Date
    Sep 2008
    Location
    England
    Posts
    267
    Thank Post
    6
    Thanked 67 Times in 59 Posts
    Rep Power
    51
    I think it would be a bad idea to run without AV. I don't let anything connect to my school network unless it has some form of AV on it.

    Is your objection financial or technical? There must be loads of low cost AV solutions out there that would be better than nothing. We get sophos included with our LEA services, I think this is fairly common in across the UK.

    How would you know if malware was getting through your other lines of defense? Tools like the sophos enterprise console can give a really helpful overview of what's going on on your network. Looking at what goes on on mine, I would never remove the antivirus from any of our computers.

  10. #9

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,613
    Thank Post
    1,229
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by bencole View Post
    I am kinda of the opinion that antivirus is an unnecessary expense.
    I would tend to agree, although in the end I figured something client-side was needed. We went for ESET NOD32 - 500 per year to cover the whole school (about the same size as yours) isn't bad. Client-side antivirus should hopefully stop infections via USB stick and so forth - most of the newer malware seems to distribute via email and web downloads these days. Your SmoothWall filter should hopefully be stopping malware before it gets to the client machines, and if you've not alrready got a spam-spotting email filter then ClamAV is free.

  11. #10
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    901
    Thank Post
    41
    Thanked 68 Times in 65 Posts
    Rep Power
    18
    You really need AV and applocker. Usb sticks locked down. No av is a bad idea.

  12. #11

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,050
    Thank Post
    1,318
    Thanked 2,310 Times in 1,624 Posts
    Rep Power
    692
    Our eset costs us 1.50 per machine through the LA - maybe you could get this sort of deal as when we were told we would have to pay (previously it had been free) I spoke directly to eset and they seemed keen to offer a similar deal.
    As for whether you need it or not. I think so. My only experience to back this up is the viruses trojans etc which have appeared on machines that have disabled or corrupt AV.

  13. #12

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,650
    Thank Post
    1,775
    Thanked 2,159 Times in 1,597 Posts
    Rep Power
    768
    Quote Originally Posted by bencole View Post
    General thoughts please people.

    Prelims -

    Small school 130 students, 120 staff, 130 Machines 3 servers (and a fog server that wipes computers every holiday period.) Anti Virus, Currently on sofos endpoint security all machines also have Microsoft security essentials on. Internet firewall is managed by SmoothWall. USBs and Disk media are allowed.

    Problem/Idea/Thoughts -

    I am kinda of the opinion that antivirus is an unnecessary expense. The system is locked down with group policy so only certain programs can run. I am fully aware that viruses could come through with Java, ActiveX etc and not require admin permissions to do what they do. I know there is a risk can the risk be mitigated without paying large fees?

    What does everyone else use, do. Anyone already do this? Anyone thought of this before. I need some advice for the risk assessment. Any help or advice would be greatly appreciated.

    Cheers,

    Ben
    AV is far from being an uneccesary expense.

    There are many techs on here who have had sleepless nights wresting their networks back from the grips of a virus that has taken hold despite the AV. I had one 3 days before Ofsted visited in my last school. AV minimises that risk. Relying on your network being "locked down" is senseless and also very risky. Losing your network directly affects the running of the school and Teaching and Learning. It also puts your school at risk of breaches of the data protection act should passwords to sensitive systems be extracted for example. The fines are massive, both personally and to the school.

    Because your school is classed as a business, free AV options are unlikely to be available. MSE, for example, is for home use only...though even M$ is not recommending that it is used any more even at home.

    I am sorry, but at worst AV should be regarded as an essential evil and should not be removed.
    Last edited by elsiegee40; 2nd January 2014 at 06:20 PM.

  14. Thanks to elsiegee40 from:

    synaesthesia (2nd January 2014)

  15. #13

    Join Date
    Aug 2007
    Posts
    811
    Thank Post
    98
    Thanked 64 Times in 46 Posts
    Rep Power
    25
    I would say that AV is becoming more of a necessity now than previously. With cyber crime on the up rise etc. The amount of quarantined threats we have even with a secured firewalled network I couldn't ever consider it. If anything was to happen you would be hung high and dry, I don't think you could create a risk assessment that would support it anyhow.?

    I would be constantly terrified of Cryptolocker or similar Trojans!!!
    Last edited by burgemaster; 2nd January 2014 at 06:35 PM.

  16. #14

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,650
    Thank Post
    1,775
    Thanked 2,159 Times in 1,597 Posts
    Rep Power
    768
    Also, do not underestimate the capacity of your colleagues to click on links in emails that should have been consigned to spam. Only today, I got asked about this one
    Dear Amazon Customer,

    We have recently determined that various computers connect to your Amazon account, password, and the present of chess more taient before the connection. Now we need to confirm the new information from your Amazon account. If not completed within 48 hours, we will be forced to suspend your account indefinitely, because it can be used in a fraudulent intent. Thank you for your comprehension in this way. To confirm your online account:

    >> Click here
    How anyone could think it might be genuine, I don't know... the email address used to send it wasn't even an amazon one.

  17. #15

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,787
    Thank Post
    572
    Thanked 2,154 Times in 982 Posts
    Blog Entries
    23
    Rep Power
    626
    NIMDA took down many schools in CLEO about 10 years back due to a poor AV config and from a small primary school it spread like wildfire. Just because your network may be locked down does not preclude the chance that you can get infected from another vector. Also think about the legal aspect of it. Imagine if you did get infected by a hypothetical virus that steals or opens doors in SQL databases and suddenly you find your MIS has been compromised.
    Firstly you would have to inform the Information Commissionaires Office, and then you would really have to explain why you had no protection in place to prevent this.
    When it comes to network security, never say never.

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Enterprise Anti virus
    By manick in forum Wireless Networks
    Replies: 13
    Last Post: 30th January 2008, 09:01 AM
  2. Replies: 20
    Last Post: 14th August 2006, 08:38 PM
  3. Pen Drive Anti-Virus
    By RobC in forum Windows
    Replies: 24
    Last Post: 18th November 2005, 08:43 AM
  4. Anti-Virus Software
    By Mango_RW in forum Windows
    Replies: 21
    Last Post: 22nd June 2005, 11:11 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •