Enterprise Software Thread, Enterprise Anti Virus in Technical; General thoughts please people.
Small school 130 students, 120 staff, 130 Machines 3 servers (and a fog server ...
2nd January 2014, 04:06 PM #1
- Rep Power
Enterprise Anti Virus
General thoughts please people.
Small school 130 students, 120 staff, 130 Machines 3 servers (and a fog server that wipes computers every holiday period.) Anti Virus, Currently on sofos endpoint security all machines also have Microsoft security essentials on. Internet firewall is managed by SmoothWall. USBs and Disk media are allowed.
I am kinda of the opinion that antivirus is an unnecessary expense. The system is locked down with group policy so only certain programs can run. I am fully aware that viruses could come through with Java, ActiveX etc and not require admin permissions to do what they do. I know there is a risk can the risk be mitigated without paying large fees?
What does everyone else use, do. Anyone already do this? Anyone thought of this before. I need some advice for the risk assessment. Any help or advice would be greatly appreciated.
2nd January 2014, 04:08 PM #2
Moving to Enterprise Software forum.
2nd January 2014, 04:28 PM #3
Do you have sophos and security essential s running?
Thanks to free780 from:
bencole (2nd January 2014)
2nd January 2014, 04:37 PM #4
Originally Posted by bencole
Sorry, you should perhaps revisit your priorities! Being naive or massively optimistic like that will only be a detriment to the security and safety of your school.
There's no real need or point in running multiple solutions. Do you have a licensing agreement with Microsoft like EES? Could you therefore already be entitled to use System Center Endpoint Protection?
Last edited by synaesthesia; 2nd January 2014 at 04:39 PM.
2nd January 2014, 04:48 PM #5
- Rep Power
Currently we have nothing I am pushing for Microsoft OVS-ES, Secondly being a patronising helps no one. Please don't bother to post again.
Originally Posted by synaesthesia
Most antivirus software will not protect from most attacks. If I were to create a virus I would make it to defeat sofos, mcafee etc.
2nd January 2014, 05:41 PM #6
It's a bad idea - sorry in advance if you don't like that response.
If these machines are on the same network as anything important, that could leave you with red faces and a lengthy explanation to give on why you have no protection when MIS/accounting data is nabbed.
If it's one you have no choice but to follow through with, for reasons of financials - could consider a re-image the machines nightly and pay for licensing to scan your fileserver(s)/storage or anywhere people put data, of course this is assuming this network can't access the MIS/accountancy area... also considering disabling USB access, no admin rights, mandatory profiles, no access to e-mail, use of Java ... and any site where people can potentially download work e.g, dropbox, 4shared, skydrive... but then people may complain they're too restricted. .
If you can get something on an existing agreement, cheaper through an LEA or thrown in with any other deals would definitely take that over a bare network.
PS - you're right they MAY attempt to do the disabling of AV, but the point is the AV will find known patterns in the files downloaded... you are always at risk to 'FUD'/crypted binaries but AV does scanning and will pick it up when it's known to be bad or if it's something it's not encountered, often they sandbox before things run to see what it tries to do. Not sure what you mean not protect from most attacks... most good AV will catch a high percentage of the likely things that are downloaded... some employ network monitoring to see what files are doing to assess the current unknowns on-top of the initial sandboxing.
Best of luck, I understand what you're getting at but it'd be a bad idea
Last edited by dwhyte85; 2nd January 2014 at 06:08 PM.
2nd January 2014, 05:58 PM #7
That wasn't meant to be patronising, but over and above the feelings of schools technicians or NM's I like most here feel obliged to protect the school *and you*. Your argument would fall flat on your face when you're at an employment tribunal explaining to a jury why you felt it wasn't necessary when data was compromised.
If you can get OVS pushed through you'll be laughing. The cost of Sophos etc on a per-seat basis, especially for primaries isn't too bad (£1.95 was it?). Are you part of an Academy chain at all? Plenty of discounts to be had when buying bulk for chains, they may even have a deal in place already.
** edit ** I should also point out you should probably be removing MSE from the machines as small businesses (with no educational exemption) are only able to run it on up to 10 machines to the licensing
Last edited by synaesthesia; 2nd January 2014 at 06:10 PM.
2nd January 2014, 06:07 PM #8
I think it would be a bad idea to run without AV. I don't let anything connect to my school network unless it has some form of AV on it.
Is your objection financial or technical? There must be loads of low cost AV solutions out there that would be better than nothing. We get sophos included with our LEA services, I think this is fairly common in across the UK.
How would you know if malware was getting through your other lines of defense? Tools like the sophos enterprise console can give a really helpful overview of what's going on on your network. Looking at what goes on on mine, I would never remove the antivirus from any of our computers.
2nd January 2014, 06:11 PM #9
I would tend to agree, although in the end I figured something client-side was needed. We went for ESET NOD32 - £500 per year to cover the whole school (about the same size as yours) isn't bad. Client-side antivirus should hopefully stop infections via USB stick and so forth - most of the newer malware seems to distribute via email and web downloads these days. Your SmoothWall filter should hopefully be stopping malware before it gets to the client machines, and if you've not alrready got a spam-spotting email filter then ClamAV is free.
Originally Posted by bencole
2nd January 2014, 06:12 PM #10
You really need AV and applocker. Usb sticks locked down. No av is a bad idea.
2nd January 2014, 06:17 PM #11
Our eset costs us £1.50 per machine through the LA - maybe you could get this sort of deal as when we were told we would have to pay (previously it had been free) I spoke directly to eset and they seemed keen to offer a similar deal.
As for whether you need it or not. I think so. My only experience to back this up is the viruses trojans etc which have appeared on machines that have disabled or corrupt AV.
2nd January 2014, 06:17 PM #12
AV is far from being an uneccesary expense.
Originally Posted by bencole
There are many techs on here who have had sleepless nights wresting their networks back from the grips of a virus that has taken hold despite the AV. I had one 3 days before Ofsted visited in my last school. AV minimises that risk. Relying on your network being "locked down" is senseless and also very risky. Losing your network directly affects the running of the school and Teaching and Learning. It also puts your school at risk of breaches of the data protection act should passwords to sensitive systems be extracted for example. The fines are massive, both personally and to the school.
Because your school is classed as a business, free AV options are unlikely to be available. MSE, for example, is for home use only...though even M$ is not recommending that it is used any more even at home.
I am sorry, but at worst AV should be regarded as an essential evil and should not be removed.
Last edited by elsiegee40; 2nd January 2014 at 06:20 PM.
Thanks to elsiegee40 from:
synaesthesia (2nd January 2014)
2nd January 2014, 06:33 PM #13
I would say that AV is becoming more of a necessity now than previously. With cyber crime on the up rise etc. The amount of quarantined threats we have even with a secured firewalled network I couldn't ever consider it. If anything was to happen you would be hung high and dry, I don't think you could create a risk assessment that would support it anyhow.?
I would be constantly terrified of Cryptolocker or similar Trojans!!!
Last edited by burgemaster; 2nd January 2014 at 06:35 PM.
2nd January 2014, 06:37 PM #14
Also, do not underestimate the capacity of your colleagues to click on links in emails that should have been consigned to spam. Only today, I got asked about this one
How anyone could think it might be genuine, I don't know... the email address used to send it wasn't even an amazon one.
Dear Amazon Customer,
We have recently determined that various computers connect to your Amazon account, password, and the present of chess more taient before the connection. Now we need to confirm the new information from your Amazon account. If not completed within 48 hours, we will be forced to suspend your account indefinitely, because it can be used in a fraudulent intent. Thank you for your comprehension in this way. To confirm your online account:
>> Click here
2nd January 2014, 06:38 PM #15
NIMDA took down many schools in CLEO about 10 years back due to a poor AV config and from a small primary school it spread like wildfire. Just because your network may be locked down does not preclude the chance that you can get infected from another vector. Also think about the legal aspect of it. Imagine if you did get infected by a hypothetical virus that steals or opens doors in SQL databases and suddenly you find your MIS has been compromised.
Firstly you would have to inform the Information Commissionaires Office, and then you would really have to explain why you had no protection in place to prevent this.
When it comes to network security, never say never.
By manick in forum Wireless Networks
Last Post: 30th January 2008, 09:01 AM
By tickmike in forum Windows
Last Post: 14th August 2006, 08:38 PM
Last Post: 18th November 2005, 08:43 AM
By Mango_RW in forum Windows
Last Post: 22nd June 2005, 11:11 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)