Ed,

>>Ed,
>>
>>>snip<
>>
>>>
>>>I hate Norton AV - I like Trend and Panda, with Trend being my first choice. I check for updates at least every 4 hours - at home, it's every two.
>>
>>What version(s) of Trend would you recommend? I took a peek and it looks like they have desktop versions or corporate editions (with licenses in multiples of 25). I'm presuming that the engine is essentially the same and that the corporate server edition 'reaches out' to the various connected desktops and performs a scan from the server to the desktop as opposed to each desktop having the desktop version installed. Is that your take?
>
>At the Corporate level with real servers, I use ServerProtect on the NT 4.0 and Win2K Server family (I've used it with SBS 2K, NT 4.0 TSE, NT 4.0 Server, and Win2K Server and Advanced Server both with and without TS, in both remote admin and application mode) and OfficeScan, triggered on all systems during login from the login script. Except in systems with a single server, I use either the second DC or a member server not running TS in application mode as the install server, with all other servers running as ServerProtect normal servers. The install server performs pull updating of both ServerProtect and OfficeScan components from Trend every 2-4 hours, and performing a push deploy of updated patterns immediately after download, and pull deploy of both pattern and program updates on each system login. I've used their mail server protection products for both Exchange 2K and mDaemon; I've no experience with their Novell server-based products, although I have used OfficeScan on systems
>with both the Novell and MS Clients for NetWare under Win98 and Win2K Pro, using a triggered OfficeScan examination of NetWare volumes to keep viruses from smacking around the older NetWare servers I still support; I think I have two or three clients where I manage the design of their infrastructure who still run NetWare of various flavors from the discontinued 3.20 to 5, and all are slated to retire these last remaining vestiges of Novell within the year, having moved all from either server mode under 3.2 or NDS to AD.

Excellent Thanks!!! So I take it in this scenario that all that is needed from the pov of the desktop is the initial install afterwhich the server manages the whole show?

BTW.... For those who may not be familiar with the terms "push" and "pull" ('pull updating' and 'push deploy') Ed used.. These are very specific terms that can have great meaning.

Let me give an example that might be of help: In the banking industry we often think of withdrawing money from an automatic teller or writing a check to pay a bill. Both of there are "push" events rather than the automatic teller being a "pull" event and the check writing a "push" event. In the case of the check you are instructing the bank (on your behalf) to "push" monies from your account to the account on the deposit slip of the company/individual tendering the check for payment at the RDFI (Receiving Depository Financial Institution - ie. bank, credit union, etc...). IOW, the money is "pushed" from your account to another. That way, should you have insufficient funds, the ODFI (Originating Depository Financial Institution) can protect itself by not sending monies you don't have and lower its liabilities.

In the case of an automatic teller the bank "pushes" monies to you after authenticating that you have the authority to instruct it to so do. Here they protect themselves by overdraft protections backed up (typically) with a small line of credit on your account.

Now.. with what I'm hearing about this software the "push-or" is the server and the "push-ee" is the workstation. That would strike me as being a great way to lower maintanence and support expenses. Plus it gives the administrator great control as well. Would that be your 'take' here Ed? That this method helps lower support issues?



>
>Each Desktop 'runs' it's own AV; the install server controls the acquisition of patterns and clients for the PC and pushes out updates immediately to all normal servers, workstation patterns immediately in the background, program updates after 6 hours at most or at first idle, as well as allowing systems to pull patterns and programs each time the PC logs in or reboots. All virus reporting is managed from the servers, as is the enterprise-wide AV schedule maintenance, and a ServerProtect server can initiate virus checking on one or all systems it manages, and can perform a HouseCall-like cooperative scan on clients. OfficeScan works with everything I'm supporting in the field for Win-based client stations, which means everything from Win98 on up through XP Pro as well as NT4 TSE, Win2K TS and Citrix MetaFrame thin clients (I don't have clients running Win95 of any flavor- they have a choice of finding an upgrade to their Win95 boxes OS or a new consultant. This isn't negotiable;
>there are too many disadvantages and bugs that aren't going away for me to be willing to take responsibility for ensuring that Win95 boxes can support everything properly. I also insist that NT 4 have at least SP5 and the Active Desktop updates available so that Shell.Application and WSH at least 2.0 is available, meaning that the stations have ie 4.01 or later (generally IE 5.5SP2 or IE 6; a few have older sversions of IE because they interact with remote servers that don't talk to IE 5.5 and later.) The presense of IE allows me to use InternetExplorer.Application and the WSH to help administer software version updating, relying on trusted intranet infrastructure to move around updates as well as to access various network administration tools.

IE?? Interesting. So this allows for remote management? If so, how would this be? IOW, does the WSH use IE to go retrieve files, updates, patches, etc from a remote update source (presuming Trend itself)? Or just remote notifications and then you'd need to go 'fix' the issues??

With respect to the WSH stuff.. I am interested in discovering how to make sure that installs we do have the latest versions, etc. Where might I go to learn how to do this? I'd like to use the WSH in some of our future stuff but we are in an environment where the business 'rules' regarding using the WSH are always going to be essentially unknown. Do you just not deal with folks who do not want the WSH installed (recalling former exploits) for fear of security risks or do you have a preferred way around the security issues?

>
>It's not cheap, but so far, it's kept stuff from nailing servers, quarentined the few infections that leaked through before damaging things extensively, and caught a lot of crap either as it came into the mail server, to the local station through access to untrusted sites and email where the enterprise did not administer their mail server locally under my control but reached the mail client.

Well, 'cheap' suddenly isn't the minute you get whacked by a virus, eh? <s>

>
>Standalone or in small peer-to-peer LANs, I swear by PC-Cillin 2K, which is the same basic client engine and pattern engine as OfficeScan. Craptops -erm- laptops that travel with salesmen who rarely are tied into the office network directly tend to run that, and their contact with the enterprise is via TS session, which is controlled by the ServerProtect/OfficeScan combination, even if the marketroid gets annoyed and disables the AV software and nails his travelling companion. OfficeScan is compatible with XP Remote Desktop sessions and PCAnywhere sessions.

Thanks!! I was wondering about the PC-Cillin 2K version.

>
>I've no tolerance for Norton AV at the enterprise level, and find that Trend's products make a lot more sense to me and my clients than McAfee/NAI's suite. I like the server-side control and monitoring features. And it's treated me well so far. And I give Trend a lot of credit for making HouseCall available on-demand to the public through their web site.

Norton is what we've been using but candidly I hadn't heard about Trend until now. I appreciate you taking the time to explain. Hopefully I've added a little. I always walk awy from these discussion with you thinking to myself that after all these years (18+) how could I still be so stupid. <bg>

>
>>
>>>
>>>I point out that they can spend the extra money now and not have the worries, or they can spend it later and shell over a fair chunk to a consultant
>>>
>>>Even paranoids have enemies!
>>
>>Are you talking about me???
>>
>
>Who told you? < g >

?!?!?!?!!!

Oh no.. It's true then...





<g>