In-Depth

Add Virus Protection to Your Apps

Symantec's AntiVirus Corporate Edition 10 makes virus protection simple and easy while maintaining a robust protection level.

• By Danielle Ruest and Nelson Ruest
• 08/30/2005

A lot less attention is being placed on antivirus tools today. Spam and spyware have taken central stage in the "most annoying threat" category. Also, nobody in their right mind would ever operate a system without running a virus-scanning engine on it. Or at least we hope not. Another reason new virus product versions often go unnoticed is because we're so used to having systems that work properly, downloading new virus signature definitions automatically on a regular basis and protecting our systems automatically. We wonder what else antivirus vendors can come up with. Well, Symantec has actually come up with a great new version of its AntiVirus Corporate Edition (SAVCE) tool.

Version 10 boasts several modifications over the previous versions. It still includes the simple and easy-to-follow installation procedures its predecessors featured. In fact, it is even simpler than before, because the steps are in a more logical order (see Figure 1).

Most of the improvements to this tool are security improvements. In previous versions, security was controlled through a simple password tied to the entire application. Now, SAVCE can support role-based access control because it supports named users. This means you can give discreet access to the Symantec System Center console based on the role and responsibility of the user. This is good news for large environments. The supported roles are read-only, administrator, central quarantine access, and gateway security access (see Figure 2). Accounts are mapped to Active Directory so that users can access the console with their own account. In addition, accounts can be managed on a group-by-group basis so you can organize the entire antivirus infrastructure through discreet groups of clients by division or location. This lets you implement a proper delegation of authority for virus management.

SAVCE 10 also includes security risk detection and removal. This feature, called Auto-Protect, integrates with the Quick Scan feature to detect and remove both spyware and adware, as well as viruses (see Figure 3). You can add exclusions to the files that Auto-Protect detects, giving you greater control over what is actually removed. In addition, the new Tamper Protection feature ensures that no other services or processes can affect the core protection features operated by SAVCE.

SAVCE 10 fully supports both Service Pack 2 for Windows XP and Service Pack 1 for Windows Server 2003. In addition, it provides full support for the latest platforms, including client components for the new Intel X64 platform and AMD 64-bit chips—this includes both the Opteron and the Athlon chip sets. This means that this antivirus tool supports the latest technologies, leaving no reason for any unprotected systems in your network.

This update also removes several legacy components that have been carried over from version to version for several years. For example, IPX protocol support is now gone, which makes sense because all networks today work with TCP/IP. Also, client deployment is now properly called ClientRemote Install Utility, removing the reference to Windows NT that was in previous versions (see Figure 4). Some users might be concerned about this, but if you want a secure network, there should be no Windows NT in it period. If you're still running NT, then you simply can't have a secure network. This is another reason why Symantec has modified SAVCE to remove any references to the Windows Internet Naming Service (WINS) and NetBIOS and now solely relies on TCP/IP.

The inclusion of digital communications and the integration of communications over the Secure Sockets Layer (SSL) is another nice improvement in this latest version. This means that all communications from client to server and vice versa is encrypted and protected from tampering. SSL not only encrypts data during transfer, but also ensures both client and server authentication, making sure there is no impersonation and, therefore, no "man-in-the-middle" attacks, which could spoof the server and send invalid definition updates to clients. A core certificate is installed automatically when either a new server is installed or an existing server is upgraded. This ensures that only authorized clients can talk to the server, that data is transmitted to intended parties only, that there is no tampering with the data during transmission, and that no one can view data during transmission, making the installation a lot more secure overall.

SAVCE 10 includes all of the powerful features that have made it a favorite among users. Its includes powerful configuration and virus-removal options (see Figure 5), and it's simple to set up. Through Live Update, it downloads new signatures automatically and distributes them to clients automatically. Deployment is performed in a few simple steps to all clients in your network, and administration is almost nil once it is up and running. There is no doubt that if you're using any other version of SAVCE, you should upgrade to version 10. If you're using another tool, then perhaps you should consider moving up to SAVCE. It is worry-free antivirus management that goes a long way toward reducing your administrative workload.

Symantec AntiVirus Corporate Edition 10
Symantec
Web: http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=155
Phone: 408-517-8000
Price: 100 seats are $37.90 per node; 1,000 seats are $31.80 per node; 10,000 seats are $17.44 per node; pricing includes one-year license, Gold support, content, and maintenance