Panda, Trend Micro seek anti-virus supremacy on workstations, file servers

Gone are the days when a simple anti-virus program installed on workstations on the corporate network was good enough to keep your business safe from virus and worm attacks.

Protecting businesses now requires a multilayer approach that includes an AV (anti-virus) solution installed on workstations and file servers, the addition of a firewall, and the protection of network gateways and firewalls. I tested Panda Software’s BusinesSecure 3.0 and Trend Micro’s Client/Server Suite for SMB 6.0, both of which tackle the client and file server protection pieces of the puzzle.

Both products use downloadable virus signature files from centralized signature database repositories to stay current, and each uses a single scan engine to find viruses. In these two products, the scanning engine quality is so good that just one engine is sufficient.

Because BusinesSecure and Client/Server are intended to be one component in a larger system, neither serves as an Internet gateway, and neither provides personal firewall functions. Both vendors, however, provide a plethora of additional features, in separate product-suite bundles.

Panda BusinesSecure 3.0

BusinesSecure has four components. AdminSecure provides administrative tools such as the admin console, communications agent, repository server, and event storage database. Client-Shield is an AV component that resides on Windows workstations. FileSecure is the AV component for Windows or Novell file servers and printers. And CommandlineSecure offers command-line AV protection.

A single-user version of BusinesSecure on a Windows 2000 laptop began impressively, finding three infected files that Norton had overlooked. Next, I installed BusinesSecure 3.0 on my Compaq ML530 departmental server and quickly disseminated ClientShield AV protection across the network using AdminSecure.

The user interfaces for both AdminSecure and ClientShield are Windows-centric, intuitive, and relatively straightforward. Panda produces some nifty real-time information using a proprietary, XML-based means of communication that conforms to SSL standards, whereas Trend Micro uses standard HTTP.

Unfortunately, I encountered a rather serious problem with BusinesSecure. The installation was incomplete, a fact I realized only after viewing the Events log and seeing that BusinesSecure wasn’t connecting to the Internet and therefore was not automatically downloading virus signature updates from Panda’s servers.

There was no documentation addressing required firewall configuration for automatic downloads, so I turned to Panda’s support team. They revealed the key: Port 8003 must be open to allow auto-downloads.

Even after I opened the port, the installation was never able to automatically download the updates. (I was able to download updates manually). To improve future versions of BusinessSecure, Panda needs to address the problem with appropriate documentation, add firewall intelligence so the application can detect which ports are available for communication purposes, and provide a pop-up alert window  if a download fails.

Additionally, I found that I could not uninstall ClientShield from a workstation using the Windows Uninstall tool in the workstation Control Panel, nor could I uninstall Client-Shield from the workstation through AdminSecure with admin privileges. According to a Warning Window, the only way to remove Client-Shield was by using the software CD — but the CD had no provision to uninstall.

Again, Panda support was extremely responsive and issued me a special upgrade and a new service pack, both of which are now generally available. I could then uninstall ClientShield, although it required hand-editing the registry and manually removing Folders from SQL server. Bottom line: Client-Shield cannot be uninstalled by AdminSecure, but can be uninstalled by an administrator from the client machine using the Windows tool.

Panda’s AV engine is outstanding and support is rock-solid, but the company should be able to produce a product that doesn’t require hand-editing of the registry to work. Overall, I’d like to see more maturity in the business and enterprise solutions’ management features.

Trend Micro Client/

Server for SMB 6.0

Trend Micro Client/Server for SMB’s automated installation took just minutes and went off without a hitch. Client/Server for SMB, available for later Windows platforms and Apache Web Server 2.0 (as long as it’s running on Windows 2000), found its own way through the network firewall without special consideration and speedily downloaded the latest signature files.

You can choose from several methods to deploy the OfficeScan AV component across your network, including through Internal Web Page; Login Script Setup, which automates installation when a user logs on to their system; Client Packager, which packages and delivers setup or update info via e-mail and is suitable for WAN distribution (including to PDAs); and Remote Install, which works well for centralized installations.

My remote client installation on one of the workstations discovered some buried Norton files, which I had to dump before the client would work correctly. Once installed, a Client/

Server task bar icon lets you view real-time scan processing and run immediate scans with one click.

Panda’s solution does this as well, but unlike Panda, if a user knows the Client/Server Unload password, they can turn the client off, easing the administration burden. OfficeScan’s logs — such as virus logs, update logs for server and clients, system event logs, and connection logs — can be exported as .csv files.

The OfficeScan user interface is clean and well organized, if somewhat less intuitive initially than Panda’s. However, it has a more comprehensive line-up of features to manage: impressive new features in 6.0 include a Virus Outbreak Monitor, which I used to set up attack thresholds and e-mail alerts.

Trend Micro also added an Outbreak Prevention Policy that allows you to block specific ports and folders and deny write access to selected files during an attack. Trend Micro warns that you should  deploy this feature only if your network is suffering an outbreak — it can cause serious network issues if not properly configured.

Client/Server 6.0 has an enhanced OfficeScan Clean Up function, too; it detects and deletes Trojans and their processes, and can be configured to put your original uninfected system settings back in place afterward.

When all the AV chips are down, Trend Micro comes out on top in this comparison due to its feature-rich admin console, extensive logging capabilities, and ease of use. It’s also slightly less expensive to deploy.

BusinesSecure does get a nod for its top-notch AV scan engine and excellent protection capabilities rate — and it supports Linux, a move I like to see. Nevertheless, the product could not manage to enable automatic updates, which makes for a difficult sell in a business environment full of overloaded administrators.