For a while now I have been on and on about the failings of Certain Anti-Virus brands. Not that I am alone in that. The 2 largest targets of my scorn have Symantec and McAfee. These are resource HOGS!!! Sure there are others. but IMHO they just suck. The consume valuable resource on machines and often do not protect well enough. I am frequently called upon to remove a virus that has infected a network because one operator in the peer to peer network forgot to update or heaven forbid neglected to pay for an AV agreement after the 90-day trial when they bought a new Dell or HP/Compaq desktop.
So while reviewing some old TechRepublic articles I came across a reference to a blog post that quantifies the reasoning behind my ire...
I have known for a long time the failings of AV and typically employ a multi-layer, multi-vendor approach to AV in a network. It is good to see some numbers that justify my concern and disdain for some and my adoration of others.
From backup and recovery to Anti-Virus and Anti-Malware, my primary goal to is to measure a clients recovery goals and pain awareness and match that to their budget. In other words how much are they willing to deal with in terms of Spam, in terms of down-time in various cases of emergency, and then build an overall package of software, hardware and services that match up within the budget and the risk factors. Generally, I see more and more quality low-cost solutions in that space. One of my biggest things for AV is the nature of the scanning, both live and on-demand. It seems to me that the big players in the AV market have big targets on them and so every script kiddie and Mountain Dew Junkie hacks specifically to disable and subvert the big AV products.
If you need help determining your risk tolerance, let me know. I'll be happy to work with you and find the right solution for you.
Lot's of businesses are asking me about Instant Messaging, is it safe for my business?
They see the advantages, presence information, quick and easy access to information locked in people's heads, etc. What they are truely concerned about though is the security of it. I have one client who is dependent on MSN Messenger. Each and every person in the firm is on MSN/Live Messenger. which is cool for a small firm, but the otherday, the receptionist/clerk girl had several IM windows open, one with her boss and another with a freind. Do you see where this is going? Well, inadvertently, she typed away some confidential info about one of their clients, thinking it was going to the boss, when in fact it went to the freind. Now, I'll avoid the obvious Policy and Proceedure debate, we all know that she should have been more careful, least of which she does. She is a VERY GOOD ASSISTANT and a VERY SMART PERSON. She made a simple mistake. So this is where I come in.
Client: "Bill, we are dependent on IM, we live on it. I can be in a meeting, and without getting up and walking out to talk to someone, I can pick their brain. Saves us time, energy and ultimately money. But I need something I can trust is safe and secure."
Bill: "Well, let's take a look and com up with an answer".
So we looked around. Initially I looked at Microsoft's Live Communications Server. We use this internally and it is VERY GOOD. It uses either Microsoft Messenger 5.1 or Office Communicator. It is secured inside the network, and there is a CLEAR sepertion of IM'ing. I cannot confuse it with Yahoo, Live, AOL or Google. I could incorporate some federation and pay for external IM connectivity, but for us it's not a good fit. From what I understand Trillion can use an LCS account, and that would enable a single interface, but for reasons mentioned above, we want a clear seperation of IM environments. Ultimately though, the client does not have a machine running Windows Server or Windows Small Business Server, so the cost to implement LCS just shot up.
They do have a simple Linux box with Samba as well as a dedicated XP Pro box for file and application data sharing. So I found a product called Wildfire. It's Open Source and has an open source client spark. It is based on Jabber, so it's highly developed and stable. It has a ton of features, including potentially federation/public IM connectivity. It has Presence info, and it has the ability to tie into Asterisk/FreePBX. Wildfire can run on Windows or on Linux, not sure about Mac. The best part is that is can be secured and isolated to just your network. What about Mobile users, well a VPN and a Mobile client is all it takes, now it's just like they are right there...
So yes, there is a secure IM for small businesses. In this case less than 5 people going in everywhich direction...
As an SMB Consultant, I probably will take them to LCS when they get a little bit bigger and they have a Small Business Server. Until then, Wildfire, Spark and maybe mJabber. It's alternative, but with a limited budget, I have only alternatives. Sometimes its creativity that sets one apart from others...and builds that Trusted Advisor Role.