Vaccinate Your NT File Services With Antivirus Server Software
InocuLAN has a strong alerting feature. A separate NT service, called Alert Manager, can prompt administrators via SNMP (over IP and IPX), a pager (both numeric and alphanumeric), Exchange Mail or NT broadcasts. Alert Manager also can write to the NT Application Event Log or automatically generate and print a virus report ticket. Intel LANDesk provides similar functionality. The only alert feature missing is Simple Mail Transfer Protocol (SMTP) support, which is available with ServerProtect, NetShield and LANDesk Virus Protect.
InocuLAN provides numerous options for dealing with viruses stored on the server. One of the most beneficial is the ability to cure an infected file in real
time and move the file to a secure area on the server. InocuLAN is the only product we tested that lets an infected file to be copied before a fix is attempted. This is important because the process of curing a file is not always 100 percent successful, and it can even produce a corrupted file.
One feature Cheyenne touts is InocuLAN's VirusWall, which is designed to prevent a file from being corrupted before it's detected by the antivirus application. We found in our testing that the VirusWall feature works--but not all the time. In some instances, the file was corrupted before being detected by InocuLAN. When we copied a known virus-infected file to the server and attempted to overwrite an existing version of that same file, each of the products detected the virus, but none prevented the original file from being corrupted.
McAfee NetShield for NT v2.53
 McAfee has been in the antiv
irus business for some time, and its NetShield product reflects that experience. NetShield is an excellent offering with a solid level of management and alert features. But if McAfee is to be a key player in the enterprise market, it must improve some areas.
NetShield allows remote
management of other NetShield servers. But unlike InocuLAN, NetShield displays only one server at a time and does not give a great deal of information about the configuration or the status of the server. In addition, the NetShield console does not provide an enterprise view of the servers, as ServerProtect or InnocuLAN give. Additionally, the NetShield console does not provide a visual indication when a virus is detected on a remote machine. However, when you select a server, you can easily determine its status. NetShield does tell you when a virus is found, and it can show an alert message and log the event.
NetShield is flexible when it comes to scheduling virus scans. For instance, a scan can be run every month or every
hour. NetShield also provides a scheduling wizard that takes you through the creation of a scheduled scan. Although this feature is not one a power user might turn to, we found it helpful in the early stages of using the product and would expect it to be helpful for novice users.
Real-time scanning can be remotely managed via the NetShield console, but there is no provision for the setup of logical groupings of servers or an autodiscovery feature, as with InocuLAN.
On several occasions, we encountered problems starting and stopping NetShield from within the NT Services control panel. Unfortunately, McAfee was unable to determine the cause of this problem as we went to press.
Trend Micro ServerProtect for NT
Trend Micro's ServerProtect is a very strong product that would fit well in most organizations' NT networks. ServerProtect provides a well-designed management console allowing for easy remote management. But ServerProtect lacks solid alert capabiliti
es that many organizations require.
One of the most significant deficiencies of ServerProtect is its lack of support for Microsoft's Internet Information Server (IIS) 2.0 HTTP and FTP server (see "How We Tested Antivirus Products," at left). We were able to download several virus-infected files
to an unprotected Windows client via our Web browser and FTP client.
When we used O'Reilly's WebSite Professional HTTP server, ServerProtect was able to detect and prevent our test virus from being downloaded to the client. To fix this security hole, Trend Micro offers InterScan Virus Wall for NT, which monitors the HTTP, FTP and SMTP ports for all files.
|
REPORTS
ANALYTICS
Follow 
