Joel Pippin
INLS 187
September 22, 2004
Software Evaluation:
Symantec AntiVirus Corporate
Edition 9.0
Symantec AntiVirus Corporate Edition is an enterprise level software package
used for management and distribution of antivirus protection software in a networked
environment. From a single location, an administrator can rollout client
applications, push definitions, quarantine viruses, and improve user security.
Snap-ins are available for Microsoft Exchange (which used to include Outlook
and Outlook Express), IBM’s Lotus Notes, and Internet email (where Outlook and
OE are included now).
Installation –
Installation requires CD or downloaded zip. As a subscription holder to a site
license for SAV8.0, the 9.0 upgrade, which should have arrived in a box in the
mail, was procured via a download site that was made available to me after a
more than average effort. Although I carry Gold Maintenance with Symantec, they
appear to make every effort to ensure that it is difficult to find solutions
when I need them. Although I’m sure that frivolous calls abound, their tracking
methods for maintenance customers are less than stellar, as we are provided
with a License ID, a Customer Reference number, a (different) Customer number,
a Certificate number, a Sales Order number, a Gold Extension Order number, a
Contact ID, and a Product Serial Number – only two of which are helpful for
finding support, and three of which change without notification when you extend
your maintenance. But I digress...
In the unzipped SAV9 folder, the
readme.txt is choc full of caveats and disclaimers. Had I not actually browsed
the entire thing, I would have missed that I must uninstall the previous
version of Symantec System Center or risk installation errors. Migration to an updated
version of a server product is always an interesting and hair pulling event.
Nevertheless, I uninstalled the previous version completely and began.
The install screen has several
options, including “Read This First” – another 9 pages, this time of small-fonted
PDF to read – so I read. Nothing exciting, so I moved on to “Install Symantec
AntiVirus.” Later, I’ll have to come back and “Install Administrator Tools.”
More options... I can deploy the server, deploy to clients, or just install the
client SAV product, which is there for use like the old days – going from PC to
PC to do the install. Opting for the server, I installed it without any
excitement... I created a server group, called it SCI_SAV (the company initials
are SCI), and waited awhile.
Next, I installed the Symantec
System Center (SSC). After that, I pushed the client install to the all the
clients on the network. Had any machine been down, the server would have waited
and sent the push after login to the domain. However, I don’t allow the users to
turn their machines off (hard to administrate remotely when machines are off), and
the network is homogenous – all Win2K except for the NT server – so this went
without incident. After this, all that’s left is configuring the SSC. To do
this, you simply right-click on the server group you want to manage (in my case
just the one group – SCI_SAV), and unlock it using the password you set during
installation. The secret of the SSC is the “All Tasks” menu. That’s where
almost everything you’ll ever need is located once the clients are ready. From
the SSC, it’s easy to look at both the server and client logs for event, scan,
virus sweep (virus sweep is a great option where you can force a scan of all
machines on the network at will), or the new addition to the mix... threat
history. SAV is getting into the spyware game as I have been predicting for two
years. *pats self on back* SAV will now warn you about certain pesky loggers
and remote admin programs. I have to exclude the one I use (Famatech’s RADMIN) because
it is now targeted by the software as a possible threat.
The next part of getting up and
running is designating a primary server. Until the server group is selected and
one (or the only one) is selected as the primary server, the clients won’t
report look to anyone for definition updates. By default, the primary server is
set to check for updates at a random interval during the week, and the clients
check in periodically. I set the server to check every hour and force the
clients to check the server once an hour as well.
The SSC has the option to block the
users from making any changes to the software configuration, keeps them from
turning the auto-protect option off if so desired, and even keeps them from
trying to turn it off my not putting the shield icon in the system tray. Many
new details are available, such as a new outgoing email scanner and a “threat
tracer” which attempts to resolve the source IP of a threatening computer.
Decisions about quarantine (submit to Symantec or not) and better roaming
client options are available in this version as well.
Program Description –
This program’s audience is most certainly network and system administrators. Although
the client is available to students at UNC and other consumer versions are widely
available, Symantec Antivirus Corporate Edition is intended for a business
network, and its feature set is not intended for the casual user. The initial
expense was more than $1000 for version 7.6 in June 2002 – with licensing for
one server and eleven clients. Annual maintenance is about $400, and buys the
infamous “upgrade insurance” vendors love to sell these days, assuring network
admins a never ending stream of major releases and minor version upgrades that
come all too often and may sometimes break more than they fix. .
Analysis –
Is it easy
to use?
The interface could be more intuitive.
Negotiating menus that should be higher up in the tree are a bit of a nuisance,
but as explained above, the “All Tasks” menu item is the key. Learning to
right-click on everything may provide some initial frustration for the
uninitiated. Reading and learning all of the configuration options that are not
readily apparent, as always, is important for successful use and for realizing
the full power from such a product.
Does it update
definitions and stop viruses across the network?
Yes, and it performs these
functions admirably most of the time. Does it forward information from the
clients to the server correctly for easy administration? Nope. AMS^2 is still
broken in version 9. AMS is Symantec’s Alert Management System. It’s a crucial
function for offsite administration, and after the Intel Alert Originator
(IAO.exe) service started crashing on me in version 8.1 and could not be
resolved to my satisfaction, I was optimistic that this version would have a
fix. 9.0 does fix the original problem – IAO.exe no longer crashes – but the
new version has a new known issue... the clients do not forward their alerts to
the server so that they can be forwarded via whatever communication method is
selected. So, I’m stuck with update information about the server, but not the
clients. When the clients get a virus in email, as they have several times
since install, I am not notified. I need this feature to be operational. I sent
a few viruses to a client or two, and they either were scrubbed by our service
provider at the upstream mail server, or were successfully scrubbed by SAV when
they got to the email client. A notification window popped up on the client as
in previous versions, alerting the would-be user as to the fix. Overall, the
product is effective at the job for which I purchased it.
Recommendations –
I recommend SAV because it does the job I expect it to do. It protects the
company from known viruses and helps protect my users from themselves. I know
its quirks, and this new version has some new quirks – although some of the old
ones remain or have changed only slightly. I am a bit disappointed to find that
the new issue of client notification failure is not resolved. I found the
Symantec web document (a poorly implemented part of Symantec) about the
issue after a couple of days of not being able to resolve the issue myself
online. Even though I waited all this time (well, a few months) after the initial
release to upgrade to the new version, Symantec still has the issue listed as
known but unresolved.
One other problem, not necessarily
with the software, is that antivirus definitions are only rolled out once a
week on Wednesdays. I have set LiveUpdate to check for new defs every hour. The
clients are set to tap the server once per hour to see if they need updating.
This SAV version is no different in this measure from previous ones. Just
before upgrade, the once per week flaw finally caused a problem. First, I need
to point out that during “outbreaks,” Symantec rolls out new definitions as
soon as they are available. However, in this case, a variation on a known worm,
imbedded in an html file, was opened by a user. No definitions were available
via LiveUpdate or the manual installer until the next day. The virus signature
should have been recognized by the heuristics, but it wasn’t. Overall, knowing
that no product is flawless, I do think that SAV9.0 is a solid product that
performs its main function admirably.