antivirus gateway such as sonicwall any use?

Question

We have users who frequently get virus/spyware such as fake antivirus spyware on their win7 machines. They have admin access to their machines, and that's not going to change.

Desktop installed antivirus software such as microsoft security essentials seems incapable of stopping these virus.

Would a gateway antivirus firewall like sonicwall with the appropriate antivirus subscription service help at all in these situations?

http://serverfault.com/questions/40764/how-to-convince-a-big-boss-that-he-does-not-need-administrator-privileges — Michael Hampton, Aug 04 '12 at 18:00

score 1 · Answer 1 · answered Aug 02 '12 at 22:32

1

Couple of notes:

If you're client anti-virus program cannot stop the programs from running you don't have to worry about a gateway. Remember the client program is the last line of defense.
The anti-virus devices or Unified Threat Management (UTM) devices are typically only meant to look at incoming and outgoing traffic, be it mail or internet traffic. They typically do stateful packet inspection which does help to block some, but certainly not all.
Just as a EULA note: MSFT Security Essentials is not licensed for commercial use, its for home use only. If you're using it in an office you are violating the license. You can however use the Enterprise Product called ForeFront. But you would have better luck, in my opinion, using a product from Sophos or one of the other highly rated AV companies.

Again, if your client AV endpoint is not catching viruses there may be other issues with the machine. I've run security essentials at home and have never had an issue, it catches everything. Make sure its actually running properly and fully patched and actively scanning.

answered Aug 02 '12 at 22:32

Brent Pabst

6,059
2
23
36

2

Actually Security Essentials is free to use for small businesses with 10 or under clients. They started this back in Oct 2010. (http://blogs.msdn.com/b/mssmallbiz/archive/2010/09/22/announcing-microsoft-security-essentials-available-free-to-small-businesses-in-october.aspx) – MikeAWood Aug 02 '12 at 22:43
@MikeAWood Good to know. Of course it makes more sense as a SMB to get access to an Action Pack license which would also give you 10 licenses to ForeFront as well. – Brent Pabst Aug 02 '12 at 22:47
Agreed, though i thought they didn't do Action Pack anymore, I will have to go look into that again. Security Essentials and Forefront are in essence the same product. For a few of my smaller clients, Security Essentials fills the bill with SBS and WSUS. – MikeAWood Aug 02 '12 at 23:27
@MikeAWood Agreed, MAPS just offers more value. Either way, yes its still around, you just have to fall into one of the eligibility categories: https://partner.microsoft.com/global/40165397 – Brent Pabst Aug 03 '12 at 12:38

score 1 · Answer 2 · answered Aug 03 '12 at 13:52

I think SonicWalls are awesome devices. We have quite a few NSA3500's around our offices and datacenters and I love them.

But, the AV portion sucks. It's almost worthless.

In the statistics for our main office 3500, it shows that over the last 21 days it has blocked 4 Viruses (Virii?). They were labeled...

FakeAV.A_6              75%     
Suspicious#themida.4    25%

Now, I KNOW my users haven't gotten smart over the last 21 days and stopped clicking on shiz that they shouldn't. The sonicwall just isn't catching hardly anything at all.

So if you're looking to get one simply for the AV, take the word of a SonicWall enthusiast: No, do not get one.

score 1 · Accepted Answer · answered Aug 04 '12 at 17:55

I'll be the first to say I'm not happy with our Sonicwalls. But I've been pleasantly surprised with the GAV portion. Does it work as your only AV solution? Absolutely not. But it's done a pretty good job at recognizing the Blackhole exploit kit websites that are at the end of someone clicking links in a phishing E-Mail. I can usually tell when some new batch of spam made it through the mail filters, because a handful of people start clicking, and triggering the GAV block. I'd definitely recommend GAV via UTM (Even if it's Sonicwall) as part of a layered defense. The other layer? Getting a better client Antivirus on your machines.

score 0 · Answer 4 · answered Aug 04 '12 at 12:09

There is no use in gateway solutions if you don't have good endpoint defenses. Microsoft Essentials is not a full-fledged endpoint security solution. It can't handle some of viruses because lacks sophisticated security components, needed to catch them. If you don't want your users to run into such problems again, consider bying an industry standard endpoint software by either McAffee, Kaspersky or ESET.

HopelessN00b · Answer 5 · 2012-08-03T14:12:57.450

-1

First of all, based on my experiences with them, Sonicwall SUCKS. I mean, I generally hate all AV products, with a couple exceptions that are "alright," but don't get a Sonicwall. They're just... awful. I've had nothing but problems with every Sonciwall device I've administered. YMMV.

But yes, a webfilter can help to some degree. How much... well, that depends, and brings me to your comment below.

They have admin access to their machines, and that's not going to change.

Then you may be screwed, no matter what you do. Even experienced sysadmins and IT folk don't regularly run as admins. (Ones who know what the hell they're doing don't, anyway.) At the very least, get them to log on with limited credentials and use RunAs/Run as Administrator when they need to do something with admin credentials.

There's simply no defending against the countless unpatched and zero-day vulnerabilities floating out on the web if you run everything as an admin. They'll get you every time because Java/Flash/your browser/whatever is running with administrative access and will install any nasty bit of code it's asked to. That's why MSSE is letting you down. Not because it's a bad product, but because nothing protects against 100% of the crap out there, and your users are running in such a way as to allow 100% of the undiscovered crap out there to infect them.

edited Aug 03 '12 at 14:12

answered Aug 03 '12 at 01:11

HopelessN00b

53,385
32
133
208

1

I'm going to give you a -1 for your general hand-waving-without-evidence first sentence. I haven't tried Sonicwalls Deep Packet Inspection product, but we have some of their devices in Active/Active HA failover in our DC and they've been rock solid. – Mark Henderson Aug 03 '12 at 01:37
@MarkHenderson I agree with your -1 statement but having compared the features and user interface of SonicWall versus other products like Fortinet it does not have the same ease of use as some of the other UTMs. It will be interesting to see how that changes now that Dell owns Sonicwall though. – Brent Pabst Aug 03 '12 at 12:40
I'm with Mark here. We've got a handfull of NSA3500's for all our offices and our datacenters and they work great. If you're talking about the AntiVirus specifically, well, then yes, it does suck. But would anyone really use it as their only AV option? That would be dumb. – Safado Aug 03 '12 at 13:46
@MarkHenderson *shrug* I qualified the "hand-waving" thing a bit, but don't feel it's a good idea to get into a long thing on my personal experiences with SonciWall, or a product recommendation thing. Still, I do stand by what I said regarding SonicWall, as I've had to administer several of them over the years, and have nothing but negative experiences. (And, FWIW, you two are the first admins I've come across who've had anything more positive to say about SonicWall than ~"it's better than nothing.") – HopelessN00b Aug 03 '12 at 14:18
@HopelessN00b - in its current form I'll remove my -1. And a Sonicwall is *wayyy* better than the netgear it replaced ;) (but I still think it's a good product nevertheless) – Mark Henderson Aug 03 '12 at 21:09
This is mostly a me too post. I'm on my third gen Sonicwall and have only good things to say about them. (Pro -> Pro 3060 -> E5500). They have their idiosyncrasies like just about every purpose built appliance. But after working on Cisco ASA and Juniper firewalls, it reaffirms my belief that we bought the right equipment. Though I have to concour that the built in A/V is very poor. And their phone support is often "spotty". Sometimes you get a great rep...sometimes, not so much. But overall, I wouldn't have spent $10k on a new soho firewall unless we felt it was the right choice. – MikeAWood Aug 07 '12 at 01:52

antivirus gateway such as sonicwall any use?

5 Answers5