Cloud computing is everywhere these days, but one of its more mundane uses is in providing anti-virus (AV) and anti-spam endpoint protection. Here’s what these services offer, and the features you should look for.
The idea is that you don’t have to worry about your users forgetting to install the latest virus signatures or turning the protection off, or, as in the case of the recent McAfee fiasco, incorrectly tagging a legitimate file as malware. The cloud gives you the opportunity to instantly see what is happening across your network and find out which PCs are protected.
Cloud-based AV simplifies deploying new PCs, too, because there is less software to install on each one. AV scans happen more regularly, since they are initiated by the cloud service and (again) they don’t depend on individual user behavior. Cloud AV solutions cost about the same or in some cases less than the traditional desktop AV software.
The cloud AV services all operate the same way: A small agent or client piece of software runs on each desktop, and makes a connection to the central monitoring server in the cloud. As long as the desktop user has an Internet connection, updates to the virus signatures happen automatically and frequently. The client uses as little memory footprint as possible, since most of the heavy lifting (in terms of protection and processing) happens in the cloud.
There are two types of cloud AV services: those for single PCs that are sold by Microsoft, and services geared towards enterprises that are sold by the major security vendors. The latter typically have a Web-based or some other type of management console to monitor your users’ PCs and see if anything is amiss.
Some of these advantages are not new nor exclusive to cloud-based AV services. For several years, Symantec and others have had client/server AV products which offer many of the same things as a hosted AV service, just with a central server that you have to run on your local area network. The difference with a cloud-based service is that you don’t have to maintain a central server. It also is more useful for those occasionally-connected laptops; most central-server AV products require that the server and the laptop be on the same local area network, or connected via a VPN, to perform the updates. If you have a lot of frequent travelers, this could be an issue.
Here are some of the things you should look for:
- How lightweight is the client, really? Check the running programs in Windows (CTRL-ALT-DEL and choose Task Manager) to see how many executables are installed and how much RAM and system resources each one consumes.
- How much information does the central management console report and is it meaningful to your situation? Trend charges extra for any console users ($8/year per user); the other vendors include their management console as part of the price tag. Not all consoles are created equally; conducting a free trial is worth the trouble to learn how each service is managed. Things to check include what kinds of reports are available, how the central service alerts you to exploits or potential trouble PCs, and how flexible the settings are for these tasks to your particular needs.
- What protective features does the cloud AV software share with the client or client/server solutions from the same vendor? For example, the Trend TRV Protect shares the same software code base with its desktop OfficeScan product line, and the new Microsoft Intune shares its protective code with their Forefront security services. This can be either a blessing or a curse, depending on what you think of the thick client versions.
- Does it work on all Windows versions that you support in your shop, or do you need patches or additional software? Some of the services require Windows XP SP3, for example, or other supporting software from Microsoft, to work. Most products work with both 32-bit and 64-bit Windows versions and some also work with Windows Server, but again this is worth checking. Some solutions want a more recent browser than IE6 to run the central management console, too. Sadly, none of these services work with non-Windows desktops, showing just how far the cloud really covers.
- What happens if your users don’t regularly connect to the Internet? All of these products assume a more or less continuous Internet connection to do their business on the desktop for updates and sending back alerts. Without this, they are pretty useless; a PC could become infected and not let anyone know for some period of time while it is offline. If some end users are infrequently online, you might want to consider a traditional desktop AV solution.
- What else comes with the service besides AV? Some products offer separate add-ons to include e-mail scanning, OS patching, Web site phishing protection, and desktop firewalls. The Microsoft products, for example, are tied into the Windows Update process, as you would expect. Panda has a confusing array of cloud-based service offerings that could be better explained on its Web site.
- Do they really offer zero-day protection? One of the potential benefits of the cloud AV services is that they can get an update out very quickly, in some cases just in time for any new threats that have been observed. It is worth looking at how often they update their protection signatures, too.
- Finally, what does it all cost? Each product has quantity site discounts, but in some cases you can save money over purchasing the desktop versions.
Hosted Anti-Virus Solutions
|Vendor/link||Single or Enterprise?||Product Name||Annual per-user subscription||Features|
|McAfee||Enterprise||Total Protection Service for Small Business||$35||AV, AS, Firewall|
|Symantec Message Labs||Enterprise||Message Labs Email Security||Varies||E-mail protection|
|Trend Micro||Enterprise||TRV Protect||$50 (1)||AV, AS, Web|
|Panda||Enterprise||Cloud Office Protection||$62||AV, AS, Web|
|Microsoft||Single||Intune||In Beta||AV, AS. OS patching|
|Microsoft||Single||Security Essentials||Free||AV, AS|
AV= anti-virus, AS=anti-spam
(1) Additional $8/yr for a central administrator console
Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!