One of my favorite Lockergnome blogs, The Blade, has a very interesting post about AVG antivirus:

Grisoft, the makers of AVG, are now being accused of destroying web analytics with it’s LinkScanner technology. Grisoft had purchased the LinkScanner technology in December of 2007, and had incorporated the technology in its latest AVG Version 8 software. The purpose of LinkScanner is to alert the user to the validity of websites through search engines and warns us of bad sites. But using LinkScanner is now being suspected as causing rogue traffic to web sites as well. In this article it states:

I wanted to talk about my experience with antivirus from a corporate as well as personal point of view.

I became interested in antivirus kind of by default.  I was working for a software company and all of the sudden, they got hit with a real doozy of a virus.   The silence from my IT compadres was thunderous so I stepped up and did the research and got everything cleaned up.  I was therefore the Virus Guy from then on. [this was my first lesson in IT: he who volunteers gets the gig permanently]

From that day on, I kept close watch on virus scanners and computing safety in general.  At this point we were using Lotus for email, which was a very good environment in hindsight.  This was text-based email so all viruses came as attachments.  Fast forward to today with our Exchange email with smileys, pretty pictures, colored text, backgrounds, and all sorts of malware brought to us by scripting.  You don’t need an attachment to collect malware now.  This is a nightmare from a safety standpoint, especially with Outlook, but to suggest we go back to text-based email is to suggest that we abandon our cars and go back to walking.  (Except that more people will walk than use text-based email.)

McAfee and Symantec (Norton) were neck and neck then.  They’re still more or less at that point.  

Seven years back I started a new job.  My boss was very hands-off, which he would tell you was a managerial technique that allowed me to pursue my own goals.  If I had chosen a company-wide study of porn downloading, he would never have noticed.  Instead I chose network analysis, security, monitoring, and safety (gee, is that all?).

The first thing I noticed was that the company’s computers had escaped the performance penalty of antivirus by not using any.  I braved being dragged into a corporate meeting and letting the Chief Operating Officer know what would happen if we didn’t purchase enterprise antivirus that minute.  She looked at me and asked what I was waiting for.   We’ve had a great relationship ever since.

After some research we went with Symantec Enterprise.  It worked beautifully.  It did exactly what we asked it to do, without noticeable performance penalty or difficulty.  This was great for us, especially as this was the first version that updated itself automatically.  This was yet another important IT discovery for me: in order to make things work flawlessly, you need to take the people out of the equation.

Things worked as one would hope right up to about version nine.  Things started to get bloated and slow.  The software did more so it ate more resources.  We actually had to turn features off permanently to keep things fast and to prevent the features from preventing some of our software from working.

When it came time to upgrade to ten, I decided we were going to split things up a bit: use Kaspersky for the servers (and Exchange) and Symantec for the desktops. This was a pretty cool idea, if I have to say so myself.  Kaspersky was a dream.. it went on and worked like magic, with just one tech support call by a trusted coworker.  Symantec - not so much.

Symantec is weird.  There, I said it.   I don’t know if it’s because they want to be everything to everybody or they just don’t care after they have your money (my money is on the latter).  Oddly enough there are a lot of places to get info on Symantec products… little things like How To Install The Software.  In fact, you can find at least three different sets of How To Install.. on the Symantec site alone.  A few versions back you could more or less figure things out via the four books that came with the software.  The Enterprise Control Center is a beautiful thing: you can push updates, set up groups, set up policies, monitor pc’s, and make pancakes.  It has gotten progressively more difficult to install as the software has gotten more bloated.  This shouldn’t be a big deal if the software updated seamlessly but, well, you can guess the rest.  Each update was almost a fresh install.

Because I’m cautious (and because I don’t trust Symantec), I asked that Symantec be installed on ten MIS desktops first, to see whether it ate the performance or worked at all.  I had heard conflicting reports, including a really good review from a corporate division. 

There was trouble right off the bat.  The push-install refused to work on the greater portion of test installs.  Not impressive.

This was worked on simultaneously with the install of the new system center.  The installs got taken care of but the system center failed.  And failed again.  And required the printing of the manual, which resulted in the complete deforestation of several Amazonian rainforests.  And then another manual.  So much for this year’s Green theme.

When in doubt, read the manual.  Uh-huh.  When the manual fails, go online.  Yeah, right… ten different configs on ten different Symantec web pages.  Download the video.  Ok, but it turns out the video is not much more than a commercial for the product (and several others).

When all else fails (Dr Mbogo recommends taking two aspirin and burning down the hut), call Support [cue drums and suspenseful avoidance music, complete with shrieks].

It probably won’t come as much of a shock to anyone that support is reached locally by dialing Symantec India.  My sainted coworker discovered this due to the accent on the hold audio.  There was no other way to figure this out, as he spent almost an hour waiting for a human to pick up.  None did.

He begged and pleaded with me to use a different antivirus.  I was in agreement but not completely finished with Symantec (yet).  I sheepishly asked him to continue.  The next day he canceled his pressing issues and tried again.  This time he got through to a real live Indian.  Unfortunately the Indian fellow didn’t seem to know a lot more about the product than my coworker did.  He kept reading off the script and suggesting we go to the web page (WHAT web page he could not say).

The attempt to upgrade or fresh install the system center actually took out the existing version.  As in completely destroyed.  Fortunately we have tremendous backups.

The desktop effort had a limited amount of additional success.  Two  sets of ten installs were done.  None of the crew reported any difference in feel.  The people on the floor, however, were having problems.  Then no one could update.  My sainted install feller did a super-human job of keeping his temper in check.  In fact, by way of proof, the blow-darts did not come out for at least a month or so.  He can hit a target frighteningly well from across the room.

After a few more wasted hours trying to get system center going, he finally discovered that the new version required our server to have additional RAM and Flash (!) or it would not run.

I’m sorry - I don’t run Flash on my browsers, no less my enterprise antivirus controller.  And I’m not installing more RAM so it will run.  I will not let an antivirus dictate my hardware; it’s bad enough Microsoft tries all the time.

So we kept the old system center.   In short order we had to pull the client updates from the floor machines.  Another thing that got in the way was Windows firewall.

We called the vendor and told them we’d like our money back but we’d use it to purchase a different product.  They suggested Kaspersky but I wanted a different brand because Kaspersky was already on the servers.  They told us they’d try but not to hold our breath - Symantec wasn’t fond of refunds.   And right they were: Symantec refused to refund our money [*$#@ers].

As a result we’re stuck with Symantec til the end of this (alleged) support period.  I will not let another Symantec product onto the network if they’re the only vendor that makes the software.   I’ll manually change the network over to linux first.  Or DOS.

My sainted coworker got things back in order.  We’re happy with Kaspersky and the old version of SAV.   I have taken to using AVG on older machines and laptops because SAV is such a pig.  Unfortunately, as The Blade points out, they’re starting to get pretty bloated and all-encompassing too.  Time to investigate a lighter alternative.  Maybe Clam.

The sainted fellow insists that it is more efficient to clean up the mess than to install and use an antivirus.  Every now and then I’m forced to agree a little.  Just a little, though, as the people on the floor (and people in general) are pretty dangerous.  There have been a few instances where I have sent out a high priority message stating not to open a certain email or attachment.  Within minutes I had gotten calls to help clean up a pc after they (you guessed it…) opened that message or attachment.  Granted, we now have better tools to mitigate this before it hits the desktop, but still..

Whichever way we go, it will make next year’s AV implementation an interesting one.  Plus there’s the added task of finding that stuff you put on the tip of the blowdart… you know.. the stuff that paralyzes them for a while….