Barracuda Spyware Firewalls

Mize

Mize

3dfx Fan
Legend
So I have this part time job in IT (when I'm not trying to run my company) and more of that part time is spent on spyware than ever. I have a barracuda spam firewall that keeps out about 4k spams per day but my firewall (Sofaware Safe@Office) logs countless packets to unknown ips even when nobody's in the office (Sophos on every computer for AV and Vstream on the firewall).

What are people using for enterprise anti-spyware that works? I'm leaning toward either Spysweeper on every computer or the barracuda spyware firewall (expensive). I know the barracuda gets good marks (includes an ActiveX client cleaner) but they're throughput seems horrible - for about $3k you're only going to get 10 Mb/sec with 10 Gigs of web cache. They claim that's enough for a couple hundred users.

Anyone used one?
 
Mize said:
So I have this part time job in IT (when I'm not trying to run my company) and more of that part time is spent on spyware than ever. I have a barracuda spam firewall that keeps out about 4k spams per day but my firewall (Sofaware Safe@Office) logs countless packets to unknown ips even when nobody's in the office (Sophos on every computer for AV and Vstream on the firewall).

What are people using for enterprise anti-spyware that works? I'm leaning toward either Spysweeper on every computer or the barracuda spyware firewall (expensive). I know the barracuda gets good marks (includes an ActiveX client cleaner) but they're throughput seems horrible - for about $3k you're only going to get 10 Mb/sec with 10 Gigs of web cache. They claim that's enough for a couple hundred users.

Anyone used one?
Click to expand...
anti-spyware on mail or on web ?
for mail we use Amavis running on Linux server(internal relay point for AV&spam killing) - and for 2 years it failed twice - an year ago when the service was stopped for an hour, and a week ago 4 or 5 mails passed before definitions were updated :D, luckily those were filtered by CA running on Exchange server...

As for desktop anti-spyware, my personal choice is Spybot. It's real-time part has GUI problems with non-standart XP themes (like OK button over the main text, dunno if that was fixed) and popping windows can be troublesome for
people who use PC for accounting... but I don't know any such software that can work without popping questions... and its "immunization" of IE is good.
Also much better in cleaning systems than Spysweeper or MS antispy/defender/live-whatever - these I had tested.
One big problem with Spybot - its freeware, but if one has no religious problems with this... :)


About these "countless packets to unknown ips even when nobody's in the office " - where did they come from ?! I mean, if noone is in the office and PCs are shut down... ?
 
Most machines are left running so they can run their nightly Sophos AV scans. Some of the packets are no doubt vendor update checks (HP, logitech, etc).
The barracuda units scan literally everything (web/mail/IM) for spyware.
Spybot sounds worth evaluating.
 
Mize said:
Most machines are left running so they can run their nightly Sophos AV scans. Some of the packets are no doubt vendor update checks (HP, logitech, etc).
The barracuda units scan literally everything (web/mail/IM) for spyware.
Spybot sounds worth evaluating.
Click to expand...
isn't this a bit expensive?! running all night long just for AV scans?! After all I guess Sophos has realtime scanner? If the bug went in unnoticed, chances are dedicated scan will miss it too, unless it runs on higher security lvl... which will give many false alarms... well, finding good balance is next to impossible these days :(
 
chavvdarrr said:
isn't this a bit expensive?! running all night long just for AV scans?! After all I guess Sophos has realtime scanner? If the bug went in unnoticed, chances are dedicated scan will miss it too, unless it runs on higher security lvl... which will give many false alarms... well, finding good balance is next to impossible these days :(
Click to expand...

The older machines run realtime at normal (rather than extensive) levels so they do miss things. Running on extensive in real time makes the machine crawl. We do spin down drives and turn off monitors and the like. Maybe I'm overly paranoid, but a few virii have made it through my 4 levels of AV (gateway, email relay, email server and desktop) and caused some serious problems.
 
If you allow people to use IE for browsing and want to prevent all spyware from doing harm, I would suggest you look at Altiris Software Virtualization Services. With that, you can make an IE package that runs in it's own virtual machine. No matter what is installed through that session, it will be gone when you close IE.

You can specify what info is retained between sessions, like the favorites, and reset everything else. Or just have the users do, download and install whatever they want, as it will only be active when IE is active. You retain full control in either case.

And you can remove everything in one go, by rolling it back to how it was when you installed the package.
 
Last edited by a moderator:
You must log in or register to reply here.
Back
Top