Fermilab presently does not have a site-wide desktop anti-virus implementation. Instead, different divisions and sections have implemented their own solutions (mostly with Symantec or Network Associates software). This has been adequate in stopping most virus outbreaks on supported systems but has done nothing for visitor systems or users working from home. To help Fermilab decide if we should implement a site-wide solution based on one product I sent an anti-virus survey to the hepix- hepnt@fnal.gov email list in July of 2002.
Eleven labs responded to the survey. Four products are used for desktop anti-virus protection: Computer Associates Inoculate IT, Network Associates McAfee VirusScan, Sophos Anti-Virus,and Symantec Norton AntiVirus Enterprise. Both KEK and RAL reported that they are in early implementation stages. Below is a compilation of the responses:
1) Who is your site license with?
| Anti-Virus Company | Lab |
| Computer Associates InoculateIT | SLAC |
| F-Secure Anti-Virus | LAL |
| Sophos Anti-Virus | RAL, University of Mainz |
| Network Associates McAfee VirusScan | DESY, KEK*, MIT |
| Symantec Norton AntiVirus Enterprise | CERN, INFN, KEK*, LBL, NIKHEF |
* KEK uses Symantec for Windows systems and Network Associates for Macintosh.
2) Are you allowed to distribute software to off-site users (home systems)?
Yes:| Lab | Comment |
| INFN | Seems to only be limited by number of licenses purchased. |
| LAL | No restrictions that they know of. |
| LBL | Staff member must authenticate to server. |
| MIT | Limited to 1000 users and students. |
| NIKHEF | Student and staff systems only. |
| RAL | Staff systems only |
| SLAC | If the system is owned by SLAC. If personally owned then user can install personal edition version licensed by Stanford. |
| U of Mainz | (no comment) |
| Lab | Comment |
| CERN | Presently evaluating this option. |
| DESY | Did not implement this option. |
| Lab | Comment |
| KEK | (no comment) |
3) Are you allowed to install software on visitor systems?
Yes:| Lab | Comment |
| CERN | Distributed via NICE. Users warned to un-install when they leave. Software also removes itself when system joins another domain. |
| DESY | Exists but not implemented. |
| INFN | Seems to only be limited by number of licenses purchased. |
| KEK | Only if used onsite. |
| LAL | Yes as far as they know, though they haven't been asked to do this yet. |
| LBL | only for longterm collaborators. |
| MIT | only for longterm collaborators. |
| RAL | (no comment) |
| SLAC | "Overlicense" so they have software available for visitors. |
| U of Mainz | (no comment) |
| Lab | Comment |
| NIKHEF | Licenses for staff and students only. |
4) Has this implementation worked for you?
Yes:| Lab | Comment |
| CERN | Reasonably happy. Even with daily updates some things slip through. |
| DESY | Yes. Weekly automated updates provided. In case of a new virus before then a new signature file is downloaded. |
| INFN | Reasonably happy with it. |
| KEK | Small base of skilled users so far. Discussions to educate average user in progress. |
| LAL | Works pretty well. Signature updates handled through SMS. |
| LBL | (no comment) |
| MIT | (no comment) |
| NIKHEF | Yes, we are not restricted in the things we want to do |
| RAL | Very pleased with early results |
| SLAC | Excellent results. Approximately 98% of systems on site protected. |
| U of Mainz | (no comment) |
5) Are you restricted to the number of distribution servers your site may have?
Yes:| LAB | Comment |
| KEK | Only 1 distribution server. |
| RAL | Only 1 server may get downloads, but can have many distribution servers |
| Lab | Comment |
| CERN | (no comment) |
| INFN | (no comment) |
| LAL | (no comment) |
| LBL | No, in the sense that servers only have the client software available for downloading. Desktops contact Symantec directly for signature updates. |
| MIT | (no comment) |
| NIKHEF | Less than 200 systems so there is only one distribution server. |
| SLAC | (no comment) |
| U of Mainz | unlimited (but more than 3 makes no sense) |
In trying to get site license quotes I spoke with three vendors Fermilab presently deals with:
Fermilab has decided to not purchase a sitewide license. The computer security folks strongly recommend anti-virus software and no machine is allowed into the Windows 2000 domain without anti-virus software.