SECURITY SOFTWARE – SMALL BUSINESSES

I work with small businesses – typically with 1-25 workstations, 1-2 servers, and no onsite IT staff. The business owners know it’s important to stay safe and up-to-date, but there’s little desire to have me hanging around doing routine audits.

Theoretically a business with a server can manage all the workstations centrally but the reality is a little more complicated. Centrally-managed antivirus/malware products are aimed at companies with hundreds or thousands of computers and full-time IT support employees. They’re complicated and demanding and quirky.

avgmanual1 Last week I installed AVG’s “Anti-Malware SBS Edition,” with “reduced administrator workload and security costs” for small businesses running Small Business Server 2003. The first installation manual has 212 pages of mindbending details about how to roll out the program to clients and maintain the database showing their status. There were more manuals after that. Worse, I found questions I couldn’t answer within the first couple of hours, when everything was supposed to be going well. I don’t have the luxury of endless time to experiment! I can’t spend dozens of unbillable hours testing programs to locate something that I might roll out once, especially when it’s all too likely that each one will be quirky or buggy or difficult in unforeseen ways.

Perhaps I was soured by experiences a few years ago with Symantec Antivirus, the enterprise version of its antivirus program. It started as a complicated but usable program, but later versions turned into a nightmare of licensing bugs and increasing instability. The wasted time on the phone with tech support was intolerable for me, much less for the clients footing the bills.

I’ve tested other enterprise antivirus products. Avast has a nice suite for SBS that installs with a minimum of fuss to protect the server and integrate with Exchange Server, but it also requires rocket science before the workstations can be centrally managed. (And the workstation software featured not one but two stupid icons by the clock, and one of them was constantly spinning around for no reason. Think that doesn’t matter? Answer my phone for a while. It matters.)

I feel stupid and slow. I can’t find any centrally-managed anti-malware protection for my clients that makes me feel confident that I understand it and can support it.

It’s also important to get security updates installed on workstations in small businesses. Microsoft has developed Windows Server Update Services to meet that need; it’s included with recent releases of Small Business Server. I’ve deployed it several times – and so far I’ve regretted it. It’s yet another big, complex service that requires enough attention to outweigh any value I’ve gotten from it. It adds complexity to service pack installations, it has its own demands for updates and new versions, and all things considered it’s a heckuva lot easier for me to walk around to 7 or 8 computers and see if they need updates.

That’s why most of my clients are set up with Windows Live OneCare on their workstations. Most people can maintain it themselves; I keep track of who is likely to overlook a yellow icon and check in on them every once in a while. I’ve had to fix a few failed OneCare upgrades lately, but on balance it works better than the more complicated solutions.

Today Microsoft announced “Windows Live OneCare for Server.” There has been no prior notice of any such product and the information so far is sketchy. It may only run on Windows Server 2008; it may not include any workstation management. But it’s possible that it will bring centralized management onto my small business servers without unnecessary complexity. I’m hoping for the best!