Symantec's New Security Products Confound

I tested two software products in our lab and examined the specifications of three different security appliances.

After trying out Norton AntiVirus (NAV) 2003 and Symantec Client Security (SCS), I didn't have any hard-and-fast conclusions about which is the better product for VARs to sell. The problem is that NAV2003 has the most sophisticated antivirus protection of the two and, in general, has great improvements on the venerable NAV product line. One example is automatic protection for content received through instant-messaging software from AOL, MSN and Yahoo. This is a problem that can take enterprises by surprise, particularly as IM usage continues to spread like wildfire across corporate America. (A nice touch is that the protection is automatically enabled even after NAV software is installed; if you later install IM clients to your desktop, you are still protected.) But NAV is a strictly desktop-focused solution, and VARs who want to deploy it will have to load it up on each machine across the enterprise. That is a tedious task.

Plus, NAV is also just an antivirus solution: It doesn't protect users from other kinds of malicious content, network intrusions or code that comes from viewing Web pages that will take over your system. That's where SCS comes into play. The software provides a one-stop integration of tools to prevent such threats, and the various modules of code talk to each other to protect your computer,as the bad guys get more sophisticated. In theory, it is a great idea. In reality, however, it is poorly implemented. Two different sides comprise the SCS picture: one that deals with antivirus features and one that deals with everything else. Those two parts have separate user interfaces, and they do look and operate differently. Plus, the antivirus features are drawn not from the advanced features that can be found in NAV2003, but in earlier versions of the enterprise model of NAV. As an example, the IM protection is missing from SCS.

SCS can be installed to run from a central command computer or run individually from each desktop, like the NAV product line. The actual client software installed on each desktop can be as little as 6 MB in its "thin client" configuration. That is the good news. The bad news is that getting everything set up properly will take some careful study as the number of options is hideously complex. Until SCS can catch up with the feature set in NAV 2003, I don't see much of a point in using this software.

id
unit-1659132512259
type
Sponsored post

My advice to VARs? Try out each program and understand what it does and doesn't do. If you are recommending any part of the NAV product line, it makes sense to look at NAV2003 and see if you agree that the improvements are worth upgrading. You should also determine whether your clients already have some other form of protection from firewalls, intrusion-detection systems or other gear outside of the individual desktop. It probably makes sense to keep this protection in place at the "top" of a network hierarchy, or where your corporate network is connected to the outside world. At least, it makes sense until Symantec's software suites improve to where they can be deployed across the enterprise desktops.

NAV 2003 costs $49.95 per desktop, retail.

SCS costs $102.60 per node for under 25 nodes, dropping to $46.10 per node for more than 2,000 nodes. Both are available from www.symantec.com.

What about the appliances? Symantec sells three different hardware platforms: the Gateway Security (GS) series, the VelociRaptor series and the Firewall/VPN (FVPN) products. Each offers a different combination of features, although all three offer site-to-site VPN connections and network address translation features.

The GS series and the VelociRaptor are both full-packet inspection firewalls, while the FVPN series offers stateful-inspection features. The GS model is focused on true network-intrusion detection, while the FVPN offers limited features in this area. The VelociRaptor offers no intrusion-detection features. When it comes to Internet content filtering, the GS models are the best of the three lines, offering filtering based on the actual URLs of the Web sites. The VelociRaptor has content filtering as an add-on option, while the FVPN offers no functionality in this area.

Of the three lines, only the GS line offers any antivirus screening; the others don't do it at all.

The GS is recommended for the largest networks, up to 1,000 nodes. The VelociRaptor is recommended for 100- to 200-node networks, and the FVPN series is geared toward up to 50-node networks. That is evidenced by the sustained throughput specifications of the three lines: the GS can handle 40 Mbps to 90 Mbps, while the VelociRaptor can handle 20 Mbps to 90 Mbps, and the FVPN is geared toward 8-Mbps throughputs.