Most virus signature/definition files are somewhere between 1 MB and 2 MB. Not a bad download for one machine to handle, but with just 50 machines, that number jumps to between 50 MB and 100 MB. In addition, stand-alone antivirus programs often require each computer to have an Internet connection. This means opening a port in your firewall (if you have one) for all machines and downloading the same data repeatedly. With a centrally managed antivirus solution, you have the benefit of downloading the virus signatures/definitions and software updates to a single server, thus requiring only one machine to be connected to the Internet on that port. Once the update files are downloaded, the PCs can then pull them from the server and not the Internet. This is an attractive solution for organisations with limited Internet bandwidth or organisations that don't provide an Internet connection for every PC. Not only can centrally managed antivirus solutions reduce network traffic, but they can also significantly reduce the time techs spend on managing the antivirus system and troubleshooting end-user problems related to antivirus software. Asking end users to regularly update their antivirus software can be tiresome at best and downright dangerous at worst. I know of help desks that routinely e-mail end users, reminding them to update their antivirus software, only to be flooded with a wave of "How do I do that?" questions. Worst yet, many end users simply ignore the e-mails altogether. Some IT organisations use login scripts to automate antivirus updates, but this too is often fraught with difficulty as users can close the script's command window without letting the task complete. Because centrally managed antivirus software often runs quietly in the background, no end-user intervention is required, nor does the end user realise the process is occurring. Simply set your organisation's update schedule and let the software do the work. A single point of failure
Despite their advantages, centrally managed antivirus solutions are not without drawbacks. Because such systems store the virus signature/definition files in a single location -- usually a network server -- this server becomes a single point of failure for the entire system. If the server crashes, all workstations will be without a way to update their virus signatures -- unless each machine has an Internet connection. Timing your updates is also an important consideration with a centrally managed solution. Because new viruses are being continuously discovered, virus updates are sometimes released on an irregular basis. This can cause a problem if your organisation doesn't use a fairly frequent update schedule. Let's say your system updates all PCs on Monday, but a new virus was discovered on Wednesday. In this scenario, your PCs wouldn't have the updates required to combat this new threat. This illustrates that although centrally managed antivirus systems can reduce administration time, they don't eliminate administration altogether. When a new virus is discovered and an update is released, you should quickly determine whether the virus poses a threat to the organisation and, if it does, download the most recent updates and then push those updates to the PCs. Unfortunately, this isn't always possible. Pull rather than push
One of the inherent limitations of the many centrally managed antivirus solutions is that virus updates and changes are typically performed on a "pull" rather than a "push" basis. What this means for the IT department is that changes made to the centralised system require the workstation to check in on its own timetable for the updates rather than the server notifying all workstations that there are changes that need to be downloaded. In the case above, this would mean that some workstations would be vulnerable to a new virus for several days. The other option is to configure the workstations to "check in" with the update server on a more regular basis, anywhere from once to multiple times a day. But be aware that this solution can create enough traffic to degrade your network's performance, depending on its capacity. Benefits far outweigh drawbacks
Overall, a centrally managed antivirus system is, in my opinion, something that no enterprise can afford to be without. While the drawbacks can seem troublesome, they are greatly outweighed by an increase in security and a reduction in network traffic and administration time.
For a weekly round-up of the enterprise IT news, sign up for the
Enterpise newsletter. Find out what's where in the new Tech Update with our
Guided Tour. Tell us what you think in the
Enterprise Mailroom.
Enterpise newsletter. Find out what's where in the new Tech Update with our
Guided Tour. Tell us what you think in the
Enterprise Mailroom.
Related stories
Post your comment
In order to post a comment you need to be registered and logged in.
You can also log in with Facebook. Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ
