A friend recently accepted a job as the general manager of an automotive parts supply warehouse. The computing infrastructure was already in place and functional, but the organization was chronically infested with computer viruses. The company was a small startup with a minimal IT budget and a single support person. The support person was located in Louisville, KY, while my friend ran the management side of the business from Dallas, TX. The way the organization was designed, along with the shoestring budget, meant that users in Dallas, Charlotte, NC, and Norfolk, VA, had technical support only via a telephone call to the Louisville office.

All of the company’s servers were based in Louisville. The users in Dallas and elsewhere were attached to the servers via a dedicated broadband connection. To manage viruses on the workstations at the satellite offices, the company purchased a copy of Norton AntiVirus 2003 for each PC. As I’ll explain, it turned out that Norton AntiVirus was not the best solution for the company.

Performance problems and virus handling
One of the first problems the company noticed was a performance issue. The majority of the users were using their PCs only for e-mail and running a proprietary sales database, so the company chose to save some money by buying low-end PCs with minimal memory and processing power. Any time that Norton AntiVirus ran a system scan, the system’s processors were pegged at 100 percent. This meant that when a virus scan was running, it was virtually impossible for the employees to work on anything else.

Another problem was the way that infected files were being handled. According to the company’s IT director, some essential financial documents became infected with a virus. Rather than cleaning the infected files, Norton would typically report that the virus could not be cleaned and would instead either delete or quarantine the infected file. Furthermore, an outbreak of the Fun Love virus rendered a few of the organization’s PCs unbootable. To a larger organization, having a few PCs out of commission might not be a big deal, but to an organization with fewer than 10 PCs in each office, having three PCs down in a single office meant a major interruption of business. Because the only support person was halfway across the country, it was over a week before the damage could be repaired. By that time, the company had lost a lot of money in productivity and in the inability to service its customers.

ViRobot to the rescue
Although I don’t usually do computer consulting, my friend called me and asked if I could do anything to get the organization back on its feet quickly. After discussing the company’s problems at length, I pointed my friend to ViRobot, an antivirus solution from Hauri. Although ViRobot is virtually unknown in the United States, it has been one of the major antivirus products in Asia for a couple of years.

One of the factors that made ViRobot such an ideal candidate for the company is that the workstation component (ViRobot Expert) is designed to have minimal processor overhead. In fact, a full system scan on a low-end PC pushes the system’s processor to only about 4 percent utilization. Another thing that made ViRobot such an attractive choice was that unlike many of the other antivirus programs, ViRobot can completely repair the damage caused by more than 15,000 viruses. ViRobot can repair viruses that Norton, McAfee, and Trend Micro would quarantine or delete.

While system performance and the ability to detect and disinfect viruses were certainly issues for the organization, the biggest problem was that a single administrator was in charge of overseeing satellite offices scattered all over the southeastern United States. Fortunately, there are versions of ViRobot that are perfectly suited to this situation.

VMS setup
The workstation product is called ViRobot Expert. Hauri also offers a server version, ViRobot Advanced Server, an Exchange Server product, ViRobot for Exchange 2000, and an Enterprise-class product, ViRobot Management Server. For my friend’s organization, I chose to implement ViRobot Management Server (VMS).

VMS consists of an enterprise-class management console, ViRobot Advanced Server, and ViRobot Expert. To roll out the VMS installation, I installed VMS on a server in the Louisville office. I then set the system up to run a small installer program on each machine. The installer program simply asks for the IP address of the VMS server and then installs the appropriate copy of ViRobot on the machine. If the machine is a workstation, ViRobot Expert is installed. If the system is a server, ViRobot Advanced Server is installed.

Once ViRobot is installed on each machine, the VMS server manages virus definition updates and ViRobot program updates for each machine. The updates are designed to be centrally downloaded to preserve Internet bandwidth. The server installs the updates on each machine in a way that is designed to be noninvasive and does not require a system reboot.

VMS in action
The VMS management console can be used to centrally manage all of the machines. You can see what was infected with which viruses and when. You can also verify that any infected files have been repaired. You can see an example of a VMS infection report in Figure A.

Figure A
VMS can track virus infection paths.

ViRobot is designed to automate the process of disinfecting viruses, but at times users may require additional assistance. VMS has a built-in remote control mechanism, similar to pcAnywhere, which allows an administrator to remotely control any PC or server in the organization. VMS also includes a remote explorer, which allows the administrator to work with a remote file system as though it were local. This means that you can effortlessly update files on remote PCs in the same way that you would on a local PC.

VMS also includes a few other nonvirus-related tools that my friend’s company is finding useful. The VMS console can perform full hardware and software inventories on any PC in the organization. You can even perform collective software inventories against an entire domain or against the entire enterprise.

There was one other component that I decided to roll out in my friend’s company: ViRobot for Exchange 2000. Although ViRobot Expert integrates into Outlook and can catch any inbound viruses, the company has a single Exchange Server in the Louisville office that distributes mail to users in the various offices. ViRobot for Exchange 2000 stops viruses at the Exchange Server, before they ever make it to the users’ mailboxes. By stopping viruses at the Exchange Server, the company was able to save a considerable amount of bandwidth. They’re no longer passing junk e-mail viruses to the workstations over slow WAN links. Instead, e-mail viruses are removed at the server. The recipient is sent a message that an infected file was received. Most of the time, the e-mail sent with a virus isn’t useful, but if the file were something that the user needed, that person could download a cleaned copy of the file from a quarantined location on the Exchange Server.

Solution wrap-up
My total solution for the organization consisted of ViRobot Expert on the desktop, ViRobot Advanced Server on the servers, a VMS server, and ViRobot for Exchange 2000 on the Exchange box. The total cost for the company, which had about 70 PCs, was roughly $8,000. A copy of VMS costs around $3,500 and includes 10 client access licenses. Additional client access licenses vary in price depending on how many you buy; they start at around $30. ViRobot for Exchange 2000 costs about $2,000 and includes 10 client access licenses. Additional client access licenses are about $20.