We have users who frequently get virus/spyware such as fake antivirus spyware on their win7 machines. They have admin access to their machines, and that's not going to change.
Desktop installed antivirus software such as microsoft security essentials seems incapable of stopping these virus.
Would a gateway antivirus firewall like sonicwall with the appropriate antivirus subscription service help at all in these situations?
Couple of notes:
If you're client anti-virus program cannot stop the programs from running you don't have to worry about a gateway. Remember the client program is the last line of defense.
The anti-virus devices or Unified Threat Management (UTM) devices are typically only meant to look at incoming and outgoing traffic, be it mail or internet traffic. They typically do stateful packet inspection which does help to block some, but certainly not all.
Just as a EULA note: MSFT Security Essentials is not licensed for commercial use, its for home use only. If you're using it in an office you are violating the license. You can however use the Enterprise Product called ForeFront. But you would have better luck, in my opinion, using a product from Sophos or one of the other highly rated AV companies.
Again, if your client AV endpoint is not catching viruses there may be other issues with the machine. I've run security essentials at home and have never had an issue, it catches everything. Make sure its actually running properly and fully patched and actively scanning.
I think SonicWalls are awesome devices. We have quite a few NSA3500's around our offices and datacenters and I love them.
But, the AV portion sucks. It's almost worthless.
In the statistics for our main office 3500, it shows that over the last 21 days it has blocked 4 Viruses (Virii?). They were labeled...
FakeAV.A_6 75%
Suspicious#themida.4 25%
Now, I KNOW my users haven't gotten smart over the last 21 days and stopped clicking on shiz that they shouldn't. The sonicwall just isn't catching hardly anything at all.
So if you're looking to get one simply for the AV, take the word of a SonicWall enthusiast: No, do not get one.
I'll be the first to say I'm not happy with our Sonicwalls. But I've been pleasantly surprised with the GAV portion. Does it work as your only AV solution? Absolutely not. But it's done a pretty good job at recognizing the Blackhole exploit kit websites that are at the end of someone clicking links in a phishing E-Mail. I can usually tell when some new batch of spam made it through the mail filters, because a handful of people start clicking, and triggering the GAV block. I'd definitely recommend GAV via UTM (Even if it's Sonicwall) as part of a layered defense. The other layer? Getting a better client Antivirus on your machines.
There is no use in gateway solutions if you don't have good endpoint defenses. Microsoft Essentials is not a full-fledged endpoint security solution. It can't handle some of viruses because lacks sophisticated security components, needed to catch them. If you don't want your users to run into such problems again, consider bying an industry standard endpoint software by either McAffee, Kaspersky or ESET.
First of all, based on my experiences with them, Sonicwall SUCKS. I mean, I generally hate all AV products, with a couple exceptions that are "alright," but don't get a Sonicwall. They're just... awful. I've had nothing but problems with every Sonciwall device I've administered. YMMV.
But yes, a webfilter can help to some degree. How much... well, that depends, and brings me to your comment below.
They have admin access to their machines, and that's not going to change.
Then you may be screwed, no matter what you do. Even experienced sysadmins and IT folk don't regularly run as admins. (Ones who know what the hell they're doing don't, anyway.) At the very least, get them to log on with limited credentials and use RunAs/Run as Administrator when they need to do something with admin credentials.
There's simply no defending against the countless unpatched and zero-day vulnerabilities floating out on the web if you run everything as an admin. They'll get you every time because Java/Flash/your browser/whatever is running with administrative access and will install any nasty bit of code it's asked to. That's why MSSE is letting you down. Not because it's a bad product, but because nothing protects against 100% of the crap out there, and your users are running in such a way as to allow 100% of the undiscovered crap out there to infect them.
