overload

This is the final, in a three part series, on anti-virus for small businesses. My particular focus is on small business without dedicated onsite IT support.  The first post provided a background on the type of threats and the protection options. The second post provided an overview of the leading solution providers. This final post provides my evaluation and recommendation.

Shortlist

For me, the most important criteria in any anti-virus solution is that it provides virus protection! In the second post of this series I presented the results of comprehensive independent testing. My shortlist for anti-virus evaluation is the top 3 performing products; Kaspersky, BitDefender and ESET.

Kaspersky, BitDefender and ESET, all support our recommended PC operating system, Windows 8.1, and both 32 bit and 64 bit versions. In addition, all 3 products support Windows Server 2012 R2 operating system, which will be important for an upcoming File and Document storage series.

Evaluation approach

Given that our shortlist are all top performing products at providing virus protection, the evaluation approach is focused ease of use. Ease of use if fundamental to a small business without dedicated onsite IT support. Price is of course important, however I propose that the price variations, at small volumes, are not significant in the context of protecting the computing assets of a small business.

I have defined “ease of use” into three areas:

  1. Ease of installation.
  2. Ease of central Administration.
  3. Effectiveness of vendor support.

The specific criteria for evaluation is identified, along with the results, later in this post.

Evaluation exclusions

Many anti-virus products, including Kaspersky, BitDefender and ESET, offer additional functionality, such as: Firewall; mobile device management; email anti-spam; and mobile anti-virus. This is why anti-virus suites are often called “end point protection”. These additional functions are addressed through our other solution recommendations, and should not be considered as part of anti-virus selection. My rationale is as follows:

  • Firewall – If you follow our recommendation and use Windows 8 operating system, it will come installed with a functional firewall. There are advantages of an integrated anti-virus and firewall solution, as intelligence shared between both products, can result in more effective protection. In my view, to be covered in a separate post, this is not essential.
  • Email scanning – If you follow our recommendation and use Office 365 for email, then the Microsoft includes effective anti-spam and anti-malware features via its Exchange Online Protection service.
  • Mobile Device Management (MDM) – Key MDM features, when considering email access on smartphones, is also sufficient when using Office 365. You can remotely remove email access, enforce a smartphone password, and require the smartphone securely stores data (by using encryption).
  • Website screening – All common web browsers include a filtering service to avoid websites suspected for malware of phishing. Effectiveness does vary, with independent testing highlighting Microsoft Internet Explorer as most effective. While End Point Protection solutions include additional features to assist with Internet banking, blocking pre-defined list of websites, and scanning Internet traffic, I don’t think these are significant security advantages over the natively available browser protection combined with effective anti-virus and user common sense.
  • Smartphone Antivirus – Both Apple and Microsoft have tightly controlled application stores. Research shows viruses/malware is most likely to be introduced from compromised applications which is more common on the Android store which is not tightly controlled (while there are solutions to secure Android phones, we don’t think the administrative overhead for small business is worthwhile). Indeed, according to Symantec, Android is the target of 97% of new threats. In our view, controlling smartphone selection removes the need for a smartphone antivirus, indeed Apple accounts for over 70% of enterprise smartphones according to one key security vendor.
  • Disk encryption – In our view, if you follow our recommendation and use Microsoft Windows 8.1 professional, then the disk encryption capabilities are sufficient (to secure your data in the event your computers are stolen for example). Alternatively, the free product TrueCrypt is an effective alternative. This will be covered in a future post.
  • Password managers – Password managers are important, but not a reason to select an anti-virus product. We will review options and provide a recommendation in a future post.

Results

The results in the below table were determined by downloading and installing each product. As needed, I consulted the support options available.

Evaluation area Kaspersky BitDefender ESET
Product name Small Office Security 3.0 Small Office Security (cloud-based) Endpoint Antivirus and Remote Administrator
Installation
How involved are the installation instructions? (Both the client and the central administration). Moderate Easy Advanced
Can a user “self-install” install the software? (assuming local PC installation rights).
Is the process to un-install easy to follow? (and are the relevant Windows services re-enabled)
Is future installation on a Windows based File Server available? (the topic of a future post series)
Central administration
Can you remotely scan a PC?
Can you administer a PC not connected the corporate network?
Can you centrally apply scanning exclusions? (used to prevent virus scans impact business applications)
Can an administrator receive email alerts of a critical issue?
Is there a dashboard showing the protections status of all PCs?  
Can you see the historical threat history of all PCs from the management console?
Can you centrally renew anti-virus licenses?
Is there a Web based console that approved users can access to complete administration tasks? Or is a pre-defined PC used to complete administration tasks? Console available from all PCs with anti-virus installed Internet hosted console Pre-defined PC only
Can antivirus updates be distributed locally (from a predefined device) to preserve Internet bandwidth?      
Can a full anti-virus scan be scheduled from the central console? (i.e. once a week at pre-set time, and only when computer idle).    
Can virus updates be scheduled from the central console?  
Support
Are there online “how to” instructions?      
Are there downloadable administrators manual?      
Are there online option to submit a support ticket?      
Is online chat available?    
Was my experience of online support successful?  
Are there telephone support options?      
Is support available 24 hours a day, 7 days a week?  
Does support include assistance in removing a virus?    
Price for 1 year $229
5 PC plus a file server.
$143.50
5 devices, PC or file server.
From $260
5 PC plus a file server, with price/ package variations by country.

Key observations

Kaspersky

Installation and central management, while not complicated, is relatively labor intensive. In particular, many features must be manually configured at each PC client rather than centrally defined on the management console. Examples include; remote management, firewall settings (if used), email alerts, scanning schedules and scanning exclusions. There are, at least, options to export/ import configurations to aid these manual operations when repeating on multiple PCs. My view is that small business would find this a headache to setup and maintain, and this would result in the product reducing in effectiveness.

Support options vary by country. 24/7 support is not available anywhere, and telephone support may be charged per minute. My own requests to tickets submitted online for basic product support were ignored. For me this level of support is not acceptable for a small business.

For the above reasons, my view is that Kaspersky Small Office Security would not meet the needs of a small business without additional investment in external IT support.

BitDefender

BitDefender was by far the easiest solution to setup, and to centrally administer, of the three products.

BitDefender also had significantly less restrictions than both Kaspersky and ESET solutions – refer to the table.

Notably, BitDefender support is available 24/7. I contacted BitDefender several times using online chat. On occasion chat agents were busy, but in all cases, if I tried again after a few minutes I was connected with a support person. In most cases chat resulted in information gathering, and my query was then answered by an email the following day. In all cases support was responsive, and as a small business, this is very valuable.

BitDefender is easy to install, easy to use, and support was effective.

ESET

ESET does not really feel like a product for the small businesses that does not have dedicated IT expertise. Indeed, the Endpoint Antivirus and Remote Administrator products are the same products used in businesses with thousands of users, and with dedicated IT support departments. This is obvious when using the central administration consoles, which is clearly very advanced, but would overwhelm a non technical user.

Support varies significantly by country. My online tickets raised for product support were ignored.

ESET, for me, is clearly not a suitable product for small business without dedicated onsite IT support.

Recommendation

This is the final post in a series on anti-virus for small business. My particular focus is on small business without dedicated onsite IT support.

Kaspersky, BitDefender and ESET have already been independently identified as leaders in virus protection. To select between the products, I have chosen to evaluate their ease of use. Ease of use is fundamental to a small business without dedicated onsite IT support. Price is of course important, however I have proposed that the price variations, at small volumes, are not significant in the context of protecting the computing assets of a small business.

Based on the results presented earlier in this post, BitDefender is the clear winner when comparing my ease of use components; easy of installation, easy of central administration and effectiveness of vendor support.

As such, I recommend BitDefender Small Office Security (cloud based) as the antivirus for small business without dedicated onsite IT support. This recommendation is based on independent review of virus protection abilities by AV Comparatives, and my own review of the ease of use when compared to two other leading protection solutions. BitDefender costs $143.50 a year, for 5 devices.