IT and communications for the deep sea commercial shipping sector

The best Anti-Virus Product for Ships ?

Even though we use VSAT on almost 90% of our ships, Anti-Virus is still a problem when downloading the daily updates. MCafee for example, wants to pull down almost 10Mb daily which doesn't cost us any more but can be pain on a 128Kb link.

Does anyone have any good experience of AV products especially those of which download small updates ? Sophos ? AVG ?

▶ Reply to This

Replies to This Discussion

Permalink Reply by Moez rebai on March 20, 2008 at 10:33am: I can recommend NOD32 which seems to be very effecient , http://www.nod32.nl/ or http://www.eset.com/; ▶ Reply to This

Permalink Reply by Chris Walton on March 20, 2008 at 8:35pm: Hi Wasim,

I agree.

I know of a live deployment using NOD32 where the standard "automatic file transfer" mechanism (common in most maritime e-mail / data transfer products) is used to automatically push updates to the communications computers on the ships. Each of the onboard workstations then automatically updates itself from the communications computer.

The source is a single computer (shore) updating itself in the normal way across the Internet.

NOD32 updates are incremental (like Sophos) - update file sizes vary but, so far, have never been prohibitively large.

BTW: I was attempting to bring a McAfee installation on a ship up-to-date via EDGE/GPRS just yesterday. The files being downloaded were not huge but the downloads kept stopping. I performed a lot of other downloads (including Windows updates) and the problems seemed isolated to McAfee.; ▶ Reply to This

Permalink Reply by Thomas Dane on March 21, 2008 at 6:30pm: Virus are a problem when so many are downloading from the Internet, I work for Newcom-International a international Teleport based in Miami, FL. we have a unit "SafeAccess" which in short acts as; a firewall, Anti-Virus, A-Spam and A-Spyware.; ▶ Reply to This

Permalink Reply by Fred Sirevag on March 22, 2008 at 9:38pm: Hi Wasim :-)

I suggest killing the viruses, spam etc at the Teleport, but obviously you will need some local protection anyway.. The bandwidth usage by AV updates and Windows Updates can be kept low by using a network sequence device like the Juniper WXCs, one at each end. This way you will only need to load a specific file pattern once. This counts for elements in a web-page, streaming media, AV etc, and even large files are cached too.; ▶ Reply to This

Permalink Reply by Youri Hart on March 23, 2008 at 6:05pm: Hi Wasim,

We have our Port-IT Antivirus service using the NOD32. We are reseller of the product but have adapted the product togehter with ESET for use with maritime industry.

We allready have many vessels using our service due to the following reason:

1. Small update files
2. Best in overall scanning
3. Doesnt need high system specs
4. With use of our Transfer Coach package the updates are received automaticly via email and extracted automaticly from the email client so the AV can update automaticly.

Due to point 4 no user interaction is needed when setup so it will feel like having a internet update but it is comming via email. The transfer Coach will work on SkyFile, AmosConnect (Basic and Full) and Outlook Express. We allready had many positive feedback from captains that have installed it and cleaned their pc. We had one vessel that had 763 infected files it will let you think of what the crew is actually doing!

The problem isn't email but external media that is infected and not cleaned. By default we install our service for free (first month) on every vessel we board if their is no antivirus product installed and every time we find virusses and we are able to fix the problem.

If you want to know more just contact me you have my details; ▶ Reply to This

Permalink Reply by Henrik Hedman on December 10, 2008 at 2:34pm: Hi!

Can you send me information about this. We are planning to order new antivirus for our fleet,

H; ▶ Reply to This

Permalink Reply by Rafael Sant'Ana on January 26, 2009 at 7:02pm: Hi Youri,

Could you send details about your product?

Best Regards,

Rafael Sant'Ana; ▶ Reply to This

Permalink Reply by Wasim Kayani on March 24, 2008 at 10:45am: Thanks everyone for the feedback. Will run through a couple of tests and let you know how I get on.; ▶ Reply to This

Permalink Reply by Youri Hart on April 11, 2008 at 10:46am: Norton is in noway a solution for the Maritime industry. We have tested the product against NOD32 and Sophos and it was beaten on many fronts. NOD32 was the winner of the Test. Norton consumes to much CPU and PC memmory and the advance heuristics of Norton is to cry about. Norton allready is missing new virusses when it is not updated for more then 1 week.; ▶ Reply to This

Permalink Reply by Fred Sirevag on April 15, 2008 at 7:10am: Agree on NOD32. I've had viruses home 3 times when I used Norton. I got rid of it around 3-4 years ago, installed NOD32, my computer got a new life and have never had any more virus for since; ▶ Reply to This

Permalink Reply by Gary McDonald on April 22, 2008 at 4:33pm: I agree with you Youri I wouldn't install Norton on any system let alone one on a vessel. It uses far too much CPU time and memory (I my experiance).; ▶ Reply to This

Permalink Reply by Chris Walton on April 22, 2008 at 11:25pm: I think we generally agree that, in terms of incremental (and therefore smaller) updates, NOD32 and Sophos lead the way. I agree that Norton / Symantec is "heavy" in this respect but it does have an important feature - i.e. "Service Protection"...

When I last tested you could simply stop the Sophos and NOD32 services and the protection was, thereafter, down. I tested this using "NET STOP [servicename]" and then downloaded the EICAR virus signature test files - successfully. (When protected, it should not be possible to download from eicar.org.) Worse still - the signature files of Sophos and NOD32 are not protected and you can simply delete them from the path where the software is installed. The systems are then extremely vulnerable until the next update - which is then very large.

Norton / Symantec had protection against this - it detected attempts to stop the service, blocked it and warned the user. During execution it also locked its signature file thereby protecting it.

I think this was implemented when Norton was the de-facto standard so the first job of most innocent executables getting ready to write the virus / worm was to detect and attempt to stop the AV service.

How long might it be before virus delivery packages look for NOD32 and Sophos? It's currently too easy to disable the protection.

I waited all the way through 2007 for "Symantec Project 'Hamlet'". This was to be a new "incremental update version" from Symantec. We are now in 2008 - the project / product is now called "Symantec Endpoint". At some stage I might test it but I doubt I will ever recommend it.

My current recommendation?

NOD32 - but one of us should write an application to protect it and its definition files - easily done.

Any Software Engineers out there? :0); ▶ Reply to This