Site icon IT World Canada

WebShield Protects Against e-Born Viruses

The requirements placed on network availability by e-businesses make the threat of a virus, such as LoveLetter, Melissa, and Bubbleboy, particularly disastrous to virtually every IT organization. Today a virus outbreak will not only disrupt the flow of an organization’s business activity but will also affect profitability directly proportionate to the cleverness of the virus’ programmer.

McAfee Corp.’s WebShield E-ppliance 120 is a hardware and software Internet virus detection and cleaning solution for Web-based organizations that require around-the-clock virus security. WebShield comes in three flavors: WebShield NT, which scans SMTP traffic; WebShield Solaris, which scans SMTP, HTTP, and FTP traffic; and WebShield Proxy, which runs on Microsoft Proxy server and scans HTTP and FTP via a browser.

By scanning incoming e-mail and traffic as it enters the network, the WebShield E-ppliance is attacking the most fertile breeding ground and the most effective conduit for transmission of malicious mobile code that viruses have ever known — e-mail. We found this product does a good job of scanning for and cleaning away viruses we introduced on the testing network via e-mail and Web traffic. In addition, it keeps track of any viruses that were found, giving their location and allowing you to both justify the product and to see how dirty (or clean) your incoming and outgoing traffic is.

Although WebShield did its job well, a few considerations kept us from giving it a higher score than Good. Most notably, the hardware portion of the solution did not have the ability to automatically detect and configure itself to the network it was being plugged into — a feature we have grown to love and expect from network appliances. Misleading documentation also opened the door to errors during installation which caused a lot of frustration.

In a class of its own

As far as we can tell, the WebShield E-ppliance 120 has no direct competitors. To its credit and to the delight of IT professionals, WebShield is the only combined hardware and software anti-virus product on the market today. Software-only solutions that compete with WebShield E-ppliance 120 are Trend Micro’s InterScan VirusWall and Symantec’s Internet Email Gateway.

And unlike WebShield, both the Trend and Symantec solutions have detection and cleaning limitations that are open to DoS (denial of service) attacks — a malicious person could initiate message flooding or send recursive .ZIP files, for example. In addition, Symantec doesn’t integrate into Microsoft’s clustering environments, as WebShield does.

WebShield E-ppliance is used in conjunction with a proxy server firewall or a proxy server — you can use the WebShield as a proxy server if you don’t have one running — but doesn’t do NAT (Network Address Translation), so you’ll have to install a router or firewall to handle those chores.

The WebShield hardware sits behind the firewall and, in most cases, companies will have either a router or their firewall doing NAT. The hardware itself runs Solaris software and will need to be manually configured to deal with such items as your IP interface and router addresses, domain, and admin host IP address in order to communicate with your network. We logged onto the WebShield machine at the console as root and proceeded though a series of 21 configuration setup questions in order to get it familiar with its surroundings.

Unfortunately, due to a misleading configuration scenario in the manual, our first attempt to get the system up and running was unsuccessful. After numerous troubleshooting attempts, we were finally successful after recieving assistance from the technical gurus at McAfee.

Smooth running

As an appliance-based virus detection solution, WebShield will most likely become very popular with IT departments that want an out-of-the-box, all-in-one virus protection solution for their e-business. And companies that have already made an investment in McAfee’s Anti-Virus software will most likely not incur any additional training costs.

The WebShield system is managed remotely by what is called the WebShield Configuration Tool. The tool is used to modify WebShield E-ppliance system configurations such as local and remote administration, FTP and HTTP scanning, and logging. The Configuration Tool can be installed on a Solaris, Windows NT, Windows 95, or Windows 98 system.

Organizations that have implemented other Internet gateway solutions could still benefit from WebShield, but IT staffers will be forced to maintain another hardware device and learn yet another software application.

We found that the McAfee WebShield E-ppliance virus security solution is a new concept that does as advertised, but it doesn’t live up to the network appliances we have installed in the past. We discovered it is more like a router with virus detection software, rather than a specifically designed appliance that gets plugged in and takes care of business.

Its biggest advantage is that its all-in-one packaging saves the time and trouble putting together your own solution. And, we found if you are prepared to spend some time configuring the system to work in your environment, it will get the job done well.

Ana Orubeondo is a senior analyst at InfoWorld. She specializes in evaluating products that relate to telecommunications and wireless technologies, as well as networking hardware and software products. Her Internet address is ana_orubeondo@infoworld.com.

THE BOTTOM LINE: GOOD

WebShield E-ppliance 120

Business Case: WebShield E-ppliance 120 offers a good hardware and software combination, anti-virus detection solution that can stop viruses before they enter your system, thus allowing you to avoid costly shutdowns caused by outbreaks.

Technology Case: The Internet virus security solution is an out-of-the-box solution specifically designed to protect against e-mail-based attacks. Plan on spending some time configuring WebShield to work in your network environment.

Pros:

+ One-stop shopping for an anti-virus network appliance

+ Software portion is easy to manage

Cons:

– Hardware component does not configure itself

– Does not support NAT

– The documentation is misleading and incorrect

Cost: Starts at $9,300 for up to 250 users

Platform(s): Hardware is Solaris-based; Software: Solaris or Windows NT

McAfee, Santa Clara, Calif.; (888) 847-8766; http://www.McAfeeB2B.com

Exit mobile version