What antivirus do you recommend for dev boxes [closed]

What antivirus would you recommend for computers used for windows development. Would you use an antivirus for these users? These users compile quite often and therefore read and write tons of files. If I deploy a slow performing antivirus, they will not be happy.


Solution 1:

You NEED antivirus software

It's been said a few times in these answers that developers should know better, or should only install software they need from known good sites, etc, so if you need antivirus you have a social issue, not a technical issues. A few points on that:

  • Prevention is only one of the functions of antivirus. Even if your vendor is slow about getting new definitions out, if your software detects a virus on your machine after the fact you're much better off than if you had no AV software at all.
  • Everyone, no matter how brilliant, makes mistakes. You cannot bet your infrastructure on the perfection of your employees' awareness.
  • Downloading software is only one vector of viral attack. What about software vulnerabilities? What if a "known-good" software site is hijacked? What if automatic update software (Java, Adobe, Apple, MS, whatever) is compromised? Your security is too valuable to leave in the hands of your employees and your vendors.
  • Unless you're a very small company, you have non-technical people working with you. Receptionists, office managers, sales people, etc. If your devs are perfect and your receptionist clicks a bad link his mom sent to him, your network is compromised.
  • Installing AV software on all machines except your developers' leaves the (arguably) most valuable workstations unprotected.
  • Your developers have software on their machines that is not "necessary" for their jobs. Guaranteed. iTunes, AIM, other apps they've discovered that they like. They're smart enough to get around policies/software that tries to prevent this.

My recommendations

At Fog Creek, we use ESET NOD32.

I have tested Symantec, Kaspersky, Norton, ZoneAlarm, Avast, and AVG. All of them have noticeable performance issues, and many were downright unusable for our devs (blocked debuggers, caused issues when hooking into system calls, etc).

NOD32 has been deployed for nearly a year now, and I've only had a single dev run into any trouble with it (and that was fixed by checking a configuration option). It causes no noticeable performance hit, doesn't interfere with any of our tools, and is unbelievably simple to setup - I deployed it across all of our workstations and servers in the middle of the day from the comfort of my desk.

The only trouble we had with NOD32 was a big performance hit when running VMWare Workstation during our evaluation period. After exempting all VMWare files from realtime scanning, the problem disappeared.

Solution 2:

I would not install any antivirus software on those machines assuming the following points:

  • The computer runs behind a router with built in firewall, MAC address filtering and NAT.
  • Only needed ports are open
  • Windows firewall is enabled
  • Developers only install software that they need to get things done from trusted sites
  • No pirated software is used
  • Operating systems are updated regularly
  • Devs do not visit underground sites

On dev machines you want maximum performance and antivirus software is a known antonym of performance. Besides this antivirus are not so effective.

Solution 3:

I have a couple opinions here...

Obviously the point of anti-virus is not necessarily to have the fastest, but simply the most effective. I prefer Symantec but to each his own.

One thing you could do is make realtime scan exclusions for a development folder (i.e. C:\Development) or something - that way it's not realtime scanning every compile. Most viruses/malware would not put anything in a C:\Development folder anyway (99% of the time it'll be going into Program Files, Windows, etc). Configure your antivirus to run a scan on the Development folder once per day instead.

On the other hand, normally developers will be pretty computer savvy (we hope). So in that case I'm not sure antivirus is needed at all in this type of environment. Best thing here is dedicate machines (virtual machines or whatever) just for development and not e-mail, web surfing, and the like. This would yield the fastest performance with no scanning overhead, obviously.