1

I'm looking to find a way to protect PCs, without requiring locally installed software.

I thought about a device such as a Watchguard that has UTM facilities and make it a transparent proxy, in essence, something that can sit inline on a network cable and provide anti virus protection to the PC behind it , because I cannot install any software on the PC.

Is there a hardware device I can put on a network cable in front of a PC to provide basic antivirus protection but still allow file sharing onto the network?

Or is there another approach I'm unaware of that would let me protect a networked PC from viruses without installing any software on the PC?

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
fistameeny
  • 317
  • 1
  • 8
  • 18
  • By "inline" you mean "passive", right. – joeqwerty Jan 30 '15 at 15:21
  • I don't mean passive as such. I mean a device which sits on the network in front of a PC to protect it, but is transparent so doesn't require change the IP range of the protected device. – fistameeny Jan 30 '15 at 21:15
  • You mean like an Untangle device perhaps? (Sorry for the lack of link; posting from my phone. ) – SenorAmor Jan 31 '15 at 15:13

1 Answers1

2

I think that there is no way to protect against 'everything'. Because your device-in-the-middle should proxy many protocols, do security certificates substitution to keep an eye on encrypted connections, make a decrypt-check-encrypt-forward some data, it will need more performance than ordinary PC with antivirus, because for example, when you have shared folder allowing someone upload files, locally-installed antivirus checks file when service tries to save it on disk and it does not need to decrypt network traffic.

Device you want depends on services you provide to network. If saying 'file sharing' you mean FTP, you need much cheaper hardware than for SMB share and it is quite possible

Anyway, this device-in-the-middle is still a computer with OS and couple of programs installed. I have heard about such enterprise devices, but not about versions for home user. Reasons of low population of such devices are:

  • They can not protect end-user machine well because they can dont make integration with OS. So, if some bad files are encrypted with unknown algorythm, it should pass this file through and this code will be executed on your machine. However locally-installed Antivirus can follow all the tings that executed file makes and it will alert you if ther are any potentially-unsafe operations made.
  • They must implement tons of network analysing features, and the localy-installed antivirus can implement less, because locally-installed AV has access to every piece of your PC and can follow which program does bad things on any levels of your software and hardware
  • It is much cheaper and easier to produce, install and support software, than hardware, so, almost nobody interested with such devices
filimonic
  • 323
  • 3
  • 14
  • Thanks for the reply. I'm expecting to spend some money to achieve what I'm looking for. I'm working on the basis that the most likely way for a virus to end up on the protected PC is by being downloaded from the Internet or via a file share. Therefore, I'm really looking for virus scanning of SMB shares and Internet traffic. I've looked at Cisco Meraki, Watchguard and Sophos UTM boxes and also considered having a machine running Untangle too – fistameeny Jan 31 '15 at 16:18