What Antivirus for POS computers?

[slicksilver]

I'm looking for recommendations which can be deployed on ten individual Point of Sale computers with the following :

1. Computer do not have internet access so the definitions must be updatable offline.
2. Should be very light and low on system resources as the configuration of these computers are as old as 5 years

The biggest source of viruses on these computers are because of USB drives.

Thank you in advance

 

[lxskllr]

Do they need USB access? The lightest AV would be disabling the USB ports.

 

[slicksilver]

Do they need USB access? The lightest AV would be disabling the USB ports.

Yes they need to backup their data to USB drives which brings another question...can you allow the writing to only one particular USB drive and disable usage of other USB storage devices?

 

[lxskllr]

Checkout this page...

http://community.spiceworks.com/how_to/show/1488-lockdown-usb-to-specific-removable-usb-drives

If it were me, I'd limit access to a specific drive, and ideally, if that drive was a potential threat, I'd scan it from a desktop before hooking it up to the POS. Sneakernetting definitions will leave you exposed for periods of time when the machine doesn't have up to date definitions.

 

[mechBgon]

Yes they need to backup their data to USB drives which brings another question...can you allow the writing to only one particular USB drive and disable usage of other USB storage devices?

Start by disabling AutoInfect... um, I mean AutoRun. http://www.mechbgon.com/build/autoplay.html You can also check out Ariad by the security researcher Didier Stevens: http://blog.didierstevens.com/programs/ariad/

Secondly, if at all possible, switch to non-Admin user accounts and enable Software Restriction Policy in disallowed mode: http://www.mechbgon.com/srp This works on WinXP, Vista, Win7 and Win8, as long as they aren't the Home editions.

The above two tips arbitrarily slam the door on AutoRun attack vectors.

If you want to allow only particular USB drives, you can do that... lessee here... http://msdn.microsoft.com/en-us/library/bb530324.aspx (from the Windows 7 SP1 Security Guide). I have a system at work configured that way, it's a public kiosk setup and it's just a matter of time before someone plugs their flash drive into it.