Re: [fw-wiz] OT: Av and Gartner...

From: Luca Berra (bluca_at_comedia.it)
Date: 07/31/03

  • Next message: Bojan Zdrnja: "RE: [fw-wiz] DNS records for a firewall NAT pool"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 31 Jul 2003 10:22:00 +0200
    
    

    On Wed, Jul 30, 2003 at 06:38:45PM -0600, Jim McAtee wrote:
    >Never understood running AV on servers. How would they get infected? Very
    >little, if any, browser use is permitted on our servers and no email clients
    >are ever run on them. Now, if we're talking about servers in a DMZ, such as
    >web servers, compromises are always a possibility, but very few of those would
    >be caught by an AV.
    Have you actually ever worked in a windows environment?
    you have shares,
    you have users with administrative privileges on the servers
    you have badly written apps that work only if john doe from accounting
    is local admin on the accounting server, and john doe uses a laptop,
    and also when john doe is home his kid uses that laptop to surf the
    internet......

    I have seen enough server farm virus infection to warrant an antivirus
    on servers as well.

    regards,
    L.

    -- 
    Luca Berra -- bluca@comedia.it
            Communication Media & Services S.r.l.
     /"\
     \ /     ASCII RIBBON CAMPAIGN
      X        AGAINST HTML MAIL
     / \
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Bojan Zdrnja: "RE: [fw-wiz] DNS records for a firewall NAT pool"

    Relevant Pages

    • MS tool to disinfect Code Red II
      ... on the list the appropriate solution to a Code Red II infection is ... NOT ELIMINATE THE EFFECT OF OTHER VARIANTS OF THE WORM. ... WORM ON INTERNAL SERVERS THAT ARE PROTECTED FROM THE INTERNET BY A ROUTER ... MICROSOFT RECOMMENDS THAT INFECTED INTERNET-FACING SERVERS ...
      (Incidents)
    • Field Report: New Worm
      ... compromise of systems, possibly via SQL, if my ... servers with mysql 3.23.56 compromised and 1 Cobalt ... Raq4 server with an older version of mysql (that had ... chkrootkit DOES NOT DETECT this infection! ...
      (Incidents)
    • Re: BlackICE Agent Allowing CodeRed In
      ... I don't run the server version of BlackIce 3.5, ... If an infection gets inside your network, it may be do to an infection from ... used Macafee years ago and files on the servers and workstations were ...
      (comp.security.firewalls)
    • RE: virus or hack?
      ... Subject: virus or hack? ... From what I've read, these are files dropped by the sadmind worm, a Solaris ... patched servers this afternoon. ... Can anybody confirm a method to prevent infection? ...
      (Focus-Microsoft)
    • RE: Why NOT to disable Real Time Antivirus on Servers
      ... down to sanitize the infection!", ... Why NOT to disable Real Time Antivirus on Servers ...
      (Security-Basics)