RE: Should webservers, eg. IIS 6 have anti--virus installed on them?

From: Jeff Shawgo (jeff.shawgo_at_verizon.net)
Date: 07/19/05

  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Should webservers, eg. IIS 6 have anti--virus installed on them?" 
    Date: Tue, 19 Jul 2005 07:47:58 -0500 (CDT)
To: focus-ms@securityfocus.com

    Antivirus needs to be part of the overall security plan for all Windows machines - it's just part of the cost of doing business - the cost of the software, maintenance, and CPU overhead.

    Certainly, servers need to be patched, firewalled, isolated, and locked down. Additionally, code should be audited for vulnerability to XSS and SQL injection.

    None of these things are perfect. Not that AV is perfect, but it is another layer of defense - making it part of that "Defense in Depth" strategy.

    AV has grown into more than just defense against viruses. It is often effective against worm code, and some AV has identified common hacking tools (e.g. - NetCat) as something that doesn't belong on most systems. You can argue the viability of this move, but most companies - if they have a security team - have less that 0.1% of their machines which maybe should have it there.

    AV needs to be part of the cost of running Windows - for better or for worse.

    ~Jeff

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Should webservers, eg. IIS 6 have anti--virus installed on them?"

    Relevant Pages
    • Quantcast