RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?
From: Steven Hay (shay_at_communitysavings.ca)
Date: 07/19/05
- Previous message: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Next in thread: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Reply: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Maybe reply: Brunner, Mark: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Maybe reply: Brady McClenon: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Maybe reply: Altheide, Cory B. (IARC): "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-ms@securityfocus.com Date: Tue, 19 Jul 2005 08:35:25 -0600
I have a completely different view. I think that AV, while not the silver
bullet, is a solid line of defence.
If you thought JUST AV would be sufficient this is a valid argument - but if
you had the choice between risking security on a locked down box with
antivirus or locked down without which would make more sense? The more
lines of defence you have, the more proactively you have secured your
environment.
In a perfect world everything would be nicely secured, things like Windows
and TCP/IP would have been designed for security and we would all be
proactive not reactive. I don't know about everyone else but this isn't the
world I live in, and I tend to be proactive when possible and reactive when
necessary - but certainly not as a last resort.
-----Original Message-----
From: Floyd Russell [mailto:floyd@floydsoft.com]
Sent: July 18, 2005 2:44 PM
To: focus-ms@securityfocus.com
Subject: RE: Should webservers, eg. IIS 6 have anti--virus installed on
them?
For fear of this breaking down into a semantic conversation I personally
don't view CodeRed/Nimda as viruses. They may have spread like the plague
but they used exploits to puruse their agenda, not user interaction. Both of
which were preventable with proactive measures, neither of which were even
recognized by most virus scanners until long after the fact. Virus scanners
are:
a) Only as good as their most recent copy of their virus def file
b) Only as good as their def file's up-to-dateness itself in regard to what
viruses exist.
Everything else I mentioned in my previous email is proactive, virus
scanners are reactive. Being reactive should be your absolute last resort.
fr
-----Original Message-----
From: Jim Harrison (ISA) [mailto:jmharr@microsoft.com]
Sent: Monday, July 18, 2005 3:35 PM
To: Floyd Russell; focus-ms@securityfocus.com
Subject: RE: Should webservers, eg. IIS 6 have anti--virus installed on
them?
Perhaps the statement "viruses are only spread through user action" is only
true in recent times, since Code Red and Nimda both spread to clients and
servers alike via IIS servers, but it doesn't preclude future mechanisms of
a similar sort.
If you have (or can get) the licenses, add AV to your servers. Al lAV
vendors allow you to control what actions they take and in what areas so as
to avoid conflicting with the server's normal operation.
Jim Harrison
Security Business Unit (ISA SE)
"When you come to a fork in the road, take it."
--Yogi Berra
-----Original Message-----
From: Floyd Russell [mailto:floyd@floydsoft.com]
Sent: Monday, July 18, 2005 12:13 PM
To: focus-ms@securityfocus.com
Subject: RE: Should webservers, eg. IIS 6 have anti--virus installed on
them?
I've held a contentious view on this in the past. Traditionally speaking,
viruses are only spread through user action, (Attachment, execution of
untrusted file, etc). A webserver should never be used for random internet
browsing, checking email, running untrusted software, etc. Also, you have to
consider the performance impact. If this server is running an intensive site
can you afford the CPU overhead of an active anti-virus scanner? Is it going
to lock files that need to be written to by the site?
If the machine is just a webserver then patch, firewall, use as
well-designed as possible code, and limit access & lock down as much as
possible. It seems to be that these five things would be enough to prevent
the viruses from taking control of your machine.
Remember, this is just viruses. Exploits are a completely different matter.
fr
-----Original Message-----
From: Shyaam [mailto:shyaam@gmail.com]
Sent: Monday, July 18, 2005 10:20 AM
To: ssgill@gilltechnologies.com
Cc: focus-ms@securityfocus.com
Subject: Re: Should webservers, eg. IIS 6 have anti--virus installed on
them?
According to my level of knowledge(which is very minimal, in this
especially), I would say that a web server should be patched well first. the
anti-virus is a secondary issue. Ofcourse, you need an antivirus too, but
there should always be good patches implemented which checks for the latest
signatures. --Shyaam
On 7/17/05, Sarbjit Singh Gill <ssgill@gilltechnologies.com> wrote:
>
> Greetings
>
> Should IIS have anti-virus installed on them. I know I would do it for
a
> fileserver but for IIS, I rather lock it down.
>
> Thanks.
> /Gill
>
>
>
------------------------------------------------------------------------
-- - > ------------------------------------------------------------------------ -- - > > -- Thank you in advance for your time and consideration. Yours Sincerely, R.S.Shyaam Sundhar ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- --------------------------------------------------------------------------- Please note that Internet email is not always private, secure or reliable. The sender accepts no liability for any damages caused by any virus inadvertently transmitted with this email. Any opinion expressed in this email is solely that of the author, unless clearly indicated otherwise. This email, and any attachments, may contain confidential and/or proprietary information that is intended only for use by the addressee. If you are not the intended recipient, any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please delete the email and advise the sender of the delivery error. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Next in thread: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Reply: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Maybe reply: Brunner, Mark: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Maybe reply: Brady McClenon: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Maybe reply: Altheide, Cory B. (IARC): "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
