Re: Why NOT to disable Real Time Antivirus on Servers

From: Micheal Espinola Jr (michealespinola_at_gmail.com)
Date: 11/02/05

  • Next message: Bryan S. Sampsel: "RE: Firewall/Router: Dedicated Server or Appliance?" 
    Date: Wed, 2 Nov 2005 16:12:45 -0500
To: security-basics@securityfocus.com

    Based on real-world testing and application - I agree with your
    colleague. The performance hit is not worth it. Even on powerful
    servers on high-speed networks, myself and my users (when testing got
    to that point) noticed a significant performance difference.

    Sorry, no case study. Just undocumented testing with Symantec
    products. I'd be interested to hear about anyone's testing with other
    AV apps.

    On 2 Nov 2005 17:34:12 -0000, george.peek@gmx.net <george.peek@gmx.net> wrote:
    > Greetings,
    >
    > An Engineer and I are having an argument about keeping Real Time Antivirus disabled on servers.
    >
    > His point is keeping Real Time Antivirus Enabled on servers such as the Exchange Server takes a huge performance hit on the server.
    >
    > My argument is that keeping real time antivirus software disabled defeats the purpose of PREVENTING a server from being infected in the first place. Once it is infected, it is all too late already. The antivirus software is enabled on the workstations.
    >
    > He argues that since all of the workstations have the antivirus enabled, then there is no way for the virus to get in.
    >
    > Mine argument that a virus can still get in through other means. I need examples and case studies to refer to.
    >
    > I would like to find different case studies or scenarios where the real time antivirus was disabled on the servers, enabled on the PCs, and the company still got infected. Also, would like to find solutions to enabling real time scan and stream lining it so it does not affect the Exchange Server as bad.
    >
    > Would someone point me in the right direction or post potential case studies.
    >
    > Please post or email me.
    >
    > George.peek@gmx.net
    >
    > Thank You
    > 

    --
ME2  <http://www.santeriasys.net/>
  • Next message: Bryan S. Sampsel: "RE: Firewall/Router: Dedicated Server or Appliance?"

    Relevant Pages

    • Re: advice on tuning sol8 nfs servers
      ... > I work for a very large US financial services firm, ... > noticed a huge performance hit when accessing our NFS volumes. ... Our clients mount from the NFS servers using the logical names, ...
      (comp.sys.sun.admin)
    • RE: Why NOT to disable Real Time Antivirus on Servers
      ... Why NOT to disable Real Time Antivirus on Servers ... An Engineer and I are having an argument about keeping Real Time Antivirus disabled on servers. ... He argues that since all of the workstations have the antivirus enabled, then there is no way for the virus to get in. ...
      (Security-Basics)
    • Why NOT to disable Real Time Antivirus on Servers
      ... An Engineer and I are having an argument about keeping Real Time Antivirus disabled on servers. ... His point is keeping Real Time Antivirus Enabled on servers such as the Exchange Server takes a huge performance hit on the server. ... He argues that since all of the workstations have the antivirus enabled, then there is no way for the virus to get in. ...
      (Security-Basics)
    • Re: Re: Why NOT to disable Real Time Antivirus on Servers
      ... Email servers should be inspecting all incomming and out going mail. ... A new virus may strike and infect a PC before AV protect is available from the vendor. ... >> keeping Real Time Antivirus disabled on servers. ...
      (Security-Basics)
    • Re: Why NOT to disable Real Time Antivirus on Servers
      ... ('binary' encoding is not supported, ... I would beg to find out how big of a performance hit this really is. ... If you don't have much network segmentation or controls between the servers and the users that also increases the risk. ...
      (Security-Basics)