RE: Why NOT to disable Real Time Antivirus on Servers
From: Anton Muthu Kumar B (InfoSec) - CTD, Chennai (antonmk_at_hcltech.com)
Date: 11/03/05
- Previous message: Kelly Martin: "SF new column announcement: Automatic graylisting of unwanted software"
- Maybe in reply to: george.peek_at_gmx.net: "Why NOT to disable Real Time Antivirus on Servers"
- Next in thread: Kirk Brady: "RE: Why NOT to disable Real Time Antivirus on Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <george.peek@gmx.net>, <security-basics@securityfocus.com> Date: Thu, 3 Nov 2005 12:20:10 +0530
Hi George,
If the character of the virus is only to be multiplied, then having real
time protection enabled could introduce marginal performance degradation.
But practically, viruses are basically meant not only for multiplication but
they are introduced with destructive intent which would make the server
crash or some times Denial Of Service. When the Server is un-available what
will be the role of performance?
Thanks & Regards
Anton
DISCLAIMER
This message and any attachment(s) contained here are information that is
confidential, proprietary to HCL Technologies and its customers. Contents
may be privileged or otherwise protected by law. The information is solely
intended for the individual or the entity it is addressed to. If you are not
the intended recipient of this message, you are not authorized to read,
forward, print, retain, copy or disseminate this message or any part of it.
If you have received this e-mail in error, please notify the sender
immediately by return e-mail and delete it from your computer.
-----Original Message-----
From: george.peek@gmx.net [mailto:george.peek@gmx.net]
Sent: Wednesday, November 02, 2005 11:04 PM
To: security-basics@securityfocus.com
Subject: Why NOT to disable Real Time Antivirus on Servers
Greetings,
An Engineer and I are having an argument about keeping Real Time Antivirus
disabled on servers.
His point is keeping Real Time Antivirus Enabled on servers such as the
Exchange Server takes a huge performance hit on the server.
My argument is that keeping real time antivirus software disabled defeats
the purpose of PREVENTING a server from being infected in the first place.
Once it is infected, it is all too late already. The antivirus software is
enabled on the workstations.
He argues that since all of the workstations have the antivirus enabled,
then there is no way for the virus to get in.
Mine argument that a virus can still get in through other means. I need
examples and case studies to refer to.
I would like to find different case studies or scenarios where the real time
antivirus was disabled on the servers, enabled on the PCs, and the company
still got infected. Also, would like to find solutions to enabling real time
scan and stream lining it so it does not affect the Exchange Server as bad.
Would someone point me in the right direction or post potential case
studies.
Please post or email me.
George.peek@gmx.net
Thank You
- Previous message: Kelly Martin: "SF new column announcement: Automatic graylisting of unwanted software"
- Maybe in reply to: george.peek_at_gmx.net: "Why NOT to disable Real Time Antivirus on Servers"
- Next in thread: Kirk Brady: "RE: Why NOT to disable Real Time Antivirus on Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
