Re: Virus protection on servers?

<HendersonD@xxxxxxxxxxxxxxxxx> wrote in message
news:a9c59a89-0393-4267-9dfc-d9014c4da4d3@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I have 13 Windows based servers. Many of these were installed over the
last 3 months as we made the transition from being primarly a Novell
shop to Windows based servers. Here is the breakdown:

2 domain controllers/dns/dhcp
2 Exchange 2007
ISA Server
SQL Server
IIS
6 Application Servers

What is the consensus on whether I should have virus protection
installed on these servers? I do not have any file servers since my
NetApp SAN takes care of that. I do own McAfee's Enterprise package
which includes McAfee's VirusScan plus their add on Spam protection
piece. We have this product installed on all of our client machines, I
am not sure if it is a good idea to install on servers.

It's always not just good, but required, that an admin know that
their systems are safe against anything shifting the config'd state.

Not hosting fileshares is part of sealing off the shares vector.
Are all accessing admin stations, all stations used by admins,
verified always safe or are all shares and autoadminshares off ?

With direct internet-style access (even internal) prevented or
highly restricted and the share vector guarded the largest part
of the entry of generic malwares is restricted.
Without at least that much as a known it is probably too risky
to eye the advantages of being without antimalware hooking
everything, risking interferences, and in general dragging down
the system capacity.
With at least that much of a defined config it gets reasonable to ask
if whatever would be coming by remaining vectors might be more
targetted, or more skilled to try to avoid triggering scanners.
In my own experience anti-/preventative softwares can inject more
problems than they guard against. Not all anti- wares are equal in
their pain and some tread very lightly, but others are or can be killers.
And, in a low risk config server what of anything actual is prevented?
One always has the choice of periodic scan instead of on demand
(even if to install it is to still hook in the system).

Roger


.

Relevant Pages

  • Re: Linux vs FreeBSD vs SCO
    ... This happened in the past and I've not done a lot with Linux ... things I ever learned about robustness in servers - and I only putz ... Then there is the rpm upgrade path. ... often you install an upgrade, and you find it needs something else, ...
    (comp.unix.sco.misc)
  • Is FreeBSD ready for desktop (Mozilla Flash)
    ... monitor,, somehow the install fails to detect ... "Macromedia Flash plugin is not available for FreeBSD. ... I quote again "Install the www/linuxpluginwrapper port. ... servers, ...
    (comp.unix.bsd.freebsd.misc)
  • Re: upgrade NT 4.0 to Windows 2000 AD
    ... Install fresh BDC, promote to PDC and upgrade it as win2k AD. ... Introduce two fresh installed W2K3 member servers to the domain and ... w2k3 member servers. ...
    (microsoft.public.win2000.active_directory)
  • Multiple problems with Win2003 SP2
    ... servers servers running Win2003 R2, but on a further two 32-bit member ... reboot = No, reboot required = No ... Content Install Installation Failure: Windows failed to install the ...
    (microsoft.public.windows.server.general)
  • Re: Multiple problems with Win2003 SP2
    ... servers servers running Win2003 R2, but on a further two 32-bit member ... reboot = No, reboot required = No ... Content Install Installation Failure: Windows failed to install the ...
    (microsoft.public.windows.server.general)