Its not arrogance. Its intelligence. I can better manage 100 servers than 1000 client machines for antivirus protection. It also doesn't matter if I lose 10 client machines, as long as I don't lose any servers. I lose servers a lot more than 10 people are sitting on their thumbs.
My former company's network did get hit with Code Red. From a client machine - none of the production servers were hit. With 60% or more users carrying laptops, being 100% up to date on client side patches and AV is nearly impossible, so you focus on what can be reliably controlled and take calculated risks with the others. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Granatella Adam J [mailto:Adam.Granatella@;Sentry.com] > Sent: Friday, November 15, 2002 9:15 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > That wasn't the point. The point was that if there was a > virus like Code > Red that was able to infect without a client opening a file > or downloading > something, there will be another virus like that again. It > doesn't matter > what patches are out for the Code Red vulnerability now. > Something like it > will come along and that will be that. Arrogance does not a > good policy > make! > > Adam > > -----Original Message----- > From: Robert Moir [mailto:rim@;LutonSFC.ac.uk] > Sent: Friday, November 15, 2002 8:04 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > Given that the patches that stopped the flaws code red relied > on were about > a year old when code red was released, its quite possible that even a > vaguely competent admin wouldn't see it on their servers. > > Robert Moir MSMVP > IT Systems Engineer > Luton Sixth Form College > Ciderspace: An online 3D virtual reality environment for > tramps. Ciderspace > Cafe: A park Bench. > > > -----Original Message----- > > From: Granatella Adam J [mailto:Adam.Granatella@;Sentry.com] > > Sent: 15 November 2002 13:30 > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > > > > Two words: Code Red. > > > > -----Original Message----- > > From: Roger Seielstad [mailto:roger.seielstad@;inovis.com] > > Sent: Friday, November 15, 2002 7:13 AM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > > > > Every virus attack I've seen enters at the client machine > > level - regardless of how it enters the network, it infects a > > client machine. Its rare to have every client machine 100% up > > to date on AV signatures, etc, and because of that, they're > > always going to be the entry point. > > > > With that in mind, you need to take steps to protect every > > server, regardless of function. To do otherwise is, in this > > day and age, irresponsible. > > > > ------------------------------------------------------ > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -----Original Message----- > > > From: Luis Aguilera [mailto:laguilera@;basesix.com] > > > Sent: Thursday, November 14, 2002 5:52 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > > > > > > > The important thing is to keep in mind were your > vulnerabilities to > > > viruses lie. > > > > > > Most viruses, IME, come through either documents and/or emails. So > > > setting up a good system that protects your file servers > and email > > > servers from malicious code will go a long way in protecting your > > > network. You also want to think of implementing a system > > that protects > > > the end users, particularly something featuring the > > "pushing" of virus > > > definitions from a central location (that an admin manages) > > > rather than leave the onus of updating the virus defs to > end users. > > > > > > Also, please correct me if I'm wrong, but I've yet to see a > > virus that > > > directly targets AD, DHCP, DNS or other DNS servers. Does > > any know of > > > any? > > > > > > Luis Aguilera > > > IT Manager > > > BaseSix > > > > > > -----Original Message----- > > > From: Tim HInes [mailto:nupe009@;carolina.rr.com] > > > Sent: Thursday, November 14, 2002 4:26 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [ActiveDir] AD and Network Core Services & > > Anti-Virus > > > > > > > > > Although antivirus programs can cause problems I would > > advise that > > > you run it on your servers. The disasters that a virus can cause > > > outweigh the problems that a virus scanner may cause. It > > may save you > > > from having to rebuild your boxes. > > > > > > > > > Tim Hines, MCSA, MCSE (2000 & NT4) > > > MVP - Active Directory > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > From: Myrick, Todd (NIH/CIT) > <mailto:myrickt@;mail.nih.gov> > > > To: > > > '[EMAIL PROTECTED]' > > > Sent: Thursday, November 14, 2002 3:53 PM > > > Subject: [ActiveDir] AD and Network Core > > > Services & Anti-Virus > > > > > > > > > I have a quick question, Our operating > > > procedures for Core Network Service (AD DCs, WINS, DDNS, CA, > > > Exchange (Antigen), DHCP) servers has been not to run with > > > Anti-Virus protection on them. We feel that the potential for > > > scanner code to conflict with the network service is higher if we > > > do, and since we don't execute man applications from the server > > > unless they are scanned we don't feel we are at > > much risk. > > > > > > What I would like to know is, what does > > > everyone on this list feel an is a good strategy when it comes to > > > these types of services and anti-virus product? > > > > > > Thanks in Advance, > > > Todd > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > This e-mail is confidential. If you > > are not the intended recipient, you must not disclose or use > > the information contained in it. If you have received this > > mail in error, please tell us immediately by return e-mail > > and delete the document. > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > This e-mail is confidential. If you > are not the intended recipient, you must > not disclose or use the information contained in it. If you > have received this > mail in error, please tell us immediately by return e-mail > and delete the > document. > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
