> -----Original Message----- > From: Granatella Adam J [mailto:Adam.Granatella@;Sentry.com] > Sent: 15 November 2002 14:15 > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > That wasn't the point. The point was that if there was a > virus like Code Red that was able to infect without a client > opening a file or downloading something, there will be > another virus like that again. It doesn't matter what > patches are out for the Code Red vulnerability now. > Something like it will come along and that will be that. > Arrogance does not a good policy make!
With all due respect that wasn't arrogance. And I apologise if I missed your point but I think you missed mine too. No matter how much your workstations are controlled and locked down you need to take some risks with them in order to allow your users to work. Servers, however, should be locked down to the max, are up 24x7 (so are easy to automatically/remotely install patches on out of hours), and you can very tightly control who has permission to do what on them. All of which mitigate against getting a virus actually executing (rather than sitting inert on a fileshare a user has access to) on the server. You are correct to say that it's a risk. Roger was very correct to say that these days one would be foolish not to protect them. But the risk is easy enough to reduce to a low level and manage, and all the cases of virus code actually being executed on a server that I have ever seen - and believe me, I've seen a lot - can be traced back to at least some degree of operator error. The point is we manage, reduce and contain these incidents because its our job. We don't worry about things "because if it happened once it could happen again" we make a professional assessment of the risks involved in each situation, balance it against the needs of the client/users and we take appropriate action. Robert Moir MSMVP IT Systems Engineer Luton Sixth Form College Ciderspace: An online 3D virtual reality environment for tramps. Ciderspace Cafe: A park Bench. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
