One of the challenges is that I've been in several environments with a significant number of developers. For some reason, every developer seem to think that
1) Development machines don't need patches or AV 2) They need to run server versions of all software (why? Who knows. Most of the apps they develop don't require server version. They can't answer why, they just say they need to) 3) I can't manage those development systems, so I have to assume that they WILL be infected. It's just a matter of when. All my production servers (if I ever work again that is) are protected with AV. ----- Original Message ----- From: "Robert Moir" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 15, 2002 6:03 AM Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > Given that the patches that stopped the flaws code red relied on were > about a year old when code red was released, its quite possible that > even a vaguely competent admin wouldn't see it on their servers. > > Robert Moir MSMVP > IT Systems Engineer > Luton Sixth Form College > Ciderspace: An online 3D virtual reality environment for tramps. > Ciderspace Cafe: A park Bench. > > > -----Original Message----- > > From: Granatella Adam J [mailto:[EMAIL PROTECTED]] > > Sent: 15 November 2002 13:30 > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > > > > Two words: Code Red. > > > > -----Original Message----- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] > > Sent: Friday, November 15, 2002 7:13 AM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > > > > Every virus attack I've seen enters at the client machine > > level - regardless of how it enters the network, it infects a > > client machine. Its rare to have every client machine 100% up > > to date on AV signatures, etc, and because of that, they're > > always going to be the entry point. > > > > With that in mind, you need to take steps to protect every > > server, regardless of function. To do otherwise is, in this > > day and age, irresponsible. > > > > ------------------------------------------------------ > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -----Original Message----- > > > From: Luis Aguilera [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, November 14, 2002 5:52 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > > > > > > > The important thing is to keep in mind were your vulnerabilities to > > > viruses lie. > > > > > > Most viruses, IME, come through either documents and/or emails. So > > > setting up a good system that protects your file servers and email > > > servers from malicious code will go a long way in protecting your > > > network. You also want to think of implementing a system > > that protects > > > the end users, particularly something featuring the > > "pushing" of virus > > > definitions from a central location (that an admin manages) > > > rather than leave the onus of updating the virus defs to end users. > > > > > > Also, please correct me if I'm wrong, but I've yet to see a > > virus that > > > directly targets AD, DHCP, DNS or other DNS servers. Does > > any know of > > > any? > > > > > > Luis Aguilera > > > IT Manager > > > BaseSix > > > > > > -----Original Message----- > > > From: Tim HInes [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, November 14, 2002 4:26 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [ActiveDir] AD and Network Core Services & > > Anti-Virus > > > > > > > > > Although antivirus programs can cause problems I would > > advise that > > > you run it on your servers. The disasters that a virus can cause > > > outweigh the problems that a virus scanner may cause. It > > may save you > > > from having to rebuild your boxes. > > > > > > > > > Tim Hines, MCSA, MCSE (2000 & NT4) > > > MVP - Active Directory > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > From: Myrick, Todd (NIH/CIT) > > > <mailto:[EMAIL PROTECTED]> > > > To: > > > '[EMAIL PROTECTED]' > > > Sent: Thursday, November 14, 2002 3:53 PM > > > Subject: [ActiveDir] AD and Network Core > > > Services & Anti-Virus > > > > > > > > > I have a quick question, Our operating > > > procedures for Core Network Service (AD DCs, WINS, DDNS, CA, > > > Exchange (Antigen), DHCP) servers has been not to run with > > > Anti-Virus protection on them. We feel that the potential for > > > scanner code to conflict with the network service is higher > > > if we do, and since we don't execute man applications from > > > the server unless they are scanned we don't feel we are at > > much risk. > > > > > > What I would like to know is, what does > > > everyone on this list feel an is a good strategy when it > > > comes to these types of services and anti-virus product? > > > > > > Thanks in Advance, > > > Todd > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > This e-mail is confidential. If you > > are not the intended recipient, you must not disclose or use > > the information contained in it. If you have received this > > mail in error, please tell us immediately by return e-mail > > and delete the document. > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
