|
I've
read opinions from several Microsoft reps in the Microsoft partners newsgroups,
and just about every one has said that it's a good idea to have AV on everything
possible.
The
problem as I see it is that AV software is only as good as its definitionf
iles. The definition files are only as good as the people reporting the
viruses. That means that for a definition file to know about a virus, the
virus must already be in the wild. So imagine the "next" virus that comes
out before the definition files do and it infects your desktops, which
in turn infect your servers. Now, as soon as the definition files are
updated on the desktops they are "fixed", but the servers are still infected,
with no way of repairing themselves.
Personally I've never had a problem with AV software on a serverc
onflicting with anything. That includes terminal servers and CitrixM
etaframe. Others I know have had problems, but for me, there's no way I
would put a server out there without any AV protection...
Also,
take a look at this link:
That's
technet's quick tips on how to secure a Win2k server...
Adam
First I want to thank all of you for responding to my
initial query and say that it has been very helpful. Now I want to offer
MS perspective on the matter and see how it fair's with you all for one final
review.
I
spoke to a MS Premier Rapid Response Engineer and a Technical account
manager. The account manager says that MS position on infrastructure
boxes is not to run AV on them (File servers do have virus scanning, and
E-mail servers have scanning dedicated to the data stores and IMS), but to
block at the firewalls and the desktops. The PRRE says that he
recommends that if you implement Virus scanning on infrastructure boxes, to
block scanning of the directories that hold the associated files for the
services, and the SYSVOl.
Many
of you already concluded this through the discussion. So it appears MS
believes that if you can block at the entry points, you are better off leaving
Infrastructure boxes clean and optimized. If you can't then take
necessary procedures to protect the infrastructure.
Does
anyone have anything different to add?
Todd
Allan,
How would upgrading to XP help you "push virus
updates to the desktop remotely"?
Peter
----- Original Message -----
Sent: Thursday, November 14, 2002
11:26 PM
Subject: RE: [ActiveDir] AD and
Network Core Services & Anti-Virus
We run McAfee on everything.....Netshield on every server,
Virusscan on every workstation and Groupshield on the Exchange 5.5
Servers.
We have had zero performance issues and 100% Melissa/Nimda/Code
Red/Klez protection.
The only time we have virus issues is when some putz (excuse me)
some USER goes to their Internet e-mail (Yahoo, Hotmail, etc) and checks
their mail and brings in a virus with it.
The other issue is when the same USER insists they have to have
every screensaver/background/dancing bear/flying flag all running at the
same time and one or more of them interferes with McAfee. When we run into
this we remove the offending programs at will. These computers are
for work, not play.
Our next big push will be to get all our workstations up to XP so
we can lock out most of this nonsense and push virus updates to the
desktop remotely after hours. Never have out of date DAT files
again.
Allan Garrett
A small SOCAL college
I have a quick question, Our operating
procedures for Core Network Service (AD DCs, WINS, DDNS, CA, Exchange
(Antigen), DHCP) servers has been not to run with Anti-Virus protection
on them. We feel that the potential for scanner code to conflict with
the network service is higher if we do, and since we don't execute man
applications from the server unless they are scanned we don't feel we
are at much risk.
What I would like to know is, what does
everyone on this list feel an is a good strategy when it comes to these
types of services and anti-virus product?
Thanks in Advance,
Todd
This e-mail is confidential. If you are not the intended recipient, you must
not disclose or use the information contained in it. If you have received this
mail in error, please tell us immediately by return e-mail and delete the
document.
|
