Using/Not Using Anti-Virus on servers
All,
Recently I performed an IT audit on an organization and found the following:
There were two critical servers in the environment: one a CRM server (server1) and one being SBS 2003 (server2).
On the SBS 2003 there was Symantec Mail Security which is AV/Anti-Spam for the exchange server only (the AV of Mail Security only scans emails, nothing else).
The previous IT Company told me that AV was not installed because the only way to get viruses on devices (computers/servers) was browsing the internet.
Since nobody was supposed to browse the internet on the server(s) they would never get a virus.
Server1 had tcp port 3389 opened up to the world
·
This server was not updated with recent MS patches
Server2 had tcp ports: 80, 443, 25 opened up to the world
·
This server was not updated with recent MS patches
After I installed AV on both servers (server1, server2) I found multiple Trojans.
The previous IT Company then informed me that these are low risk Trojans.
At this time I want to reserve my thoughts, but wanted everyone else’s thoughts.
I am doing a write up white paper on this and would appreciate everyone’s input.
If you do agree with the previous IT Company’s statements please explain.
Thank you in advanceski3987
December 25th, 2011 10:01am
I haven't got AV installed on my servers either.
But - I do have a hardware (Watchguard) Firewall in place. All PCs on the LAN have Kaspersky 6 installed. The Exchange server has Kaspersky 8 for Exchange installed and on the terminal server we have Kaspersky installed.
The main servers do however have Windows defender installed and although it's not the most sopisticated Av program going, it does provide some defence. I also keep all my servers hotfixed up-to-date.
One reason for not having AV on the main servers is that any AV will be constantly scanning file changes etc and thus increasing the load on the server to the detriment to overall performance. Also, as nobody normally browses the web or reads emails on servers
the chances of viruses getting on them is incredibly low especially if all the weak spots on the network are being monitored.I.T. Manager International House London
Free Windows Admin Tool Kit Click here and download it now
December 25th, 2011 10:19am
Hi,
The following post discussed the similar issue, you can refer to:
AntiVirus - To have or not to have?
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/084cefe0-28eb-4219-865d-a843e0a3c7ae/
Best Regards,
Vincent Hu
December 25th, 2011 11:02am