Question

Workstations and Servers do not have AV

Asked by: dwagner51

I was hired as IT Support manager for a 200 user company.  I have been in the positions for 3 months.  Shortly after coming on board I discovered that there is not an AV network wide solution in place.  The only protection is found with a server based front end email server and web filtering on a proxy server.  The front email server and web filters are installed on a Linux server (RH).  All the PCs are XP machines and are harden manually but not through a GPO (CDroms and floppy drive are removed; USB ports are not disabled, however.) The PC network is managed with AD and there are UNIX Software servers to run the legacy program for this company. (Users are not given local admin rights) I am in heavy discussions with the VP over this.  He thinks this is a "safe network" protected by adequate virus protection. He reasons that email, web, removable media and unauthorized installation software are the only places where viruses can happen and that this network is protected with the above strategy in place.  The cost of getting a network wide solution is about $9400.  A multiyear contract would reduce that yearly total.  I have very definite ideas about this, but I want to know what network administrators in EE think. All comments are welcome.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2007-10-16 at 14:55:36ID22897565
Topics

Networking Security Vulnerabilities

,

Anti-Virus

,

Microsoft Operating Systems

Participating Experts
3
Points
250
Comments
9

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. AV Solution
    I need a one stop AV solution, for Servers, mail server, workstations, laptops, etc. I need suggestions for an enterprise virus solution, that will work and protect my entire network. Is there such a product, I know I can buy product xyz for my server, and abc for my worksta...
  2. AV Program
    Which of the following is the toughest? and Why? 1- Norton AV 2- NOD32 3- Mcafee thanks.
  3. AV scanning options
    Background: I have a small IT business and 100% of my customers are home users, most of them retired...in most cases computer expertise is very limited... About 80-90% of my customers issues are virus/spyware/crapware related... I work on anywhere from 4 to 10 computers a we...
  4. Scheduling AV scan
    Norton corporate AV. Running in client/unmanaged. I want to schedule scans to take place while_a_regular_user_is_logged_in. Is this possible? 2. While logged in as a regular user, I cannot do a scan. It returns an error. However, when I login as administrator, I can do sca...
  5. Rolling out McAfee AV Enterprise V8.5.0i
    I'm looking for a way to manage McAfee AV Enterprise V8.5.0i centrally. I'd like to roll out to all workstations on a domain and automate the process so that when a new workstation is added, McAfee is installed and configured automatically. I know the configuration element i...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: VorenusPosted on 2007-10-16 at 15:42:32ID: 20089629

Well, if the users have no admin rights and have no way to get elevated access, it seriously limits the scope of damage an antivirus could do.
However, it could still touch everything to which the user has access like deleting files from his shares, but to be honest, you don't see this kind of viruses that often.

If you are worried but if cost is an issue, you can install a free antivirus like this : http://free.grisoft.com/
but of course it isn't centrally manageable at such a cost... ;-)

However, it seems that most vectors are indeed controlled already (however, USB is still an issue and many widespread viruses are ran that way), but they say it is always a mistake to be too confident about your security...

If you don't use an antivirus you need to be sure about how well these machines are patched and patch them asap since workstation antivirus won't save you in case you open a specially crafted PDF file for example (for example using a 0-day flaw not yet patched), but hopefully the antivirus on the e-mail server should stop this...

The bottom line is that virus ran by non-admin users won't do much harm, but everything they have read/write access to can be compromised, so if you do not install antivirus, review your shares permissions, ACL, etc, very carefully and make absolutely sure that they can't elevate or get to know an an administrator password somehow.

 

by: yasserdPosted on 2007-10-17 at 04:12:46ID: 20092193

Hi,

This level of protection is not enough.

Imagin an infected USB-Drive is plugged in a PC. This would infect the whole network. Moreover, if new virus like Blackmal hit the network and disabled the front antivirus this will make your network at a major risk.

The only way ,I think , that the front antivirus is enough is to disable any way of getting files (USB, CD-ROM, disabling non-business PC network connections,...etc).

Regards,

 

by: ahoffmannPosted on 2007-10-17 at 09:33:50ID: 20094900

> However, it seems that most vectors are indeed controlled already ..
hoever, most malware is injected through websites nowerdays, so you better inhibit any access to websites unless you have AV (or replaced XP by something better:)

 

by: VorenusPosted on 2007-10-17 at 14:11:02ID: 20097046

As far as I understood from dwagner's description, there is already web and antivirus filtering from the main server...
Even then, since most malwares are assuming the user has admin rights, most common threats will even fail to install.

That said, if it were me, I would still install a free antivirus solution on all the computers of the network... while it can't compete with paid products both in terms of manageability and efficiency, it is still better than nothing...

 

by: ahoffmannPosted on 2007-10-17 at 22:25:03ID: 20098863

> .. most common threats will even fail to install
disagreed
all common javascript, PDF, Flash (probably ActiveX too) worms and trojans work perfectly without any admin rights, they even might not be detected by AV 'cause they are 101% legal code (i.e. w3c-conform javascript ;-)

 

by: VorenusPosted on 2007-10-18 at 00:11:55ID: 20099156

of course these things will run... (although I don't think an user can install an ActiveX without having admin rights), but these can not do much damage to the computer because all the code require admin access.
Most of these install into windows or program files directories, which require admin rights and they would be hard pressed to do that if they run from a non-admin context.

That said, the landscape may well change in the next months/years since Vista runs accounts in a non-admin context by default and we know that malware writers will not give up as easily and will find ways to do their evil deeds even when ran on a non-admin context.

However, as I said above, a virus can potentially access everything to which the user has read/write on... like sending files to an unknown source (information/identity theft, which can be very bad for the company) or deleting the user files...

Of course, there is also a risk of priviledge escalation through 0-days exploits : for example, during the WMF breakout, our antivirus (NOD32) protected us very well against this exploit when there was still no official patch from MS available.
However, I have already seen viruses passing through antivirus, even generally ones like Trend.
Ironically, these viruses would have done less harm on a computer running in non-admin mode and without antivirus than it did on this computer with antivirus but where the users were local admins.

That said, I agree that it is a bit living on the edge, and I would by no mean accept this in most environments where users still run as admin on 2K/XP systems but according to the specs, it seems to be a rather secure network already (USB being still enabled notwithstanding and which has to be changed) and if there is indeed a web virus filtering on the servers' end.

That's why I recommand installing at least a free antivirus. I would also recommand installing Spybot Search and Destroy with its excellent immunization mode that takes no user ressources at all and proactively protects the computer.

Disable Autorun on all drives in addition to removing any removable drive  : it is how these USB viruses run without interaction.

Enforce strong password policy on AD and make sure the admin passwords are not known from any user.

User education is probably required as well : no surfing to dangerous sites, no opening e-mails from strangers or even strange e-mails from known sources (ie. e-mail spoofing) and don't receive/participate to jokes e-mails.

All these things can be done for free and will improve the current security.
These malware software are not centrally manageable though but you get what you pay for (ie. nothing) and you can always administrate them all from scripts from then on.

Make also sure the backups are run everyday in a safe non-networked location.

I think that for dwagner's company, it is more a cost issue than anything else : most companies are not really keen on spending for IT... which is a shame, but most small/medium businesses need to invest their money on something that makes return on investment : I can understand dwagner not willing to enforce this on the CEO or anything else only after two months being there...

 

by: ahoffmannPosted on 2007-10-18 at 01:46:20ID: 20099436

> User education is probably required as well
full ACK, I'd do that first

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...