Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Should I use anti-virus and anti-spyware software on my servers?

Posted on 2006-06-20
6
Medium Priority
?
234 Views
Last Modified: 2010-04-18
Here is the scenario.  We have two servers behind a Juniper Networks firewall at a colocation site.  That's it.  No users at all behind the firewall (except for me at times running remote desktop).  We are running Windows Server 2003, IIS 6.0 and all of the latest MS security patches are always installed right away.

Server one is mainly a web server and server two is mainly a database server running SQL Server 2005.

I use remote desktop to manage the servers.  My partner and I use the VPN to work with the servers on a daily basis.  We have a drop box style FTP server.  Our data entry people use ASP.NET pages that interact with our database.  Our customers use our website and business intelligence software to access the data in our database indirectly.  The only web surfing that ever occurs is when I need to get updates for software on our servers.  We are not running a mail server.

So, I have two questions.

1)  Should I be running anti-virus software?
2)  Should I be running anti-spam software?

I'm not looking for a debate on which pieces of software are best here.  I am looking for real reasons as to why I should run either of the two items above since my preference is to not run them (my minimalist approach to keeping it simple).

Thanks,

Todd
0
Comment
Question by:Todd_Anderson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 13

Assisted Solution

by:hstiles
hstiles earned 500 total points
ID: 16943778
The biggest threat these two servers face is being compromised by a hacker and it's debatable how much antivirus or anti spyware would help you in this scenario.  Some antivirus software is able to detect and quarantine security risks, such as nc.exe or known keyloggers or exploit tools.  However, having antivirus sitting on a server is a performance hit, whichever way you look at it.

There are other applications out there that may be more appropriate  for your scenario, such as tripwire.  These alert you to any changes in the machine configuration.  Other applications, such as appsense, feature registry healing and blocking of untrusted code.  These are harder to configure though, so you may decide that simply installing Antivirus will provide a bit more protection.
0
 
LVL 19

Accepted Solution

by:
BLipman earned 500 total points
ID: 16947049
My stock answer is this: no for antispyware yes for AV.  Reasoning is such: you should not be browsing the Internet for 'fun stuff' on your servers and this is the biggest way to get infected w/ spyware (that and loading shareware, another server no-no).  Antivirus is an interesting question.  I load it on every server period, active scanning and all.  I would rather stop an infection and pay the overhead of the service.  I do load in several exclusions though; I will get to that in a bit.  Some 'experts' say that active AV scanning is just too much overhead and they will set up nightly full scans so that they catch infections after the fact.  
Exclusions are key IMO, here are my standard exclusions:

on all servers: exclude the AV folder itself
on a clustered sql server: Quorum drive, MSCS folder, SQL Binaries
on a file server: exclude database files if served (I host Access and SQL apps so I exclude .MDB, .MDE, and .LDB on my file servers)
on an exchange server: exchsvr folder (see MS KB823166)
on an exchange IIS server (for OWA): "%system root%\IIS Temp. Compressed Files" and "%system root%\system32\Inetsrv"

I know you didn't ask for this but for anyone who cares Trend followed by SAV Corp. are my favorite AV systems.  
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16947290
i would agree with a trend solution - i despise anything symantec - jsut two cents worth
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:Todd_Anderson
ID: 16952549
BLipman:  What exlusions would you use for SQL Server 2005 that is not clustered?

hstiles and BLipman:  That's just the kind of info that I needed.  Thanks for the help!

Todd
0
 
LVL 19

Expert Comment

by:BLipman
ID: 16953468
If it is a normal SQL box I exclude .MDF, .LDF, and .BAK; alternately you can just exclude the whole Microsoft SQL Server folder.  
0
 

Author Comment

by:Todd_Anderson
ID: 16953674
BLipman,

Easy enough.  Thanks!

Todd
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question