Solved

Should I use anti-virus and anti-spyware software on my servers?

Posted on 2006-06-20
6
220 Views
Last Modified: 2010-04-18
Here is the scenario.  We have two servers behind a Juniper Networks firewall at a colocation site.  That's it.  No users at all behind the firewall (except for me at times running remote desktop).  We are running Windows Server 2003, IIS 6.0 and all of the latest MS security patches are always installed right away.

Server one is mainly a web server and server two is mainly a database server running SQL Server 2005.

I use remote desktop to manage the servers.  My partner and I use the VPN to work with the servers on a daily basis.  We have a drop box style FTP server.  Our data entry people use ASP.NET pages that interact with our database.  Our customers use our website and business intelligence software to access the data in our database indirectly.  The only web surfing that ever occurs is when I need to get updates for software on our servers.  We are not running a mail server.

So, I have two questions.

1)  Should I be running anti-virus software?
2)  Should I be running anti-spam software?

I'm not looking for a debate on which pieces of software are best here.  I am looking for real reasons as to why I should run either of the two items above since my preference is to not run them (my minimalist approach to keeping it simple).

Thanks,

Todd
0
Comment
Question by:Todd_Anderson
6 Comments
 
LVL 13

Assisted Solution

by:hstiles
hstiles earned 125 total points
ID: 16943778
The biggest threat these two servers face is being compromised by a hacker and it's debatable how much antivirus or anti spyware would help you in this scenario.  Some antivirus software is able to detect and quarantine security risks, such as nc.exe or known keyloggers or exploit tools.  However, having antivirus sitting on a server is a performance hit, whichever way you look at it.

There are other applications out there that may be more appropriate  for your scenario, such as tripwire.  These alert you to any changes in the machine configuration.  Other applications, such as appsense, feature registry healing and blocking of untrusted code.  These are harder to configure though, so you may decide that simply installing Antivirus will provide a bit more protection.
0
 
LVL 19

Accepted Solution

by:
BLipman earned 125 total points
ID: 16947049
My stock answer is this: no for antispyware yes for AV.  Reasoning is such: you should not be browsing the Internet for 'fun stuff' on your servers and this is the biggest way to get infected w/ spyware (that and loading shareware, another server no-no).  Antivirus is an interesting question.  I load it on every server period, active scanning and all.  I would rather stop an infection and pay the overhead of the service.  I do load in several exclusions though; I will get to that in a bit.  Some 'experts' say that active AV scanning is just too much overhead and they will set up nightly full scans so that they catch infections after the fact.  
Exclusions are key IMO, here are my standard exclusions:

on all servers: exclude the AV folder itself
on a clustered sql server: Quorum drive, MSCS folder, SQL Binaries
on a file server: exclude database files if served (I host Access and SQL apps so I exclude .MDB, .MDE, and .LDB on my file servers)
on an exchange server: exchsvr folder (see MS KB823166)
on an exchange IIS server (for OWA): "%system root%\IIS Temp. Compressed Files" and "%system root%\system32\Inetsrv"

I know you didn't ask for this but for anyone who cares Trend followed by SAV Corp. are my favorite AV systems.  
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16947290
i would agree with a trend solution - i despise anything symantec - jsut two cents worth
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:Todd_Anderson
ID: 16952549
BLipman:  What exlusions would you use for SQL Server 2005 that is not clustered?

hstiles and BLipman:  That's just the kind of info that I needed.  Thanks for the help!

Todd
0
 
LVL 19

Expert Comment

by:BLipman
ID: 16953468
If it is a normal SQL box I exclude .MDF, .LDF, and .BAK; alternately you can just exclude the whole Microsoft SQL Server folder.  
0
 

Author Comment

by:Todd_Anderson
ID: 16953674
BLipman,

Easy enough.  Thanks!

Todd
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now