Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Should I use anti-virus and anti-spyware software on my servers?

Posted on 2006-06-20
6
Medium Priority
?
237 Views
Last Modified: 2010-04-18
Here is the scenario.  We have two servers behind a Juniper Networks firewall at a colocation site.  That's it.  No users at all behind the firewall (except for me at times running remote desktop).  We are running Windows Server 2003, IIS 6.0 and all of the latest MS security patches are always installed right away.

Server one is mainly a web server and server two is mainly a database server running SQL Server 2005.

I use remote desktop to manage the servers.  My partner and I use the VPN to work with the servers on a daily basis.  We have a drop box style FTP server.  Our data entry people use ASP.NET pages that interact with our database.  Our customers use our website and business intelligence software to access the data in our database indirectly.  The only web surfing that ever occurs is when I need to get updates for software on our servers.  We are not running a mail server.

So, I have two questions.

1)  Should I be running anti-virus software?
2)  Should I be running anti-spam software?

I'm not looking for a debate on which pieces of software are best here.  I am looking for real reasons as to why I should run either of the two items above since my preference is to not run them (my minimalist approach to keeping it simple).

Thanks,

Todd
0
Comment
Question by:Todd_Anderson
6 Comments
 
LVL 13

Assisted Solution

by:hstiles
hstiles earned 500 total points
ID: 16943778
The biggest threat these two servers face is being compromised by a hacker and it's debatable how much antivirus or anti spyware would help you in this scenario.  Some antivirus software is able to detect and quarantine security risks, such as nc.exe or known keyloggers or exploit tools.  However, having antivirus sitting on a server is a performance hit, whichever way you look at it.

There are other applications out there that may be more appropriate  for your scenario, such as tripwire.  These alert you to any changes in the machine configuration.  Other applications, such as appsense, feature registry healing and blocking of untrusted code.  These are harder to configure though, so you may decide that simply installing Antivirus will provide a bit more protection.
0
 
LVL 19

Accepted Solution

by:
BLipman earned 500 total points
ID: 16947049
My stock answer is this: no for antispyware yes for AV.  Reasoning is such: you should not be browsing the Internet for 'fun stuff' on your servers and this is the biggest way to get infected w/ spyware (that and loading shareware, another server no-no).  Antivirus is an interesting question.  I load it on every server period, active scanning and all.  I would rather stop an infection and pay the overhead of the service.  I do load in several exclusions though; I will get to that in a bit.  Some 'experts' say that active AV scanning is just too much overhead and they will set up nightly full scans so that they catch infections after the fact.  
Exclusions are key IMO, here are my standard exclusions:

on all servers: exclude the AV folder itself
on a clustered sql server: Quorum drive, MSCS folder, SQL Binaries
on a file server: exclude database files if served (I host Access and SQL apps so I exclude .MDB, .MDE, and .LDB on my file servers)
on an exchange server: exchsvr folder (see MS KB823166)
on an exchange IIS server (for OWA): "%system root%\IIS Temp. Compressed Files" and "%system root%\system32\Inetsrv"

I know you didn't ask for this but for anyone who cares Trend followed by SAV Corp. are my favorite AV systems.  
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16947290
i would agree with a trend solution - i despise anything symantec - jsut two cents worth
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:Todd_Anderson
ID: 16952549
BLipman:  What exlusions would you use for SQL Server 2005 that is not clustered?

hstiles and BLipman:  That's just the kind of info that I needed.  Thanks for the help!

Todd
0
 
LVL 19

Expert Comment

by:BLipman
ID: 16953468
If it is a normal SQL box I exclude .MDF, .LDF, and .BAK; alternately you can just exclude the whole Microsoft SQL Server folder.  
0
 

Author Comment

by:Todd_Anderson
ID: 16953674
BLipman,

Easy enough.  Thanks!

Todd
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question