Solved

Should I use anti-virus and anti-spyware software on my servers?

Posted on 2006-06-20
6
225 Views
Last Modified: 2010-04-18
Here is the scenario.  We have two servers behind a Juniper Networks firewall at a colocation site.  That's it.  No users at all behind the firewall (except for me at times running remote desktop).  We are running Windows Server 2003, IIS 6.0 and all of the latest MS security patches are always installed right away.

Server one is mainly a web server and server two is mainly a database server running SQL Server 2005.

I use remote desktop to manage the servers.  My partner and I use the VPN to work with the servers on a daily basis.  We have a drop box style FTP server.  Our data entry people use ASP.NET pages that interact with our database.  Our customers use our website and business intelligence software to access the data in our database indirectly.  The only web surfing that ever occurs is when I need to get updates for software on our servers.  We are not running a mail server.

So, I have two questions.

1)  Should I be running anti-virus software?
2)  Should I be running anti-spam software?

I'm not looking for a debate on which pieces of software are best here.  I am looking for real reasons as to why I should run either of the two items above since my preference is to not run them (my minimalist approach to keeping it simple).

Thanks,

Todd
0
Comment
Question by:Todd_Anderson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 13

Assisted Solution

by:hstiles
hstiles earned 125 total points
ID: 16943778
The biggest threat these two servers face is being compromised by a hacker and it's debatable how much antivirus or anti spyware would help you in this scenario.  Some antivirus software is able to detect and quarantine security risks, such as nc.exe or known keyloggers or exploit tools.  However, having antivirus sitting on a server is a performance hit, whichever way you look at it.

There are other applications out there that may be more appropriate  for your scenario, such as tripwire.  These alert you to any changes in the machine configuration.  Other applications, such as appsense, feature registry healing and blocking of untrusted code.  These are harder to configure though, so you may decide that simply installing Antivirus will provide a bit more protection.
0
 
LVL 19

Accepted Solution

by:
BLipman earned 125 total points
ID: 16947049
My stock answer is this: no for antispyware yes for AV.  Reasoning is such: you should not be browsing the Internet for 'fun stuff' on your servers and this is the biggest way to get infected w/ spyware (that and loading shareware, another server no-no).  Antivirus is an interesting question.  I load it on every server period, active scanning and all.  I would rather stop an infection and pay the overhead of the service.  I do load in several exclusions though; I will get to that in a bit.  Some 'experts' say that active AV scanning is just too much overhead and they will set up nightly full scans so that they catch infections after the fact.  
Exclusions are key IMO, here are my standard exclusions:

on all servers: exclude the AV folder itself
on a clustered sql server: Quorum drive, MSCS folder, SQL Binaries
on a file server: exclude database files if served (I host Access and SQL apps so I exclude .MDB, .MDE, and .LDB on my file servers)
on an exchange server: exchsvr folder (see MS KB823166)
on an exchange IIS server (for OWA): "%system root%\IIS Temp. Compressed Files" and "%system root%\system32\Inetsrv"

I know you didn't ask for this but for anyone who cares Trend followed by SAV Corp. are my favorite AV systems.  
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16947290
i would agree with a trend solution - i despise anything symantec - jsut two cents worth
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:Todd_Anderson
ID: 16952549
BLipman:  What exlusions would you use for SQL Server 2005 that is not clustered?

hstiles and BLipman:  That's just the kind of info that I needed.  Thanks for the help!

Todd
0
 
LVL 19

Expert Comment

by:BLipman
ID: 16953468
If it is a normal SQL box I exclude .MDF, .LDF, and .BAK; alternately you can just exclude the whole Microsoft SQL Server folder.  
0
 

Author Comment

by:Todd_Anderson
ID: 16953674
BLipman,

Easy enough.  Thanks!

Todd
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question