dwagner51
asked on
Workstations and Servers do not have AV
I was hired as IT Support manager for a 200 user company. I have been in the positions for 3 months. Shortly after coming on board I discovered that there is not an AV network wide solution in place. The only protection is found with a server based front end email server and web filtering on a proxy server. The front email server and web filters are installed on a Linux server (RH). All the PCs are XP machines and are harden manually but not through a GPO (CDroms and floppy drive are removed; USB ports are not disabled, however.) The PC network is managed with AD and there are UNIX Software servers to run the legacy program for this company. (Users are not given local admin rights) I am in heavy discussions with the VP over this. He thinks this is a "safe network" protected by adequate virus protection. He reasons that email, web, removable media and unauthorized installation software are the only places where viruses can happen and that this network is protected with the above strategy in place. The cost of getting a network wide solution is about $9400. A multiyear contract would reduce that yearly total. I have very definite ideas about this, but I want to know what network administrators in EE think. All comments are welcome.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As far as I understood from dwagner's description, there is already web and antivirus filtering from the main server...
Even then, since most malwares are assuming the user has admin rights, most common threats will even fail to install.
That said, if it were me, I would still install a free antivirus solution on all the computers of the network... while it can't compete with paid products both in terms of manageability and efficiency, it is still better than nothing...
Even then, since most malwares are assuming the user has admin rights, most common threats will even fail to install.
That said, if it were me, I would still install a free antivirus solution on all the computers of the network... while it can't compete with paid products both in terms of manageability and efficiency, it is still better than nothing...
> .. most common threats will even fail to install
disagreed
all common javascript, PDF, Flash (probably ActiveX too) worms and trojans work perfectly without any admin rights, they even might not be detected by AV 'cause they are 101% legal code (i.e. w3c-conform javascript ;-)
disagreed
all common javascript, PDF, Flash (probably ActiveX too) worms and trojans work perfectly without any admin rights, they even might not be detected by AV 'cause they are 101% legal code (i.e. w3c-conform javascript ;-)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> User education is probably required as well
full ACK, I'd do that first
full ACK, I'd do that first
However, it could still touch everything to which the user has access like deleting files from his shares, but to be honest, you don't see this kind of viruses that often.
If you are worried but if cost is an issue, you can install a free antivirus like this : http://free.grisoft.com/
but of course it isn't centrally manageable at such a cost... ;-)
However, it seems that most vectors are indeed controlled already (however, USB is still an issue and many widespread viruses are ran that way), but they say it is always a mistake to be too confident about your security...
If you don't use an antivirus you need to be sure about how well these machines are patched and patch them asap since workstation antivirus won't save you in case you open a specially crafted PDF file for example (for example using a 0-day flaw not yet patched), but hopefully the antivirus on the e-mail server should stop this...
The bottom line is that virus ran by non-admin users won't do much harm, but everything they have read/write access to can be compromised, so if you do not install antivirus, review your shares permissions, ACL, etc, very carefully and make absolutely sure that they can't elevate or get to know an an administrator password somehow.