?
Solved

NO AV on windows virtual servers

Posted on 2014-10-16
5
Medium Priority
?
147 Views
Last Modified: 2014-10-31
Hi, I am trying to make a good argument and document it as to why I don't want to run antivirus on my virtual instances of server 2008 and 2012. Does anyone have a good basis? Please do not respond if your goal is just to convince me to run it as that is not the purpose of this exercise.

Thanks
Dave
0
Comment
Question by:tkthelpdesk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 11

Accepted Solution

by:
epichero22 earned 1000 total points
ID: 40385525
I would say that you don't use the computers for email or web browsing, you've set the proper security policies with regards to web access, programmed the firewall, locked the computers down with security policies, there already is an anti-virus running on the host machine and it scans your virtual drives, you're creating regular images of the virtual machines, and, most importantly, you know what you're doing and have the common sense to avoid the likes of viruses and malware.
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 1000 total points
ID: 40385571
As expressed by Epichero22, I agree with him but I would go further and suggest you install MS EMET (Enhanced Mitigation Experience Toolkit).  Below is an explanation of what EMET is from Microsoft:

The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform.
0
 
LVL 5

Expert Comment

by:Sean Jackson
ID: 40385575
The one additional thing I'd suggest is to have a white-listing service running on your servers, and then I'd say you're as secure as you could be, and adding AV wouldn't improve your security posture at all.

When 'they' come back and say, "but you NEED AntiVirus!"  Be polite, but remind them that McAfee himself said AV is dead, and Symantec said they need to put their focus on products that make a better difference.  AV relies on signatures of the software, and hackers have become smarter than that, and they obfuscate their software by changing the signature. Boom. AV is dead.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40385655
AV relies on signatures of the software, and hackers have become smarter than that, and they obfuscate their software by changing the signature

EMET is helpful for mitigating against this. I have EMET running, and it was suggested above here. But it has its limits as well and is really a zero day stand in waiting for security patches to be readied and updated.

Always remember:  People who get viruses on their computers are NOT hapless victims. They invite viruses in by clicking on links purporting to help them. So if you are very sure about your own level of common sense, keep Windows updated, and use EMET (understanding its limitations), you are probably OK.
0
 
LVL 14

Expert Comment

by:Natty Greg
ID: 40385979
I have never run AV on my servers, for the simple fact that my servers though can be on the internet, there was no need to go on the internet from the server itself. They have always sat behind a firewall serving up goodies.
I support you 100% no AV on server.
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question