Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

NO AV on windows virtual servers

Posted on 2014-10-16
5
Medium Priority
?
148 Views
Last Modified: 2014-10-31
Hi, I am trying to make a good argument and document it as to why I don't want to run antivirus on my virtual instances of server 2008 and 2012. Does anyone have a good basis? Please do not respond if your goal is just to convince me to run it as that is not the purpose of this exercise.

Thanks
Dave
0
Comment
Question by:tkthelpdesk
5 Comments
 
LVL 11

Accepted Solution

by:
epichero22 earned 1000 total points
ID: 40385525
I would say that you don't use the computers for email or web browsing, you've set the proper security policies with regards to web access, programmed the firewall, locked the computers down with security policies, there already is an anti-virus running on the host machine and it scans your virtual drives, you're creating regular images of the virtual machines, and, most importantly, you know what you're doing and have the common sense to avoid the likes of viruses and malware.
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 1000 total points
ID: 40385571
As expressed by Epichero22, I agree with him but I would go further and suggest you install MS EMET (Enhanced Mitigation Experience Toolkit).  Below is an explanation of what EMET is from Microsoft:

The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform.
0
 
LVL 5

Expert Comment

by:Sean Jackson
ID: 40385575
The one additional thing I'd suggest is to have a white-listing service running on your servers, and then I'd say you're as secure as you could be, and adding AV wouldn't improve your security posture at all.

When 'they' come back and say, "but you NEED AntiVirus!"  Be polite, but remind them that McAfee himself said AV is dead, and Symantec said they need to put their focus on products that make a better difference.  AV relies on signatures of the software, and hackers have become smarter than that, and they obfuscate their software by changing the signature. Boom. AV is dead.
0
 
LVL 100

Expert Comment

by:John Hurst
ID: 40385655
AV relies on signatures of the software, and hackers have become smarter than that, and they obfuscate their software by changing the signature

EMET is helpful for mitigating against this. I have EMET running, and it was suggested above here. But it has its limits as well and is really a zero day stand in waiting for security patches to be readied and updated.

Always remember:  People who get viruses on their computers are NOT hapless victims. They invite viruses in by clicking on links purporting to help them. So if you are very sure about your own level of common sense, keep Windows updated, and use EMET (understanding its limitations), you are probably OK.
0
 
LVL 14

Expert Comment

by:Natty Greg
ID: 40385979
I have never run AV on my servers, for the simple fact that my servers though can be on the internet, there was no need to go on the internet from the server itself. They have always sat behind a firewall serving up goodies.
I support you 100% no AV on server.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question