Solved

NO AV on windows virtual servers

Posted on 2014-10-16
5
133 Views
Last Modified: 2014-10-31
Hi, I am trying to make a good argument and document it as to why I don't want to run antivirus on my virtual instances of server 2008 and 2012. Does anyone have a good basis? Please do not respond if your goal is just to convince me to run it as that is not the purpose of this exercise.

Thanks
Dave
0
Comment
Question by:tkthelpdesk
5 Comments
 
LVL 11

Accepted Solution

by:
epichero22 earned 250 total points
Comment Utility
I would say that you don't use the computers for email or web browsing, you've set the proper security policies with regards to web access, programmed the firewall, locked the computers down with security policies, there already is an anti-virus running on the host machine and it scans your virtual drives, you're creating regular images of the virtual machines, and, most importantly, you know what you're doing and have the common sense to avoid the likes of viruses and malware.
0
 
LVL 24

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 250 total points
Comment Utility
As expressed by Epichero22, I agree with him but I would go further and suggest you install MS EMET (Enhanced Mitigation Experience Toolkit).  Below is an explanation of what EMET is from Microsoft:

The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform.
0
 
LVL 5

Expert Comment

by:Sean Jackson
Comment Utility
The one additional thing I'd suggest is to have a white-listing service running on your servers, and then I'd say you're as secure as you could be, and adding AV wouldn't improve your security posture at all.

When 'they' come back and say, "but you NEED AntiVirus!"  Be polite, but remind them that McAfee himself said AV is dead, and Symantec said they need to put their focus on products that make a better difference.  AV relies on signatures of the software, and hackers have become smarter than that, and they obfuscate their software by changing the signature. Boom. AV is dead.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
AV relies on signatures of the software, and hackers have become smarter than that, and they obfuscate their software by changing the signature

EMET is helpful for mitigating against this. I have EMET running, and it was suggested above here. But it has its limits as well and is really a zero day stand in waiting for security patches to be readied and updated.

Always remember:  People who get viruses on their computers are NOT hapless victims. They invite viruses in by clicking on links purporting to help them. So if you are very sure about your own level of common sense, keep Windows updated, and use EMET (understanding its limitations), you are probably OK.
0
 
LVL 9

Expert Comment

by:nattygreg
Comment Utility
I have never run AV on my servers, for the simple fact that my servers though can be on the internet, there was no need to go on the internet from the server itself. They have always sat behind a firewall serving up goodies.
I support you 100% no AV on server.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now