Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Anti virus installations on Windows servers
From: Adam Chesnutt <icetre () thearistocrats org>
Date: Wed, 29 Apr 2009 12:49:37 -0700

T Biehn wrote:
VK
What do you suggest to use on a server that must accept uploads of
binaries from users?
Should these binaries be scanned by an anti-virus? Can we trust that
end users have competent Anti-Virus?
We aren't worried about the server being susceptible to viruses, we're
concerned about the users who could fall anywhere in proficiency
range. This scenario is equally applicable across any OS.
Because of the relative infancy of non-windows-based anti-virus
software would it be advisable to host a windows virtual machine that
shares a 'virtual disk' that is monitored by a robust a/v software to
use to host the binaries? Which antivirus software would you
recommend?


I think he's trying to say, that if the system is designed well enough, 
the users shouldn't be able to do any lasting damage to the system.

This is because the users are segregated from the system functions.

Many OSes are like this; for example Unix and Linux, even MacOS.

The reason Windows requires antivirus, is because it's exceedingly easy 
for a userland program to damage the system without the troublesome 
bother of having to escalate privs. Seeing as the user is already more 
or less Admin anyways (even if they're not there's still lots of damage 
you can do)

So the point still is: If the system is well designed, you don't need it 
in the first place. You've fixed the design problem that allowed the 
damage, rather than worrying about what the damage is or who caused it.

Yes you should call the cops if there's a robber in your home, but it 
you didn't fix the window they broke the first time they came in, the 
police aren't going to be real understanding to your plight the second 
time.

Windows in general is a big broken window; allowing access to the entire 
systems resources. There's a big neon sign and valet parking next to 
this window. It's been this way for years and MS (and worse yet, users) 
have done nothing to fix it.

Yes that's correct, I'm also blaming the users. How many vista upgrade 
stories did you hear about the priv escalation notification and users 
whining about it. How many turned it off. That's right, pretty much 
everyone except Me-maw and Pe-pop.

So the point, albeit snarky, is very valid. Honestly choosing a better 
operating system is a more efficient solution than the cat and mouse 
game that is antivirus.

Adam


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault