Re: Why NOT to disable Real Time Antivirus on Servers

[Kenton Smith <listsks () yahoo ca>]

Aside from the standard defense-in-depth arguments
what about worms? I don't have any case studies and
since you're arguing with an engineer you'll need
plenty, however...
His argument is only holding true if you consider
email-borne viruses. If there is a self-propagating
worm, it is going to hit anything that will let it.
Now I know that anti-virus isn't the best way to
combat worms; it can still save your bacon.
Particularly on a server that has to have some common
open ports (25,110, etc). Plus what if someone puts an
outside machine on your internal network? If that
machine is infected with a worm it's going to go
straight for your unprotected servers.

Another argument for an Exchange server is that you
don't have RT scanning your Exchange folders anyway.
At least Symantec tells you not to do this, I'm sure
that other vendors do as well. If you do that, then
all your RT anti-virus is doing is watching for other
file changes on your server and there shouldn't be
very many of those.

Unless your servers are severely underpowered, why
would you not run it just for the added safety?

Kenton

--- george.peek () gmx net wrote:

> Greetings,
>
> An Engineer and I are having an argument about
> keeping Real Time Antivirus disabled on servers.
>
> His point is keeping Real Time Antivirus Enabled on
> servers such as the Exchange Server takes a huge
> performance hit on the server.
>
> My argument is that keeping real time antivirus
> software disabled defeats the purpose of PREVENTING
> a server from being infected in the first place.
> Once it is infected, it is all too late already. The
> antivirus software is enabled on the workstations.
>
> He argues that since all of the workstations have
> the antivirus enabled, then there is no way for the
> virus to get in.
>
> Mine argument that a virus can still get in through
> other means. I need examples and case studies to
> refer to.
>
> I would like to find different case studies or
> scenarios where the real time antivirus was disabled
> on the servers, enabled on the PCs, and the company
> still got infected. Also, would like to find
> solutions to enabling real time scan and stream
> lining it so it does not affect the Exchange Server
> as bad.
>
> Would someone point me in the right direction or
> post potential case studies.
>
> Please post or email me.
>
> George.peek () gmx net
>
> Thank You



        

        
                
__________________________________________________________ 
Find your next car at http://autos.yahoo.ca