For fear of this breaking down into a semantic conversation I personally
don't view CodeRed/Nimda as viruses. They may have spread like the plague
but they used exploits to puruse their agenda, not user interaction. Both
of which were preventable with proactive measures, neither of which were
even recognized by most virus scanners until long after the fact. Virus
scanners are:
a) Only as good as their most recent copy of their virus def file
b) Only as good as their def file's up-to-dateness itself in regard
to what viruses exist.
Everything else I mentioned in my previous email is proactive, virus
scanners
are reactive. Being reactive should be your absolute last resort.
fr
-----Original Message-----
From: Jim Harrison (ISA) [mailto:jmharr@microsoft.com]
Sent: Monday, July 18, 2005 3:35 PM
To: Floyd Russell; focus-ms@securityfocus.com
Subject: RE: Should webservers, eg. IIS 6 have anti--virus installed on
them?
Perhaps the statement "viruses are only spread through user action" is
only true in recent times, since Code Red and Nimda both spread to
clients and servers alike via IIS servers, but it doesn't preclude
future mechanisms of a similar sort.
If you have (or can get) the licenses, add AV to your servers. Al lAV
vendors allow you to control what actions they take and in what areas so
as to avoid conflicting with the server's normal operation.
Jim Harrison
Security Business Unit (ISA SE)
"When you come to a fork in the road, take it."
--Yogi Berra
-----Original Message-----
From: Floyd Russell [mailto:floyd@floydsoft.com]
Sent: Monday, July 18, 2005 12:13 PM
To: focus-ms@securityfocus.com
Subject: RE: Should webservers, eg. IIS 6 have anti--virus installed on
them?
I've held a contentious view on this in the past. Traditionally
speaking,
viruses are only spread through user action, (Attachment, execution of
untrusted file, etc). A webserver should never be used for random
internet
browsing, checking email, running untrusted software, etc. Also, you
have to
consider the performance impact. If this server is running an intensive
site
can you afford the CPU overhead of an active anti-virus scanner? Is it
going
to lock files that need to be written to by the site?
If the machine is just a webserver then patch, firewall, use as
well-designed as possible code, and limit access & lock down as much as
possible. It seems to be that these five things would be enough to
prevent
the viruses from taking control of your machine.
Remember, this is just viruses. Exploits are a completely different
matter.
fr
-----Original Message-----
From: Shyaam [mailto:shyaam@gmail.com]
Sent: Monday, July 18, 2005 10:20 AM
To: ssgill@gilltechnologies.com
Cc: focus-ms@securityfocus.com
Subject: Re: Should webservers, eg. IIS 6 have anti--virus installed on
them?
According to my level of knowledge(which is very minimal, in this
especially), I would say that a web server should be patched well
first. the anti-virus is a secondary issue. Ofcourse, you need an
antivirus too, but there should always be good patches implemented
which checks for the latest signatures.
--Shyaam
On 7/17/05, Sarbjit Singh Gill <ssgill@gilltechnologies.com> wrote:
Greetings
Should IIS have anti-virus installed on them. I know I would do it for
a
fileserver but for IIS, I rather lock it down.
Thanks.
/Gill
------------------------------------------------------------------------
--
-
------------------------------------------------------------------------
--
-
--
Thank you in advance for your time and consideration.
Yours Sincerely,
R.S.Shyaam Sundhar
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
