RE: Should webservers, eg. IIS 6 have anti--virus installed on them?

Harlan,

Throughout your posts, you insinuate that installing AV is used as a
safety blanket.  That sys admins will think they can be more lax on
security because AV will be the hero.  Are their people with that mind
set?  Yes, and it's a problem that needs to be fixed, but you can not
condemn the use of AV based on that.  That is a totally separate issue.
I don't think anyone here is condoning that behavior.  The theme here is
that we all try to secure our servers as best as we possibly can, but we
can admit we make mistakes, can overlook something, or can get bogged
down and sometimes not be able to a stay a step ahead of the next threat
(one week or less on vacation can do this to you).  So if there is no
detriment to install AV and it could save me if I any of the three
things listed above happens, why would I not take that insurance?  Yes,
if something happens you better learn from it and take better
precautions from then on, but at least there's no compromise to explain,
or clean up.

Also, if AV does save me from myself some day, don't think I'll be
gloating about, or feel proud.  Luck is nothing to be proud of. I'll be
kicking myself for letting it get through that far to begin with, but my
blood pressure will be a lot lower, as I figure out what happened and
mope on down the hall to explain it to management.



---------------------------------------------------------------------------
---------------------------------------------------------------------------