[FX.php List] [OFF] Antivirus software on a Windows web server?

Leo R. Lundgren leo at finalresort.org
Thu Jun 2 13:48:11 MDT 2016 

Yeah, I was having bad feelings already ;)

I think that in general I would try to avoid putting AV on the server unless there's a reason for it. The less vectors on it the better, so in my book one would have to justify AV on it rather than the opposite (i.e. AV is not a default). But it totally depends on what it's going to do.

If the server is just an API endpoint for the web I would be more concerned about other web exploitations, such as those covered a lot by OWASP security guides. What type of API will it present, a REST endpoint over HTTP(S)?

Regards, Leo


2 jun 2016 kl. 21:42 skrev Joel Shapiro <info at jsfmp.com>:

> Thanks all for the replies.
> 
> It seems the mixed response I got on google is not unlike the one I got here ;)
> 
> FWIW: This will be exclusively a web server for FM CWP projects (API).  There will be no FM components (WPE, etc) on this machine.
> 
> Thanks Leo, I’ll pass along the info on EMET to their IT people (although googling about EMET vs Antivirus brings back a similar mixed bag :(  ).
> 
> I guess I was hoping I’d get back a chorus of responses here either like: “Yes, we use AV on all our web servers and wouldn’t do it any other way” or “No,we never use AV on our web servers (+ "we use EMET” or “we use nothing”).  I guess it just ain’t that simple, and I guess I shouldn’t be surprised ;)
> 
> Thanks again,
> -Joel
> 
> 
>> On Jun 1, 2016, at 12:43 AM, Leo R. Lundgren <leo at finalresort.org> wrote:
>> 
>> If the machine (in question) just runs a web service, and the application it serves (if it's even an application, might just be a static for all we know) is well written to there's good confidence it's not full of vulnerabilities, then perhaps it might not make as much sense to install a piece of insecure AV software running with the highest privileges possible on the system.
>> 
>> Taviso has shown that most common AV software have very serious vulnerabilities. So for that reason one should consider if running that software is needed, when there's things like EMET and other measures you can apply.
>> 
>> I'm not saying you never should, I'm just saying that it depends on what you are protecting from and what you need to protect. For example, a targeted attack might very well try to make use of the recent research on AV software security.
>> 
>> Regards, Leo
>> 
>> 1 jun 2016 kl. 07:11 skrev Malcolm Fitzgerald <malcolm at notyourhomework.net>:
>> 
>>> Why would you not? You'll lose a few clock cycles to forensic processes. In return you obtain a higher level of security and decrease the risk of malfeasance.
>>> 
>>> The flip side is that you ignore the risk. When an unwanted event occurs you'll have to show that real benefits were obtained during the period before the machine was compromised. That shouldn't be hard, they'll be obvious to everyone and would have been used to rationalise the decision to go without antivirus software in the first place. The appropriate questions at that point will be, was enough benefit obtained to justify the repair costs and the downtime incurred, and will you continue to support the policy of running the server in the same fashion?
>>> 
>>> good luck,
>>> 
>>> malcolm
>>> 
>>> 
>>> 
>>> On 1/06/2016 2:49 AM, Joel Shapiro wrote:
>>>> Hi all
>>>> 
>>>> I’ve got a client that’s just created a brand new Windows Server 2012 VM to act exclusively as a ‘vanilla' web server (no FileMaker components installed).
>>>> 
>>>> They’ve asked me if they should install antivirus software on it.  Googling returns a mixed response.  What do y’all think?
>>>> 
>>>> Thanks very much,
>>>> -Joel
>>>> 
>>>> 
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>> 
>>> 
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>> 
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
> 
> 
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

More information about the FX.php_List mailing list