Wednesday, April 9, 2008

Server AV? Maybe you do need it...

The Register's report on AUSCert's advisory regarding virus laden thumbdrives sent out by HP for some Proliant servers points out a flaw in a statement I hear quite often. Many system administrators tell me "We don't need AV on our server, because we don't browse the web or do other risky things".

Most of the same administrators would use the provided thumbdrive to install drivers or to transfer files, and while the Fakerecy and SillyFDC viruses aren't a major concern, the habits that lead to one virus making it onto a server could result in something much worse in the future.

Do servers need antivirus software, and is the overhead worth it?

In many cases, server antivirus is simply another layer of protection. Antivirus, particularly AV with centralized reporting can help detect threats that go beyond viruses. Many rootkits include tools that AV detects, meaning that an alert sysadmin can catch a major compromise through a simple AV detection.

The overhead on a server can be relatively significant, particularly if the antivirus software isn't configured to match the server's purpose and usage model. On a heavily utilized server - such as one doing high performance computing with high processor and disk loads, AV may create too much of a resource drain. In those cases, alternate controls may be appropriate.

In the meantime, remember to scan your thumbdrives, LCD photo frames, and any other device you plug into your PC for viruses - you never know what surprises you may find.

No comments: