Is it necessary to have anti-virus on a Windows 2008 file server?
September 7, 2012 3:51 PM   Subscribe

Is it necessary to have anti-virus on a Windows 2008 file server?

My IT guy says it's not necessary to have any antivirus on our file server. He says it takes too many resources and that viruses are incapable of executing from clients.

This doesn't sound safe to me. My approach would be to install antivirus and disable real-time scanning. I would set a schedule for scans.

What is the best approach to ensure that we are protected?

Details: We have Kaspersky Business Space Security (which includes a license for a special Kaspersky File Server Version)
posted by colecovizion to Technology (6 answers total) 1 user marked this as a favorite
Best answer: Sysadmin here, I manage around 1,000 servers, half of these run Windows, with very few exceptions all the Windows boxes run AV, we use MS Forefront and find it is pretty light on resources. It's just good IT practice.
posted by Cosine at 4:04 PM on September 7, 2012

Best answer: 21 year systems and security guy here. If I were to do a security audit on your company's systems, no AV on a piece of critical infrastructure would be almost certainly listed as a moderate-to-high risk deficiency, depending on any other mitigating controls.

So yes, you should most definitely have AV on your file server, it's just a no-brainer. Of course it consumes resources, but that just means that a good sysadmin should size the server to accommodate the additional resource hit. AV isn't a security panacea, but it's still a very necessary piece of defense in depth.
posted by deadmessenger at 4:14 PM on September 7, 2012

Best answer: We run a Netapp NAS cluster for file sharing. While the NAS itself is highly unlikely to be infected (it runs a propitiatory O/S), it can certainly store virii and share them out to ~4000 connected CIFS users.

We have 4 dedicated A/V servers which constantly scan the NAS on file access, along with end-point A/V on every user's XP desktop.
posted by Diag at 4:21 PM on September 7, 2012

Best answer: Yes. Absolutely.

Your IT guy has apparently never heard of zero-day remote exploits.

Someday (probably his last day on whatever job he has at that time), he will.
posted by pla at 4:44 PM on September 7, 2012 [1 favorite]

Response by poster: Wow, thanks for all the experienced answers! It looks like it is unanimous.
posted by colecovizion at 5:25 PM on September 7, 2012

Yep ... get this for a laugh ... I had a novel netware server wipe itself from a Dos boot sector virus on the boot partition ... (back in 1998) ... just because it is unlikely that the server will ever execute infected code doesn't mean that it can't somehow find its way on and cause havoc!
posted by jannw at 10:24 AM on September 8, 2012

« Older More car cigarette adapter problems   |   Civilian Review Committees for Federal Employee... Newer »
This thread is closed to new comments.