What antivirus to use SBS 2008ST R2
|
From: Cliff Galiher - MVP on 2 Feb 2010 14:49 In short, yes I have seen the Windows Firewall stop a threat. I wrote up an entire post on it some time back, I'm sure it is archived via google groups or something similar. But I also find it interesting, just on an academic level, that your reply to Susan about not running AV on the server was: > Things get in, it happens, and sometimes they are not caught by the >workstation AV product - the server AV product scans everything, > profiles, my-documents, etc... The exact same logic could be applied to a firewall. You can scan for viruses at the edge, but sometimes things just get by. Why is a network exploit any different? Sometimes things don't get caught at the edge. Rogue laptop, or legitimate PC that got infected by something the AV didn't catch (which we just established *CAN* happen...) A firewall is just that added minor protection. Is it the end-all-be-all? No. But the cost-to-benefit ratio certainly makes it a worthwhile tool. :) -Cliff "Leythos" <spam999free(a)rrohio.com> wrote in message news:MPG.25d1de53a58f3bd098a0f3(a)us.news.astraweb.com... > In article <9634EE67-6E05-4A12-B6B7-6303366C4271(a)microsoft.com>, > russ(a)REMOVETHIS.sbits.biz says... >> >> hmmm.. >> Ok, I leave it on, I'd rather than disable security. >> Some "visitor" Plugs in a Laptop on the LAN >> and starts port sniffing, it's all over. (or has a worm that does it.) >> One less thing to worry about IMO. >> I just thought it was causing a problem >> Russ > > In the past, and with 2008, I've had issues with applications as well as > workstations, having problems with the win firewall on the server. > Mostly with third party apps that don't auto-configure the firewall as > needed. > > During all the years, since well before NT4, I've not seen any firewall > installed on a server that actually protected it from something > malicious on the LAN, have you specifically, yourself, seen the Win > firewall protect the SBS server 2003/2008, on a LAN? > > -- > You can't trust your best friends, your five senses, only the little > voice inside you that most civilians don't even hear -- Listen to that. > Trust yourself. > spam999free(a)rrohio.com (remove 999 for proper email address)
From: Leythos on 2 Feb 2010 14:54 In article <518B86D9-BCBF-4994-BF5C-B327F60108F1(a)microsoft.com>, russ(a)REMOVETHIS.sbits.biz says... > > You don't remember the SQL Worm Do you? > or Melissa? (I think it was called) > That a basic Firewall Protected > > And No I don't see any issue because I always had one > Which is maybe why I don't see any issues on my servers? > > Oh well Your Mileage may differ :) > That's why we are consultants, we have a difference of opinions > Later :) > Russ Yes, I was online watching it spread around the country while it was happening, and it didn't impact SQL servers that were properly secured, even without a firewall. The only people that were hit by SQL Slammer were idiots that didn't have patched SQL installations - as I recall, the patch had been released at least half a year before it was exploited. Melissa was a email worm that would not have been prevented by the Servers Firewall - it worked by using the users credentials in Outlook to email itself to people, so the firewall on SBS would not have prevented it from reaching the SBS SMTP service and getting out. I've never seen a malware that would have been stopped by the Servers standard windows firewall, not in all my years. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address)
From: Russ SBITS.Biz [SBS-MVP] on 2 Feb 2010 15:18 Cliff, That's why I was confused also Leythos is Pro AV an the Server Anti Firewall? Seems like a Flip? However he has his own ideas as we all do! :) I'm Pro on both especially since the cost is minimal vs the result of not doing it... I do not want to explain to a client why I didn't implement something cheap and easy to save them from an issue that I have to BILL for :) But Then like I've said, we are all consultants and of course that means Different Opinions :) :) Later Russ -- Russell Grover - SBITS.Biz [SBS-MVP] Microsoft Gold Certified Partner Microsoft Certified Small Business Specialist 24hr SBS Remote Support - http://www.SBITS.Biz Second IT Opinion http://www.personalitconsultant.com Free Trial Microsoft Online Services (BPOS) - http://www.microsoft-online-services.com "Cliff Galiher - MVP" <cgaliher(a)gmail.com> wrote in message news:BAB2C001-6BFD-438E-A2FA-D24629F2B0FC(a)microsoft.com... > In short, yes I have seen the Windows Firewall stop a threat. I wrote up > an entire post on it some time back, I'm sure it is archived via google > groups or something similar. > > But I also find it interesting, just on an academic level, that your reply > to Susan about not running AV on the server was: > >> Things get in, it happens, and sometimes they are not caught by the >>workstation AV product - the server AV product scans everything, >> profiles, my-documents, etc... > > The exact same logic could be applied to a firewall. You can scan for > viruses at the edge, but sometimes things just get by. Why is a network > exploit any different? Sometimes things don't get caught at the edge. > Rogue laptop, or legitimate PC that got infected by something the AV > didn't catch (which we just established *CAN* happen...) > > A firewall is just that added minor protection. Is it the end-all-be-all? > No. But the cost-to-benefit ratio certainly makes it a worthwhile tool. > :) > > -Cliff > > > > "Leythos" <spam999free(a)rrohio.com> wrote in message > news:MPG.25d1de53a58f3bd098a0f3(a)us.news.astraweb.com... >> In article <9634EE67-6E05-4A12-B6B7-6303366C4271(a)microsoft.com>, >> russ(a)REMOVETHIS.sbits.biz says... >>> >>> hmmm.. >>> Ok, I leave it on, I'd rather than disable security. >>> Some "visitor" Plugs in a Laptop on the LAN >>> and starts port sniffing, it's all over. (or has a worm that does it.) >>> One less thing to worry about IMO. >>> I just thought it was causing a problem >>> Russ >> >> In the past, and with 2008, I've had issues with applications as well as >> workstations, having problems with the win firewall on the server. >> Mostly with third party apps that don't auto-configure the firewall as >> needed. >> >> During all the years, since well before NT4, I've not seen any firewall >> installed on a server that actually protected it from something >> malicious on the LAN, have you specifically, yourself, seen the Win >> firewall protect the SBS server 2003/2008, on a LAN? >> >> -- >> You can't trust your best friends, your five senses, only the little >> voice inside you that most civilians don't even hear -- Listen to that. >> Trust yourself. >> spam999free(a)rrohio.com (remove 999 for proper email address) >
From: Leythos on 2 Feb 2010 15:23 In article <BAB2C001-6BFD-438E-A2FA-D24629F2B0FC(a)microsoft.com>, cgaliher(a)gmail.com says... > > In short, yes I have seen the Windows Firewall stop a threat. I wrote up an > entire post on it some time back, I'm sure it is archived via google groups > or something similar. > > But I also find it interesting, just on an academic level, that your reply > to Susan about not running AV on the server was: > > > Things get in, it happens, and sometimes they are not caught by the > >workstation AV product - the server AV product scans everything, > > profiles, my-documents, etc... > > The exact same logic could be applied to a firewall. You can scan for > viruses at the edge, but sometimes things just get by. Why is a network > exploit any different? Sometimes things don't get caught at the edge. > Rogue laptop, or legitimate PC that got infected by something the AV didn't > catch (which we just established *CAN* happen...) > > A firewall is just that added minor protection. Is it the end-all-be-all? > No. But the cost-to-benefit ratio certainly makes it a worthwhile tool. You're right, but I've never seen malware that compromised a patched server from inside the LAN, so, like the SQL slammer and Melissa, they required either an unpatched server or a user account access. If the AV software doesn't catch the malware and the user has authentication with the server at the necessary level, the firewall is not going to prevent anything... Think about it, for Melissa to work the malware used the USERs Outlook account to send itself - so the firewall would not have done anything. Same with SQL Slammer, the firewall would not have done anything because the ports needed to exploit it were open on the LAN to start with. Now, if you have a exploit that uses TCP 60,000 (I just made that up), there is little chance that MS has code listening to TCP 60,000 and if you had an app using TCP 60,000 you would already have a exception in the firewall for it...... -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address)
From: Leythos on 2 Feb 2010 15:27
In article <2FC668CA-2E38-4E0B-850B-7F3609AE2C48(a)microsoft.com>, russ(a)REMOVETHIS.sbits.biz says... > > Cliff, > That's why I was confused also > Leythos is Pro AV an the Server > Anti Firewall? > > Seems like a Flip? > However he has his own ideas as we all do! :) It's not a flip at all - the two have NOTHING to do with each other. A firewall blocks PORTS, AV software blocks programs. > I'm Pro on both especially since the cost is minimal vs the result of > not doing it... > > I do not want to explain to a client why I didn't implement something cheap > and easy to save them from an issue that I have to BILL for :) But, like you don't want to bill them for something that might help them, I don't want to bill them for enabling something that causes problems for their applications hosted on the SBS server. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address) |