Re: Anti virus installations on Windows servers

[Pavel Kankovsky <peak () argo troja mff cuni cz>]

On Fri, 1 May 2009, T Biehn wrote:

> The example provides an easy to concoct scenario where perhaps
> anti-virus software might be employed to great benefit where the
> actual OS's security would be a moot point.

Very unlikely. If your OS has got more holes than a piece of Emmentaler
malicious code might exploit one of them to circumvent or disable
detection even before your antivirus gets a chance to scan it. You lose.
Game over.

> It's interesting to see that so many on this list have become so
> hypnotized that they would go so far to say that A/V is useless and
> the only possible protection is switching to some other OS.

Let me check: Can antivirus prevent an arbitrary piece of malware from
causing harm? No--it is impossible even in theory (see Rice's theorem). 
Can OS with a strict MAC policy prevent an arbitrary piece of malware from
causing harm? Yes--it is not easy but it is certainly possible.

> It is equally obvious to point to an example when, yes, an A/V
> (however deployed) would provide a worthwhile added value to the user
> experience, this point is sufficient for winning the debate.

Primo: "A worthwhile added value" might be very far from "optimal".
Secundo: Does "however deployed" includes "defunct"?
Tertio: User experience?!

-- 
Pavel Kankovsky aka Peak                          / Jeremiah 9:21        \
"For death is come up into our MS Windows(tm)..." \ 21th century edition /

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/