Rant

I don't like anti-virus software, and I like real time virus scanning even more. It's like trying to fix a paper cut with brain surgery. There are plenty of guidelines out there for how you can configure your computer, and how you can be a smarter user and avoid virus, spyware etc. Those are mainly for workstations and home PCs, but what about servers?

My take on servers is, you shouldn't be doing anything that compromises the security of a server, and that includes browsing the web, using a standard or admin account. So if you cut out browsing, don't install warez, what's left? I know, I know, what about things like Code Red? When Code Red first hit, it didn't matter if you anti-virus installed or not, the attack was so new that your only defense was to pull your web server off line until you got it patched. A virus from last year, should never find it's way onto your server if you are careful, leaving zero-day exploits and black market hacks, that AV isn't going to catch it right away anyway. About the only thing AV software is good for, is finding that bot net Trojan your Mom gets when she installs Super Happy Smiley emoticons for email. 

I know I'm not going to win the argument for not having any anti-virus installed, but let's at least be intelligent about it ok? If you call yourself an IT administrator, Network Administrator, etc, now is the time to earn that title. Anyone can carpet bomb a network with an enterprise anti-virus package. The AV makers even make it easy to auto deploy their poorly written, resource hogging craplets via auto install software and group policy.

A true administrator will take the time to come up with a comprehensive approach to computer and network defense, including the intelligent installation and configuration of AV software. I found an excellent document on folders and files you should seriously consider exempting from real time, and even on demand scans.

Yeah, yeah, I know, just run Linux on the desktop and use a LAMP stack for your servers.