Over at the HomeServerShow, a very interesting story just popped up that I had to pass along. “Do you need Anti-Virus on your Media Center PC’s?” is the title and it offers up some good reasons why you might want to think twice about whether a computer needs an AV solution or not.
Just a little snippet from the article may get you thinking
How did I come about such an exploit you may ask? Downloading actor images, and meta data via the MetaBrowser utility! I never imagined I would run across an exploit in such a way but there is also a good chance that it’s just a false positive. I don’t blame MetaBrowser for it but should we be concerned?
about the need for an AV solution for your WHS. You may not access the web through a browser on your WHS, but if a utility like My Movies for WHS looks for meta data, it might just grab more than it intended.
Food for thought…
10. November 2009 at 12:38 am
Interesting topic on which I would very much like to hear Microsoft's point of view, preferably an official PoV. IMHO, this topic has been left in the dark for way too long and – even worse – it has mostly been discussed by a "technical skilled" group of people, which, given the primary targeted group of end-users, should not very much not be the case. – Kind regards, John
10. November 2009 at 1:12 am
What is there to ask of Microsoft? – what can they tell you about your own data security practices? – If you're introducing files that may carry virus's to your WHS then you should run a check on them – otherwise it's your risk.
Personally nothing goes on my WHS without first being checked for virus's etc on a client PC
There's already a number of commerical products available designed for WHS (that's where most of the debate centers on – what product to use and whether ones not designed for WHS are ok)
10. November 2009 at 4:06 am
Are there any free AV solutions for WHS? I use Avast! on my desktop but as far as I know, the WHS edition is not free.
Does MSE work on WHS?
10. November 2009 at 4:20 am
No free solutions, which means MSE will *not* work on WHS. I have head enough computer users say that they do not need an AV program because they are "very" careful where the surf. Hence my interest went up when I read this.
Why?
The original article highlighted that fact that it did not require the user to be actually surfing the web to get hit.
18. November 2009 at 11:04 pm
MSE will work on WHS, just not as an installed program. MSE will scan mapped drives. Just make it a scheduled job.
Run AV on all your equipment and scan your fileserver nightly.
18. November 2009 at 11:09 pm
hmm, interesting. I will have to get some feedback from MS about whether they would consider this a "safe" thing to do.
20. November 2009 at 8:04 pm
Yes. The Comodo AntiVirus product installs and scans the server natively.
10. November 2009 at 4:58 am
Crazy how they can and do get threats embedded into files that you wouldn't think there would be any.
I find MSE working better all the time. Visiting a friends blog one day MSe popped up a warning about some warning that this page was serving up malious code. Emailed the site owner and sure enough someone had hacked the site to server up the code.
While helping a friend update to Windows 7 last week I out his PC on my WHs to make sure we didn't miss anything he might need after the upgrade. While mounting the image up pops a warning from MSe about some trojan on a WMA file. Theyhad this file so locked down I couldn't delete it or even move it out of the backup file. Only thing I could do was delete the complete backup and clean up the database. Since the file was never opened it could bedilver it's pay load but it was still unnerving. He even had the free AVG on his system and it never once gave him any warnigns that this was setting on his PC. And before you ask yes they (wife) got the music file from Limewire.
fasthair
10. November 2009 at 6:48 am
Just get avast, seems to do a decent job and for $70 or so you get home server AV and 10 client AV licenses which is the pro version, cheapest solutions and it works.
10. November 2009 at 7:00 am
Jim, I can't be 110% positive, but I am nearly there.
This is very, very likely a false positive.
I have had 2-3 users having similar anti-virus alerts on meta-data provided by My Movies to it's internal files, at the time of download. These were JPEG files.
Due to the way we store these, it is nearly impossible this can happen – when a user uploads the data, the image data itself is stored into another file, being pulled through what can be seens as a re-scale. During such process, any virus would get lost, since the image bits are read, and nothing else.
The servers run anti-virus to ensure these things does not happen, however false positives is something that I think we just will have to live with. If there was a virus on the servers that could cause a thing like this, then you would not see 2-3 instances in millions of downloaded files, but you would see many, many situations very quickly.
MetaBrowser typically receives files from themoviedb.org, and I can't comment on what they do, but given the examples we have, I am very, very sure this is only a false positive.
Regards,
Brian Binnerup
10. November 2009 at 1:24 pm
Hi Brian,
It is very likely a false positive. And I am no way implying that My Movies harbors nasties!
It is simply an example of "You can never be too careful."
10. November 2009 at 6:35 am
With respect to the question “Does WHS need AV?” you give a wrong direction to answering the question.
The second question you should ask yourself is “Can I afford a virus on my WHS”, followed by “What’s the value of the data on the server”, and putting your backup strategy in the equation.
In the end it’s a matter of taking risks.
10. November 2009 at 1:29 pm
The more appropriate question is "Can I afford to NOT have an AV program on my WHS?"
10. November 2009 at 2:23 pm
The nail on the head. With TeraBytes of data and at least some MB worth of sensitive information why would you not put an AV on your server?
@Bodog WGS I tend to think the other way around since installing uTorrent. Now my server has become the main scanner for the other computers, vetting files before I let them on to other PCs.
12. November 2009 at 9:02 pm
For regular users, of course you are right. But for those (like zdv) who actually understand what risk based assesment actually is let them make their own informed judgement.
10. November 2009 at 6:20 pm
There is no doubt that it is a good idea to have AV on your WHS.
That the AV's hit false positives such as this is not the reason for it though – but there are many other reasons.
If you are downloading things from torrent networks on you really can't live without one.
11. November 2009 at 6:18 am
I think it is a no-brainer… EVERY computer should have AV on it. These days you can get viruses on machines even if they are standalone. Viruses have made it on USB drives strait from the manufacture so as far as i am concerned there are no "trusted" sources.
11. November 2009 at 7:35 am
come one don't be naive…whilst this is probably a false alert, just check the virus details of your alert…this is an exploit that was first patched on 2004 updates !!!!!!!!!!!!
12. November 2009 at 9:12 pm
Totally agree. Whilst of course its a *very* sensible precaution to have AV capability on your WHS, Jim hasnt chosen a particularly good example as a justification for it.
Metadata and Jpegs are not going to compromise an up to date WHS installation.
12. November 2009 at 1:05 pm
Thanks for the useful info. As for Microsoft Security Essentials, I like it; sort of reminds me of a stripped-down MS OneCare, which I used. I do wish there was an MSE available for Windows Home Server, although I currently have Avast on mine.
13. November 2009 at 1:32 am
Sorry for the late post, but I thought I'd add my two cents, as well. I currently have a trial version of Avast! on my MSS. It works just fine and no matter how secure I tend to be, my daughter and wife are security car-wrecks, and having A/V on the MSS is just an added level of secrity, especially since it's a Windows kernel.
Avast also has a home secutiry package which include a license for your WHS machine and 10 Windows clints PCs for about $75 a year. Considering the damage I have seen viruses cause at work, $75 is a pittance for the keeping my irreplaceable files more secure, and more safe.
20. November 2009 at 9:02 pm
It only takes once for you to get a "network aware" virus that will attempt to spread to every machine on your network for you to figure out the value of having AV on every PC you own including your server.
Just think if you get a virus on your server and you lose 2 or 3 TB of information… It sucks… I have had it happen to me not by a virus but by hardware failure.. I lost so much stuff..
Protection comes in layers.. not a 1 stop fix all..
First layer of protection …. Firewall/Router…. So people can not connect directly to your PC from the internet.
Layer 2….. Firewall on the PC … Protects you from other PC's on your network should one get a virus on it.
Layer 3…. Antivirus… To protect you from other PC's on your network , and from websites and other files that you download or bring into your network….
See a pattern forming here? Its not really a question of IF its a question of WHITCH one should I have. There are to many free AV software out there to not have one loaded on your machines.
OK RANT OVER… Just my .02