Feedback Req-Antivirus Protection-Client Machines

[timev]

We are running a network comprising of Network Printers, Windows XP Pro Client Machines, a Windows XP Pro machine acting as a file, mail and internet gateway.

We currenty have Norton Antivirus installed on all client machines and the server.

The client machines have their data files/documents location mapped to various drives on the server (no data fiels are saved on the local machines)also anti virus email scanning is enabled to scan incoming & outgoing emails through the mailserver option.

Question is - If I removed the antivirus software on the client machines would this still leave them open to virus infections ?

Your feedback is appreciated !

Thanks for your advice in advance.

Tim

 

[bcastner]

Yes.

Most viruses and other malware comes through active scripting, email attachments, macro scripts, and in the last year the RPC service. The targets are often Windows files, Windows directories, and the registry. All of these items of interest to malware are likely still locally stored on each machine.

 

[timev]

Thanks for your advice 'bcastner'

I did forget to mention also that emails are also stored on the Windows XP server as the client machines are configured to use IMAP accounts. I'm thinking this is still the case that AV is still advised on the client machines ?

Thanks,

Tim

 

[bcastner]

Storing emails on the server will help. I think you can make a good case in your situation for server-only AV scanning. It is truely hard though to bar users from storing internet obtained packages on local resources. It is because of this that I personally would hesitate to remove a local AV scanning component.

The key is that you need to configure the client-side AV scanning so that it does not waste any effort on whatever is locally stored/cached as known good items. The ability of the local AV software to prevent scripting objects from changing/adding to system file directories and the local portion of registry hives (I assume user.dat is stored remotely) is not a small thing. A scan of any newly created file object on a local resource is what I would hesistate to completely remove as well as a safety feature.

And, there will always be the laptop users.

Most of the other external malware are likely more directly addressed through your firewall software.

It is a good question, and one that does not admit unambugously to a clean answer. I vote on the side of caution and retain a local AV scan, but would certainly spend some time in its configuration.

 

[timev]

Thanks again 'bcastner' for your more indepth advice, I will certainly look into the options available and will probably configure the AV software based on the advice you have given.

Thanks again.

Tim

 

[timev]

One last question, based on the above is their a way of preventing users from saving downloaded files from the internet to any location other than My Documents folder (which is stored on the server) ?

I'm guessing here but if their is it would more than likely be in Administration in Control Panel !

Thanks again for any advice

Tim

 

[bcastner]

You can make it more difficult:

. Modify the file association entry in Explorer (Tools, Folder Options, File types) and uncheck 'Confirm open after download'. This denies a download location selection. These changes can also be made with registry entries.

. Use NTFS permissions to deny create on local filestores