Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Running Anti-virus

Status
Not open for further replies.

cwicker

Technical User
May 4, 2003
11
US
Have a laptop with Sniffer installed on it. And when in the office I log on as "Sniffer". But when I travel to any remote I usually log onto the laptop as myself in order to recieve Corporate e-mails and use AOL IM. My question is this: I know I should be running anti-virus software when logging on to check e-mail, and using Instant Messanger. But do I need to have anti-virus software running when logged on as "Sniffer" which does not have any thing but access to the Sniffer software?
 
Hi,
The answer in theory to the question is no you don't need AV protection when using Sniffer. The reason being that when you use sniffer the Sniffer card should be in "promiscous" (listening only) mode, with no TCP biindings bound to the card, therefore it should be (in theory) impossible to get any virus, worms etc.
In practise to use the "Address book" feature to resolve names etc, you need a secondary network connection, which leaves your laptop vunerable. But there again, if it's doing nothing but DNS lookups, you should be reasonably safe.
As with most things, if your careful with what you doing, the chances of getting viruses, worms etc are reduced when using the sniffer application.

For your reference, with the Sniffer Distributed and Sniffer Investigator appliances, NAI do bundle in their McAfee AV protection (VirusScan v4.5 SP1). I assume this will soon be VirusSCan v7.0, their new AV version release 2+ months ago.

Alf


 
Although the question is specific to Sniffer Pro portable, when I was configuring some Gig Distributed Sniffer for a customer last year, we called NAI tech Support to resolve a NIC card issue and they advised us to turn off the AV software for performance reasons.

It's important to note that this was in a totally secured envorinment with absolutely no access to the outside world through Internet, FTP or any other means - not even through a firewall - this is a totally segregated situation. Therefore there was no security issue to be concerned with.

We were runing v4.1 at the time - I can't speak to whether this is or isn't a performance issue with v4.2.

Owen O'Neill
Datacom Systems Inc.
Northeastern SE
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top