If you use antivirus to protect a PC, why wouldn’t you use it to protect a server? Yet, alarmingly, many companies haven’t put AV on their servers, leaving them vulnerable to malware and other threats. It’s a recipe for disaster and one that could—and should—be easily avoided.
The prevailing reason why many companies don’t put AV on servers is the misconception that because users aren’t using the servers to surf the Internet, the servers aren’t vulnerable to malware. In truth, servers are at risk, whether they touch the Internet are not.
People browsing the Internet on endpoints have a higher chance of downloading something infected or causing a problem, but the piece they don’t know about is the behaviour that malware code is looking to do.
Worms are specifically coded to connect to and infect as many machines as they can on the network. So even if the server is not a point of entry for a piece of malware, the malware can still actively seek it out.
If they sit unprotected you have a major risk. People don’t think the vectors, the entry points of infection. For example, a user might upload an infected file to a file server that is then shared with a number of machines. Or it could go directly after that file server, which we see a lot. It sits and waits for someone to connect to the file server.
Infections could also be spread by plugging a USB drive into a server. You could be carrying around an infection in your pocket. The number one point I always try to make is, in order to be fully protected you should have AV on every node and every OS within the environment. Period.
Other popular misconceptions about keeping AV on servers include users saying they don’t need the patch management, firewall, web filtering and other features sometimes included in AV products today. People say: “I don’t need all those things on my server. I don’t run Adobe on it. I don’t run Java on it.” But even if you’re not using all points of protection, you’ve got to have the bare minimum.
Sometimes, companies find the source of an infection is literally an old server stuck in a closet that is not regularly used anymore. Malware found the forgotten piece of equipment and used it to spread throughout the network. That’s why unprotected computer discovery is an important feature of AV. It can find that server that is probably the culprit for spreading infections.
I routinely receive support calls from businesses who didn’t have AV on a server that became infected. I assist in the cleanup, but they have to take the time to make sure their network is 100% clean. They have to clean, reimage and restore from backup. From an IT perspective, that takes a lot of resources. A few extra dollars to protect servers doesn’t seem like a lot, when you could spend days, weeks cleaning up the aftermath of an infection.