Switching off AV??

[superfletch]

One of my colleagues (a network manager) has been told by his boss (HT) to switch off the AntiVirus on the schools MIS Server for at least an hour every day while some piece of software sends automated text messages to parents.

Basically the software won't work without him doing this, the software company have recommended this is how he gets around it without suggesting anything else and they rather than him are getting the HT's support!!

Now apart from the obvious risk of exposing the machine to a virus, malware, The BBC or anyone elses botnets, can people list the best reasons they can think of not to switch off the antivirus daily.

This is a mission critical server housing sensitive data on a network full of secondary kids with an interface in some way to the telephone grid.

I'm going to tell him to look at some other products but some ammo to throw at the HT might help.

[jamesb]

Why won't the software work without him doing this? Couldn't an exception be set up for that particular software? Still a lowering of security standard, but less so than switching the whole thing off.

[bossman]

What AV is he using?

I would advise him to contact County LA and ask for their advice on the matter but inform the HT first.

[pete]

Broken software is not a sufficiently good justification for disabling AV. Setting granular exceptions is a possibility.

I assume the AV is picking up the SMS software as a spam mailer or similar infection and blocking or rate-limiting it?

The software vendor (not the school) needs to contact the AV provider and ask them fix the issue, it's their responsibility to negotiate with the AV provider to get whitelisted - this can take a while unless you have a lot of clout.

I'd lart the software company, pointing out the schools obligations regarding the data held on said server or find another provider. Which company is providing the software?

[K.C.Leblanc]

Is it too late to unleash a little bovine excrement and tell them the server needs a reboot to fully disable the AV and another to fully enable it?

[superfletch]

"I would advise him to contact County LA and ask for their advice on the matter but inform the HT first. "

County LA - Thats us




"Broken software is not a sufficiently good justification for disabling AV. Setting granular exceptions is a possibility.
I assume the AV is picking up the SMS software as a spam mailer or similar infection and blocking or rate-limiting it?"

Couldn't agree more - I'll find out what AV he's using - some of the interfaces aren't very good for setting exceptions.

[Michael]

Providing you add the application as an exception (within your AV software) then it shouldn't make any difference.

It is poor advice from any software company to tell the school to 'switch it off for an hour'. It's a bit of a joke to be honest. The company in question should be contacting the AV companies (as required) and informing them if there's a conflict. If I was given that advice, I would look at other alternatives.

[mb2k01]

Hey Superfletch!
I bet it's a primary isn't it!
Do you know what the SMS software is as well as the AV?
If it's a school with more than one server I'd question the logic at having this software on the SIMS server in any case?

It probably comes down to the age old problem (down here especially)... the HT wants something done, doesn't understand the technical issues (and/or doesn't care about them) and expects the order to be done as that's what he's been told works!

[kmount]

He said it was a secondary in his original post.

I'd agree though, shutting off AV is not appropriate at all for this.

[jcollings]

I suspect your RBC would be none too impressed either as AV is stipulated as a must have in the T&C for most of them (it certainly is in CLEO land). Also in terms of data protection I would suggest turning off AV does not qualify as ensuring data is secure (one of the basic principles).

[PiqueABoo]

in terms of data protection I would suggest turning off AV does not qualify as ensuring data is secure

If you *need* AV on an MIS server then I reckon you're already not doing enough to ensure that data is secure i.e. why would malicious processes get to run on that box in the first place?

AV is only as good as the latest signatures and I've seen plenty of malware breeze past those in my time. Have AV by all means, but secure configuration and practices are much better.

[OTOH file servers do need AV]

[jcollings]

If you *need* AV on an MIS server then I reckon you're already not doing enough to ensure that data is secure i.e. why would malicious processes get to run on that box in the first place?

AV is only as good as the latest signatures and I've seen plenty of malware breeze past those in my time. Have AV by all means, but secure configuration and practices are much better.

[OTOH file servers do need AV]

I think it is one of many measures you would take to keep it secure. Personally I think you should have AV on all your systems. Secure configuration and practices don't mean you shouldn't have AV installed - it's just another line of defence.