* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download EXECUTIVE SUMMARY
Computer and network surveillance wikipedia , lookup
Mobile security wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Information privacy law wikipedia , lookup
Unix security wikipedia , lookup
Microsoft Security Essentials wikipedia , lookup
Data remanence wikipedia , lookup
Computer virus wikipedia , lookup
Recommendations for Configuration of Antivirus Software For use with software applications produced by ProfitStars® Date created: Nov 30, 2004 Last updated: September 15, 2009 Intended audience: IT professionals and end users This document is available in electronic form at: http://www.profitstar.com/dev/AntivirusRecommendations.pdf Summary Many of our clients routinely use antivirus software to protect their computer systems and networks from malicious software attacks. Commonly used antivirus programs include: Norton AntiVirus™ and Symantec AntiVirus™ (both from Symantec Corporation) McAfee VirusScan® Computer Associates eTrust™ AntiVirus Panda Security antivirus products This document describes our recommendations for configuring antivirus software for optimal compatibility with the following ProfitStars applications: PROFITstar® (including Profitstar Suite™) PROFITability® PROFITstar® Portfolio PROFITstar® Budget Manager Recommended Actions To facilitate program stability, data integrity, and optimal performance, without compromising security, ProfitStars recommends that the PROFITstar/PROFITability data folders (PS, PA, or Common) be excluded from real-time virus scanning. If this is not possible, then antivirus programs, performing file-level, real-time virus scans, should be configured to specifically exclude a few file types that are associated with ProfitStars data. These are: .add .adi .adm .adt .ai .am .csv .psbackup The exclusions apply only to the ProfitStars data directories. (See Final Notes on page 6.) IMPORTANT: We are not recommending that antivirus protection in general be disabled. Nor are we recommending that ProfitStars program files be excluded from virus protection. We are recommending only that the data files for ProfitStars programs be excluded from real-time virus scans. If necessary, data files can be included in your scheduled scans, however, be aware of the following issues: Why would scanning ProfitStars data for viruses cause problems? At least three kinds of problems might occur when scanning ProfitStars data files: 1. The antivirus program modifies a ProfitStars data file. Antivirus programs sometimes incorrectly detect a virus—they identify a virus when in fact no virus is present. (This is called a “false positive.” It is unusual, but quite possible, to encounter false positives when scanning large quantities of binary data.) The antivirus may attempt to “fix” the apparent problem, which involves modifying the supposedly infected file. Any such alteration of a data file could cause serious data corruption. 2. The antivirus program removes a ProfitStars data file. Again, suppose the antivirus software encounters a false positive. Rather than attempting to fix the infection, the antivirus may be configured to quarantine the infected file, or to perform a quarantine if an attempted fix fails. For purposes of ProfitStars programs, which use that file, quarantining is equivalent to deleting. The file will be missing when it is expected to be there. Again, the consequences for program stability and data integrity could be serious. 3. The antivirus software causes a sharing violation. This kind of error is possible with “on-demand” scans—those which are launched manually by a user, or automatically by a task scheduler. If a ProfitStars program attempts to open a data file while it is being scanned by the antivirus program, a sharing-related I/O error might occur. (This kind of error should not be encountered with real-time scans.) Potential problems with performance Real-time file protection can also introduce a significant performance penalty. Therefore, an additional reason to consider disabling real-time file protection is that it might improve the performance of ProfitStars programs. Some users access shared data for ProfitStars applications on a network drive. In this case, it is possible for real-time scanning to be enabled twice, once at the server and again at the workstation, imposing a double performance penalty. The shared data should be excluded from real-time protection at the file server and at all client workstations. Does excluding data from virus protection put my systems at risk? The risk is negligible. Malicious software has to be executed—run by a host computer—in order to do damage. ProfitStars data is not executable, and therefore poses very little virus threat. ProfitStars, A Jack Henry Company · 17110 Marcy Street, Ste 200 · Omaha, NE 68118 · P 800.356.9099 · F 402.431.8822 · www.profitstars.com Page 2 of 6 How can I minimize my exposure in the ProfitStars data directories? Data for ProfitStars programs resides in directories that could be used by malicious software to store potentially executable and destructive code. Totally excluding the data directories from virus scans could leave the directories vulnerable to exploitation. A better alternative would be to scan only selected files within those directories. Specifically, we recommend that all file types not associated with data for ProfitStars programs be scanned. (ProfitStars data-related file types are documented on page 1.) Under this recommended configuration, high-risk file types like executable files would always be scanned, minimizing the risk of malicious exploitation. What about report files generated by PROFITstar or PROFITability? Four kinds of report files generated by ProfitStars applications are potentially exploitable by viruses: 1. 2. 3. 4. Adobe Acrobat (.pdf) files HTML files (.htm or .html) Zip files (.zip) Self-extracting report files (.exe) Adobe Acrobat and HTML files are at relatively low risk of exploitation. Zip files and especially the self-extracting report files would be more of a concern. None of these report file types is a ProfitStars data file type. They will always be scanned if you exclude only those file types listed on page 1. Doesn’t excluding data from virus scans violate security best practices? No. Data files are commonly excluded from virus scans. Files, which are not executable, and which are stored in proprietary formats not “understood” by antivirus software, may be legitimately excluded. This is especially true if there is a risk of virus scans interfering with the normal operation of the database in question. For example, to avoid data corruption, Microsoft strongly recommends excluding certain data files used by Exchange Server from virus scans. Likewise, Microsoft recommends excluding some system data used by Windows 2000 or Server 2003 domain controllers. According to Symantec, Microsoft SQL Server databases should be excluded. Anecdotal evidence from SQL Server administrators supports Symantec’s advice. Refer to the resources listed on page 4 for further information. Data for ProfitStars programs is not executable, and is therefore highly unlikely to be targeted by viruses. It is stored in formats, mostly with binary encoding, which are not “understood” by antivirus programs. Furthermore, if antivirus software interferes with the normal operation of the database, serious side effects can result. Excluding data for ProfitStars programs from virus scans does not violate security best practices. It also makes good sense, given the added benefits in program stability, data integrity, and performance. ProfitStars, A Jack Henry Company · 17110 Marcy Street, Ste 200 · Omaha, NE 68118 · P 800.356.9099 · F 402.431.8822 · www.profitstars.com Page 3 of 6 Where to go for more information How to include or exclude files from virus scans Refer to the knowledge resources from your antivirus provider. General antivirus information from Microsoft “Antivirus software: frequently asked questions” http://www.microsoft.com/athome/security/protect/antivirus.mspx “The Antivirus Defense-in-Depth Guide” http://www.microsoft.com/technet/security/guidance/avdind_0.mspx Microsoft’s antivirus business partners (about 2 dozen), including links to each: http://support.microsoft.com/kb/49500 “Messaging Hygiene at Microsoft,” describes Microsoft’s corporate approach to e-mail security. Note the following: “Organizations that want to employ filelevel antivirus software on Exchange Server 2003 servers should use extra precautions. Because the file-level antivirus software is typically not aware of the internal structure of the Exchange-specific data (such as Exchange databases and log files), scanning such contents often results in server failures and may cause data corruption. The file-level antivirus software must be specifically configured to exclude any Exchange Server–related data, such as mailbox stores, transaction logs, temporary directories, message queues, and other relevant file locations.” The same is true for the data used by ProfitStars applications. http://www.microsoft.com/downloads/details.aspx?FamilyId=7A993A61CE35-4EB8-AA8D-796F9793F6A3&displaylang=en#QuickInfoContainer Microsoft recommends excluding their e-mail server databases and some domain controller directories from virus scans “Overview of Exchange Server 2003 and antivirus software” http://support.microsoft.com/?id=823166 “Exchange and antivirus software” http://support.microsoft.com/?id=328841 ProfitStars, A Jack Henry Company · 17110 Marcy Street, Ste 200 · Omaha, NE 68118 · P 800.356.9099 · F 402.431.8822 · www.profitstars.com Page 4 of 6 “Virus scanning recommendations on a Windows 2000 or on a Windows Server 2003 domain controller” http://support.microsoft.com/kb/822158 Symantec recommends excluding SQL Server databases from virus scans “Can Symantec AntiVirus Corporate Edition scan a SQL database?” [Symantec says no, but does not elaborate on what the consequences of doing so might be.] http://service1.symantec.com/SUPPORT/entsecurity.nsf/docid/2002120911393848 “A Short Tour of Symantec System Center 5.0 in Symantec AntiVirus 8.x” ["The 'Exclude selected files and folders' box should be checked if you have large databases, such as SQL, or a local e-mail server like Microsoft Exchange. Certain third-party software packages will also suggest excluding their software from being scanned."] http://service1.symantec.com/SUPPORT/entsecurity.nsf/docid/2002110112002748 Anecdotal advice from system administrators re: SQL Server databases & antivirus software From www.sqlservercentral.com: (You must be a registered member to view, but membership is free.) The advice of contributors to this forum is consistently, “Exclude SQL Server databases from virus protection.”) http://www.sqlservercentral.com/forums/shwmessage.aspx?messageid=10 9903 If you have further questions, please contact your Client Services analyst. ProfitStars, A Jack Henry Company · 17110 Marcy Street, Ste 200 · Omaha, NE 68118 · P 800.356.9099 · F 402.431.8822 · www.profitstars.com Page 5 of 6 Final Notes If file-level, real-time virus scans are performed, and the file types listed on page 1 are excluded, be aware of the following: The same file types should be excluded from the real-time virus scanning of files nested in ZIP files. This applies to zipped copies of data for ProfitStars programs, including PROFITstar or PROFITability backups. Special measures must be taken when these ZIP files reside in directories other than ProfitStars data directories. The question mark wild card character ‘?’ represents (in the case of ProfitStars files) a single digit from zero ‘0’ to nine ‘9’. ProfitStars, A Jack Henry Company · 17110 Marcy Street, Ste 200 · Omaha, NE 68118 · P 800.356.9099 · F 402.431.8822 · www.profitstars.com Page 6 of 6