Adam Our AV is set to auto-update the definitions file, as it would be rather pointless to have AV and let this get stale. We have not observed any significant overhead of just the definition files updating, it's a rather lightweight operation. It has not been a concern for us. The main issue was to disable scheduled scans, as this obviously causes a lot of disk thrashing.
Mike Waldron Systems Specialist ITS - Research Computing Center University of North Carolina at Chapel Hill ________________________________ From: Hechler, Adam [[email protected]] Sent: Monday, December 03, 2012 8:58 AM To: [email protected] Subject: RE: using AV in virtual machines Thanks everyone who replied already. Aaron – curious as to why image creation privileges is one of the deciding factors. One of the things we talked about here was a user having a reservation and getting infected in a normal VM and since that would be on a local (private) network it can at least spread through any reserved VMs (am I correct in that?) There was also concern, and maybe this is for another question, that VCL users also would have local drives mounted via RDP and a virus in a reserved image can then spread to a local host. Michael – the overhead on the images is my concern. Especially since most enterprise AV products I’m aware of attempt to update almost immediately upon startup or login which is when the users would notice it the most. For everyone – if you do have AV in your images, are you updating the images often to get the latest definition files? Have you configured the AV to not update automatically? Forgive these seemingly simple questions, but on our normal desktops we just let the AV auto-update so it’s not an issue. But there is a performance hit to Windows upon startup or login. We’re just looking for the best experience for our users. Thanks, Adam From: Aaron Coburn [mailto:[email protected]] Sent: Friday, November 30, 2012 4:43 PM To: <[email protected]> Subject: Re: using AV in virtual machines We do not run anti-virus software in our VMs. The main reason we don't is that we felt there are negligible security benefits while there are significant performance gains. I should also mention that we really significantly restrict which users can create images. I would be more concerned about this if we opened up the image creation privileges to more people. -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College [email protected]<mailto:[email protected]> On Nov 30, 2012, at 10:03 AM, "Waldron, Michael H" <[email protected]<mailto:[email protected]>> wrote: We are running anti-virus on our VMs because our security organization insists on it. We do have it configured however not to run scheduled scans to reduce excess pounding on our backend storage. We run a scan when initially creating the image. Since the VM always reverts back to a clean image after a reservation, this satisfies our security group. Mike Waldron Systems Specialist ITS - Research Computing Center University of North Carolina at Chapel Hill ________________________________ From: Hechler, Adam [[email protected]<mailto:[email protected]>] Sent: Friday, November 30, 2012 9:56 AM To: [email protected]<mailto:[email protected]> Subject: using AV in virtual machines Hello, Can the rest of you running VCL in production tell me if you’re running Anti-Virus software in your VMs? Can you explain briefly why you are or are not? We’re trying to determine if we should install AV in our images or not. Thank you, Adam - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adam Hechler Senior Analyst /PC Systems Administrator Rensselaer Polytechnic Institute 275 Windsor Street Hartford, CT 06120 USA Ph: 860-548-2446 Email: [email protected]<mailto:[email protected]> Web: http://www.ewp.rpi.edu<http://www.ewp.rpi.edu/> <image001.jpg><http://www.facebook.com/pages/Rensselaer-Hartford-Campus/216532895053858> <image002.jpg><https://twitter.com/#!/RPI_Hartford> <image003.jpg><http://www.youtube.com/user/RPIHartford> <image004.png><http://rpihartford.blogspot.com/>
