G
G
Grigory Bondarenko2019-08-23 18:47:10
Antivirus
Grigory Bondarenko, 2019-08-23 18:47:10

Do I need an antivirus if software restriction policy is enabled?

Extended Support for Windows 7 ends next year. Do I understand correctly that Security Essentials antivirus updates will no longer be available? Do we really need antivirus on workstations? The fact is that in our enterprise all users work under limited accounts, and a policy of limited use of programs is also included. Thus, users cannot run executable files and include libraries other than those located in the Windows and Program Files folders. Additionally, macros that are not signed by a trusted publisher are not allowed to run. And, of course, updates to the operating system and browsers roll automatically. Therefore, it is difficult for me to think of a situation in which a computer becomes infected with a virus. Or is such a situation possible?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Anton Matushkin, 2019-08-23
@Nanto

Your policy covers a wide range of channels through which malware could penetrate, so in most cases this may be sufficient if only software is launched from trusted directories without removable media, executable files are signed, user rights are limited.
However, a scenario immediately comes to mind in which malicious Javascript is launched in a trusted browser that has a signature. Or, for example, a java environment is used, which can execute a jar with malicious code. Or any other similar scenario where some trusted software executes some third party code. In conditions of limited accounts, this most likely will not lead to the inoperability of the system, but data in folders accessible to the user can be lost. How critical is this for you - you need to look at your threat model and assess the risk. It may also be that, conditionally, with daily backup of user data, the risk of losing data accumulated during the day is lower than the cost of antivirus.
Well, the risks of vulnerabilities in the OS security mechanisms, of course, have not been canceled either.

L
lubezniy, 2019-08-23
@lubezniy

Do you need an antivirus, it's always a master's business. But there are so many ways for malware to enter the system that politicians will not block them all (although the antivirus will not always block them). Therefore, protection methods must be combined and do not forget about backups, which should never be connected to computers and the network.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question