• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Likelihood of getting a virus on WHS?

smirk

smirk

Member
Hi, I'm not sure if this is the right place to ask this, but I was thinking of building either a WHS or a FreeNAS box. There will be occasional bittorrent and Usenet use, and I'm wondering how paranoid I should be about getting a virus on the WHS box if I go that route.

I have a Mac and a couple of Windows PCs. I usually do my downloading from the Mac and then execute any questionable Windows software from inside a VMWare instance to see if AVG catches anything or if there are any odd effects. If downloading a media file, there doesn't seem to be significant risk with just opening the file on the Mac. However, if the file was stored on a WHS machine and opened from the Mac, what happens? If the file was infected, could it spread through the WHS box, or is the only risk on the client PC? I'm not sure how that works. Obviously with FreeNAS the risk on the server end would be greatly reduced, but any Windows clients that use those files would need to be protected.

Usually I'm not overly concerned about viruses on my PCs; most valuable data is on the Mac and is backed up to an external drive. But once I get the NAS then all data will be on a Windows-based platform (and backed up to another drive, but still...). I'm wondering if this is cause for alarm.

Does anyone have any advice or experiences to share about viruses on a WHS box?
 
I would imagine fairly unlikely...unless you browse the web a lot from the desktop with no antivirus.

The only other threat would be downloading things and saving to a network share and the pc you are downloading with isn't protected. Or plugging in strange infected USB keys or something.

I run Clamwin on mine and havn't had any issues.
 
Well, my Mac doesn't run any antivirus, my PCs run AVG. I was thinking about the scenario where a trojan or virus-laden file was downloaded directly to the WHS by either the Mac or PC. So say the WHS is mapped as drive J: and the infected file is downloaded straight to J: and then later launched from J:.

In this scenario, I wasn't clear if the virus could be caught by AVG on the client PC (so that the client PC remains uninfected) but not by the WHS OS and so it could spread through the WHS box.
 
If you have a shared folder which you store files, then you have a good chance of still getting a virus. It probably won't happen until you physically sit at and log into the WHS (fewer viruses have remove execution exploits), but there are many that can infect the system just with the preview/thumbnail of the file in the explorer window.

Seriously, there are so many free anti-virus programs out there that you might as well run one. AVG, Avast!, ClamAV just to name a few...

I even run ClamAVX on my Mac and Solaris system, just so that it catches infected files there before they could be transferred to my Windows systems.
 
Last edited:
I am kind of puzzled to what you are looking for.

No one can tell you precisely what is the probability to get infected by Virus.

I know to my probability is low because I do not download anything from sites that I do not know, and I do not open any attachment unless it is sent by someone that I know and the attachment is explained in the body of the email.

If you download directly files to the WHS from unknown uncontroled sources (whick is very prevalent in Torrent downloads), then you have higher probabilty to get infected.

No matter what we say here, our saying so it is Not a protection from Viruses.

You want to be protected get an Anti-Virus application.

.
 
If you open an infected file with Computer A, and the file resides on the WHS machine, Computer A is at risk of infection, not the WHS machine. In general, the WHS machine won't be infected by anything initiated from another computer. Keep in mind that anything you do on the WHS console is actually done on the WHS machine (it's basically a remote desktop connection).

Personally, I installed the ClamAV option on my WHS box. It's simplistic but it works (and it is free). It does NOT have an on-access scanner, but I don't generally (i.e. never) Remote Desktop into the WHS machine and open files.
 
Binky said:
Personally, I installed the ClamAV option on my WHS box. It's simplistic but it works (and it is free). It does NOT have an on-access scanner, but I don't generally (i.e. never) Remote Desktop into the WHS machine and open files.
Click to expand...

Any links to how good ClamAV is? I've heard they aren't bad with newer threats, but don't have as much in the way of older definitions. If it were a decent A/V, running it as a scheduled task every so often would be pretty good for a server.
 
This rather old (Aug. 2007). AFAIK CalmAV got better in the last two years.

http://virus.untangle.com/

Unfortunately the last few years the tendency of reviews is either to provide the "pitiful" users' reviews, or reviews that intend to entice to buy through the reviewer site.

Like this, http://anti-virus-software-review.toptenreviews.com/

No big differences in the reviews, the most attention catching on the page is the Big Red Buy button.

.
 
Last edited:
JackMDS said:
This rather old (Aug. 2007). AFAIK CalmAV got better in the last two years.

http://virus.untangle.com/

Unfortunately the last few years the tendency of reviews is either to provide the "pitiful" users' reviews, or reviews that intend to entice to buy through the reviewer site.

Like this, http://virus.untangle.com/

No big differences in the reviews, the most attention catching on the page is the Big Red Buy button.

.
Click to expand...

Thanks Jack. This has been a problem with Clam all along. There isn't much in the way of definitive reviews. I love to see avcomparitives test it in their review process. Maybe they ignore it due to the lack of real time scan. Legitimate I guess, but there's good reasons to have an on demand scanner only. If nothing else, it's free, and open source. There's a lot of small businesses hard up for cash, and something like Clam would be great if it can be trusted. The company I got laid off from let their A/V expire. I was researching cheaper alternatives, and the server was a bitch. If you want to stay lawful(an excellent idea in business), licenses for a server and users can get pricey. I could have setup Clam, but then I'm putting my name on the line. I have to be confident in the technology myself before I recommend it to others.

Edit:
What I'm saying is I don't even know if it's better than expired A/V. I suspect it is, but I'd love to see the facts in front of me :^/
 
JackMDS said:
I am kind of puzzled to what you are looking for.

No one can tell you precisely what is the probability to get infected by Virus.

I know to my probability is low because I do not download anything from sites that I do not know, and I do not open any attachment unless it is sent by someone that I know and the attachment is explained in the body of the email.

If you download directly files to the WHS from unknown uncontroled sources (whick is very prevalent in Torrent downloads), then you have higher probabilty to get infected.

No matter what we say here, our saying so it is Not a protection from Viruses.

You want to be protected get an Anti-Virus application.
Click to expand...

Thanks for your reply... I may not have been clear. I'm not asking for reassurance that I won't get a virus, or what my personal probability of getting infected will be. Obviously if no antivirus is installed and an infected file appears on the server then we're in trouble somewhere down the road. I think I was wondering how the trouble would manifest: would the WHS itself get infected (as in its OS files get infected, or the boot sector, etc.) or would WHS remain largely immune but serve out infected files.

I run paid AVG on my PCs and trust it, but AVG doesn't run on WHS. I fully intend to install antivirus on the server, but I'm not a security expert and don't really know how well they work. If my Mac is connected to the server and I double click an infected readme file that's stored on the server, I didn't know if that could infect the server or not (assuming that the virus slipped past the server's antivirus). That's what I was getting at.
 
Binky said:
If you open an infected file with Computer A, and the file resides on the WHS machine, Computer A is at risk of infection, not the WHS machine. In general, the WHS machine won't be infected by anything initiated from another computer. Keep in mind that anything you do on the WHS console is actually done on the WHS machine (it's basically a remote desktop connection).
Click to expand...

Ah, that helps a lot, thank you. So if a file is downloaded by Computer A directly to the WHS, is unzipped, launched, etc. then WHS won't be infected. But if a WHS add-in downloads the infected file and similarly manipulates it, then it could infect the WHS machine.

In my week of research, I've read of a lot of people using WHS machines to download content via bittorrent and usenet, with the download software residing on WHS. I wonder how they all protect themselves then.
 
smirk said:
Ah, that helps a lot, thank you. So if a file is downloaded by Computer A directly to the WHS, is unzipped, launched, etc. then WHS won't be infected. But if a WHS add-in downloads the infected file and similarly manipulates it, then it could infect the WHS machine.
Click to expand...

It really depends on what the malware is. A simple annoying trojan that causes pop ups likely will not be a problem. There are many malware though that are designed to exploit local networks and those do pose a threat to not just the WHS box but every other pc on the network. One of the latest ones Knebler was very intelligent on spreading in networks and was able to grab SSL certificates off corporate networks by being introduced into the networks from just one pc. It managed to steal 1800 unique certificates from banks and corporations before being discovered.


In my week of research, I've read of a lot of people using WHS machines to download content via bittorrent and usenet, with the download software residing on WHS. I wonder how they all protect themselves then.
Click to expand...

I have spent a lot of time over the years studying virus and malware code and really the best thing you can do is be smart. AV is a good start but nowhere near completely safe due to how it works. If nobody has reported the virus then the AV will not have the signature and will most likely miss detection.

If you download a exe and cannot trust the sender I always extract the contents first. There is a program called universal extractor that will extract most .exe files. Then you can look in the extracted directory to see if anything looks odd. Usually malware is added by taking a valid setup.exe , adding the malware and bundling it up with something like nullsoft installer. So when you extract and see another setup.exe and another .exe named like winhost.exe you know you have found malware.

http://legroom.net/software/uniextract
 
Modelworks said:
If you download a exe and cannot trust the sender I always extract the contents first. There is a program called universal extractor that will extract most .exe files. Then you can look in the extracted directory to see if anything looks odd. Usually malware is added by taking a valid setup.exe , adding the malware and bundling it up with something like nullsoft installer. So when you extract and see another setup.exe and another .exe named like winhost.exe you know you have found malware.
Click to expand...

Thanks for the good information. Just to make sure I'm clear, is explicitly opening a file the only way a virus/trojan/malware can gain a foothold? If so, I suppose I could store all my data on the WHS but not actually open/execute it from there. When I want to use it, I'd copy it down to my local machine and use it from there. I was under the impression, though, that virii could spread merely by being referenced (like right clicking and choosing Properties, by moving to a different directory, etc.). If that's not the case then my current safeguards (downloading via the Mac, testing in a sandboxed VMWare environment) will still work.

I thought I knew a fair amount about viruses but in thinking about all this I see I really have no clue. Now I'm wondering if a brand new virus could attach itself to an MP3, for example, which goes undetected by the WHS antivirus scanner and then spreads into the WHS OS when it is served out by the WHS iTunes server. I think I'm sounding paranoid.
 
There are a couple of things that would minimize malware infections on WHS.

This is assuming that:
a) web browsing is not being done directly on the WHS
b) third-party applications aren't being run on WHS
c) other computers on the network have have an antivirus program installed installed

1) Windows Firewall is enabled by default. This should protect against many network-based infections.
2) Automatic Updates are enabled by default. Again, this should protect against many network-based infections.
3) Simply STORING malware-contaminated files on WHS or running those files from a client PC won't cause an infection of the WHS server.
4) Client PC backups made and stored on WHS likely have zero chance of infecting the WHS server.
 
Awesome. Number three was the one I was most worried about, so it seems that I'll probably be ok.

I won't run third-party applications on WHS, at least not ones that are suspect. I'm assuming that executing a third-party usenet client or Folding@Home client or something like that isn't what you meant when you issued warning (b).

Thanks for the patience and terrific explanations, you guys. I am starting to get excited about putting this all together!
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top