Scanning of file shares is important. You cannot be sure that every machine on your network that has access to that file share has the same, running, correctly configured, up to date, active antivirus application running.
You also can't be sure your UNIX system sharing files to Windows machines (or other NAS) wasn't compromised and used to seed infected files into shares used by those Windows machines.
If you simply don't use UNIX or NAS systems to run file shares for Windows domains, you can put AV on the Windows server sharing the files and have it scan on access, and avoid that 'whole system' scan issue.
There's a huge difference between 'root' and 'elevated privileges'. Especially in a Windows environment (which most are these days) - 'Power Users' or other users granted elevated privileges to do things like 'installing their own printer drivers', don't have administrative control over the machine or the domain, but have elevated privileges that can be used to exploit the attack vector. Such privilege is widely used in large corporate environments, and so it shouldn't be discounted.
I'm mixed on the topic of fire-walling off known attacker addresses. Sure, it won't stop anybody willing to put in even tiny effort. It will, however, stop you from getting nailed because someone forgot to update that wordpress system they forgot to tell you they were running.
If you have perfect CM (hah), sure, go ahead and ignore the junk scanners on the interwebs. If you have less than perfect CM, such things may help save your ass in a situation you shouldn't be in in the first place.
Well said. I've never considered it that way.
| No system is perfect.
A perfect system is an unplugged system.
I'll grant you, these types of systems are rare - but they do exist.
I like that quote, do you recall the owner?