Building standardised operating system images makes it faster to deploy new desktops and new virtual machines. However, while it makes sense to bundle in software that will be used with those images, there’s one big exception: anti-malware and security software.
The reason, as MVP Mikael Nystrom explained in a presentation at last week’s Microsoft Management Summit (MMS), is that it ultimately won’t save you any work:
I wouldn’t put any anti-virus in my reference image It’s old the same minute I install it. It needs to be updated, and the update process normally takes more time than actually installing it. Therefore I don’t gain any time, so it’s pointless.
That same logic can apply in other areas. “I wouldn’t normally put Acrobat Reader in it either,” Nystrom said. “There’s nothing wrong with Acrobat Reader, but they update it very frequently. I wouldn’t put Java on for the same reason.”
Leaving out security software also accords with the general principle that a slimmer image is better. “We fight really hard to keep a thin image,” said MVP Johan Arwidmark during the same presentation. “It will give you the most flexibility. The more stuff you pack in a WIN file, the less flexible it will be when you actually deploy it and the more likely you are to have to update it.”