Re: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause

From: Bruce Ediger (
Date: 01/17/04

  • Next message: Travis Good: "[Full-Disclosure] for security people you are piss poor at spotting trolls."
    Date: Sat, 17 Jan 2004 08:43:52 -0700 (MST)

    On Fri, 16 Jan 2004, David F. Skoll wrote:

    > Not running A/V software on a Linux box is no risk at all. Even the
    > McAffee A/V software wouldn't detect a worm in time to do any good.
    > You can take the following simple precautions (which I do): Mount /tmp
    > noexec, and if you're really paranoid, mount /home noexec also. That
    > pretty much kills any propagation vector for viruses.

    The commercial anti-virus people have never really addressed the
    lack of in-the-wild viruses for the unixes in general, and linux
    in particular. Or, back in the day, why didn't VMS suffer from
    a plague like DOS did and Windows does?

    Not to beat a dead horse too hard, but maybe the small amount of
    discretionary access controls (user, group, other, rwx) that typical
    unix/linux installations have is enough to prevent viral epidemics?

    Perhaps the greater "ecodiversity" of email clients, filesystem layouts,
    mail transfer agents, HTTP severs and version variation of the above
    provides enough resistance to avoid epidemics and pandemics.

    Perhaps acknowledging that the big DOS and Windows virus problems were
    boot sector, Word macro and Outlook viruses would help clarify the

    Instead, we've got the "Linux isn't 100% immune so Linux users should
    run anti-virus software, too" scaremongering that flies in the face
    of observed reality.

    Full-Disclosure - We believe in it.

  • Next message: Travis Good: "[Full-Disclosure] for security people you are piss poor at spotting trolls."

    Relevant Pages

    • Re: read-only file systems
      ... Subject: read-only file systems ... On 'touchy' solaris/linux systems ... /var rw,nosuid (noexec on linux) ...
    • Re: /tmp permissions
      ... Quoting dick hoogendijk: ... That should probably be on linux, because on my fbsd-6.1 box it's "rw" ... Most "kiddie scripts" will attempt to run items out of /tmp, by adding noexec you prevent items from executing out of the applied directory. ...