Re: Begs a question: AV in Linux



The following message was submitted to the list by Alexander Klimov.


From: Alexander Klimov <alserkli@xxxxxxxx> To: focus-linux@xxxxxxxxxxxxxxxxx Subject: Re: Begs a question: AV in Linux

Since there are quite a few replies let me elaborate. There are two
types of viruses: those that exploit software vulnerabilities and
those that exploit wetware (that is a PEBKAC).

Even if a software bug was a zero-day when the virus was written
(TTBOMK this is very uncommon), the bug immediately becomes known once
the virus is released. Unlike some other OSes, with any good Linux
distribution it is quite easy to live most of the time without known
vulnerabilities in your system. Now if you have a system with no
vulnerabilities exploitable by known viruses none of them can
compromise your system -- you cannot get better results from an AV
(AFAIK `unknown virus detection' is more marketing than reality).

There are wetware exploits ranging from simple `send this message to
five friends and you will get ...,' and `run this file to see photo of
...' to more sophisticated `use ~/ switch for rm to ...' and `yeah, I
also had this problem with wireless driver; execute the following as
root to solve it: wget ...'. I am not sure I understand how sharing
files with Windows can be dangerous but probably it is in this
category as well, e.g., `run this file to see photo, and yes, you need
to run it on a windows box.'

BTW do not get me wrong: if I say that AV is useless (or, worse, it
can have its own vulnerabilities) it does not mean that you should not
use a firewall in both directions or check integrity of system files.

--
Regards,
ASK