Re: Begs a question: AV in Linux



The following message was submitted to the list by Alexander Klimov.


From: Alexander Klimov <alserkli@xxxxxxxx> To: focus-linux@xxxxxxxxxxxxxxxxx Subject: Re: Begs a question: AV in Linux

Since there are quite a few replies let me elaborate. There are two
types of viruses: those that exploit software vulnerabilities and
those that exploit wetware (that is a PEBKAC).

Even if a software bug was a zero-day when the virus was written
(TTBOMK this is very uncommon), the bug immediately becomes known once
the virus is released. Unlike some other OSes, with any good Linux
distribution it is quite easy to live most of the time without known
vulnerabilities in your system. Now if you have a system with no
vulnerabilities exploitable by known viruses none of them can
compromise your system -- you cannot get better results from an AV
(AFAIK `unknown virus detection' is more marketing than reality).

There are wetware exploits ranging from simple `send this message to
five friends and you will get ...,' and `run this file to see photo of
...' to more sophisticated `use ~/ switch for rm to ...' and `yeah, I
also had this problem with wireless driver; execute the following as
root to solve it: wget ...'. I am not sure I understand how sharing
files with Windows can be dangerous but probably it is in this
category as well, e.g., `run this file to see photo, and yes, you need
to run it on a windows box.'

BTW do not get me wrong: if I say that AV is useless (or, worse, it
can have its own vulnerabilities) it does not mean that you should not
use a firewall in both directions or check integrity of system files.

--
Regards,
ASK



Relevant Pages

  • Re: ClamAv: is anyone paying attention?
    ... differentiate viruses, worms, and trojans by their attack vector: ... Al those scanners (and that goes for the Windows ones ... Show me a valid link to a virus that poses a threat, ... windows viruses are not a threat to a Linux machine ...
    (Ubuntu)
  • Re: [AntiVirus + Ubuntu] was - Re: And another Ubuntu convert!
    ... run some linux distro or other, and there's not exactly an epidemic. ... making statements such as "no known viruses exist in the wild" ... This is where the difference comes in between Windows and *NIX OS's. ... The thing with Linux "viruses" is that the majority of them must be run as 'root' for them to do any real damage. ...
    (Ubuntu)
  • Re: M$ attack on Common Sense
    ... Doesn't your Linux news reader support a spelling checker? ... Linux Still Less Secure Than Windows ... which has been tracking and verifying computer-based vulnerabilities ... > see in the Unix world you can connect to other machines and run ...
    (comp.os.linux.misc)
  • Re: M$ attack on Common Sense
    ... Doesn't your Linux news reader support a spelling checker? ... Linux Still Less Secure Than Windows ... which has been tracking and verifying computer-based vulnerabilities ... > see in the Unix world you can connect to other machines and run ...
    (alt.computer.security)
  • Re: M$ attack on Common Sense
    ... Doesn't your Linux news reader support a spelling checker? ... Linux Still Less Secure Than Windows ... which has been tracking and verifying computer-based vulnerabilities ... > see in the Unix world you can connect to other machines and run ...
    (comp.os.ms-windows.nt.admin.security)