Re: Begs a question: AV in Linux



Quoting Moderator <mod-linux@xxxxxxxxxxxxxxxxx>:

The following message was submitted to the list by Alexander Klimov.
[...]
Since there are quite a few replies let me elaborate. There are two
types of viruses: those that exploit software vulnerabilities and
those that exploit wetware (that is a PEBKAC).

And there are _many_ kinds of linux systems and users.

the virus is released. Unlike some other OSes, with any good Linux
distribution it is quite easy to live most of the time without known
vulnerabilities in your system.

If you run wine, zen, mach, vmware, or anything that runs or can run windows (or another vulnerable OS), than you should run AV in at least the virtual machine, and preferably in both linux and virtual machine.

If you run openoffice, you are open to macro viruses and all the same
things that hit MS Office apps, and you should run an AV if you don't
want to be a hit by them, or spread them to others.

Now if you have a system with no
vulnerabilities exploitable by known viruses none of them can
compromise your system -- you cannot get better results from an AV
(AFAIK `unknown virus detection' is more marketing than reality).

True. But you can help spread them. Of course there is the obvious examples of linux machines which are file servers and mail servers and the like. Why would you want these spreading viruses? But even regular office user linux machines can spread around viruses via file transfers (forwarding e-mail, swaping floppies or usb devices, burning cd-roms, etc). Maybe not a big deal if you only deal with other linux machines, but if you interact with people using other OS's do you really want to be the one who passed a virus on to them?

root to solve it: wget ...'. I am not sure I understand how sharing
files with Windows can be dangerous but probably it is in this
category as well

It is dangerous for other windows users you give the file to, or dangerous to you if you run windows in a VM environment in linux, or run OpenOffice or other windows-software emulation software.

BTW do not get me wrong: if I say that AV is useless (or, worse, it
can have its own vulnerabilities) it does not mean that you should not
use a firewall in both directions or check integrity of system files.

AV software _may_ be useless depending on your environment. I run it on my linux mail server, and it is not worthless to me or my users, since half my users run Windows and Mac machines. They thank me for not exposing them to the viruses via their e-mail. You could make the same type of arguments for file servers, etc.

Yes, you _may_ not need a AV product on your linux machine.  Then again,
you _may_ need one.  It depends on how you use the machine, what you run
on the machine, and how you and that machine interact with others.

The real-world example is how it is illegal most places to knowingly infect
other people with a human virus that you know you carry.  It does not matter
if you are immune to it or not, the law reflects the fact that others are not
and that you should not knowingly spread it to them as you know it can cause
them harm.

Use a similar principle in computers and networks.  If you know your
computer has or is likely to spread viruses to others and could cause harm
to them, then the _responsible_ thing to do is to run AV software on your
machine to try to prevent that.   If you know your computer is
_highly unlikely_ to spread viruses to others, and should not pose any
virus risk to others, then there is no need to run AV software if you
don't want to (and may be very good reasons not to, in fact).

--
Regards,
ASK

-- Eric Rostetter The Department of Physics The University of Texas at Austin

Go Longhorns!



Relevant Pages

  • Re: Begs a question: AV in Linux
    ... with any good Linux distribution it is quite easy to live most of the time without known vulnerabilities in your system. ... Now if you have a system with no vulnerabilities exploitable by known viruses none of them can compromise your system -- you cannot get better results from an AV. ... files with Windows can be dangerous but probably it is in this ...
    (Focus-Linux)
  • Re: Dont Waste Your Time With Linux
    ... There are, however, plenty of other ways to ... > covered a bit more than just viruses. ... basic vulnerabilities exist on any OS, but it's just a question of degree. ... Linux may be vastly more secure than Windows, but that by itself isn't much ...
    (comp.os.linux.misc)
  • Re: Begs a question: AV in Linux
    ... Spam, worms and viruses take a significant amount of bandwidth in most systems, so they do affect in an indirect way my linux box... ... those that exploit software vulnerabilities and those that exploit wetware. ... office user linux machines can spread around viruses via file transfers ... computer has or is likely to spread viruses to others and could cause harm ...
    (Focus-Linux)
  • Re: [Full-Disclosure] Viral infection via Serial Cable
    ... Current viruses do not even need user ... some expect to contact a stupid user who's using some ... The worms are using servers and their vulnerabilities (and the admin ... There were no known way for automatically execute the ...
    (Full-Disclosure)
  • Re: disassembler for Linux
    ... > Occasionally I get viruses for Windows in my email. ... > anything on Linux machines, I don't mind them much, but sometimes I get ... You mean the viruses aren't Open Source? ...
    (comp.os.linux.misc)