Re: Begs a question: AV in Linux (correction)



On Sunday 05 February 2006 04:59, blahblah@xxxxxxxxxxx wrote:
Although, you may want to run AV in linux for various reasons, some
misleading points were made:

"If you run wine, zen, mach, vmware, or anything that runs or can run
windows (or another vulnerable OS), than you should run AV in at least
the virtual machine, and preferably in both linux and virtual machine."

Is a little misleading:
wine - Just because a windows exploit exists in windows, does not mean it
exists in wine. For example - if windows has a buffer exploit somewhere in
its dlls, that does not mean it will exist in wine (and vice-versa). This
is because the wine team is re-implementing the windows API without looking
at the windows code, and the implementations will differ.
snip
To make a quick counterpoint: this doesn't work when the vulnerability that is
being exploited resides on the code of the program you run under wine.

I've seen a couple of virii/worms attacking software running under wine.

And there are a couple of linux virii out there. Not a lot, but they are
there. A normal user of linux wouldn't come in contact with these, so it
isn't a reason to demand AV for linux.

That said, I agree totally with AV for linux to stop help spreading malicious
data (fileshares, email, ftp, those sort of things).

Kind regards,

Lucien Fransman
irC2

Stu