AntiVirus?

Mike Hearn mike at navi.cx
Sun Mar 20 14:16:18 UTC 2005 

On Sat, 19 Mar 2005 16:51:43 -0500, Gregory Maxwell wrote:
> If an untrusted source can execute code on your computer the game is over.

Web browsers do that all the time with JavaScript. So it's not over, you
just have to be careful.
 
> Antivirus makes sense when thats all you can do, ... when you're on a
> platform of proprietary software with no ability to test or improve the
> code running there.   

No, anti-virus makes sense because the moment a bug is fixed the
fix does not appear on peoples systems. Online update for most Linux
distros is useless for dialup users, and worse most online update sites
can be taken down by a well timed DDoS anyway.

> The viruses and worms that have grown up on windows have now reached a
> level of sophistication that simple pattern matching isn't good
> enough...

I disagree. While it's true that you can write very sophisticated viruses,
the most prevalent viruses are actually very simple. A virus scanner
doesn't have to work 100% of the time to be useful.

> Lets worry about antivirus software if the day ever comes that
> mass-spreading pathogens outpace the communities ability to actually fix
> the code, until then using such tools would only slow our pace of fixing
> actual bugs... 

As already pointed out, bugfixes don't instantly appear on peoples
desktops. There are still a significant number of people running
completely unpatched, out of the box Red Hat 9 installs. This situation
will not change anytime soon, no matter how much we might like it to.

>                Virus scanners don't generally solve the problem of
> one-off attacks by qualified and determined adversaries, which is a much
> more dangerous threat in many ways...  Fixing bugs stops them and they
> also stop the bulk spreading stuff, and fixing bugs is something we can
> do in the free software world that is much harder in the proprietary
> code world.

If that was true then nothing on my desktop would ever crash, and
everything would have wonderful usability. That's clearly wrong, therefore
I think it's also wrong that being open source gives people immunity to
bugs (of which there will always be more).

Developing a native anti-virus system *now* before the shit hits the fan,
can only be a good idea. If nothing ever happens, then it was merely
wasted effort. Hell, if I had infinite amounts of spare time I'd do it,
it's an interesting enough problem. Saying that bugfixing is a suitable
replacement implies that Windows users who enabled automatic update don't
need a virus scanner anymore, which I'm not convinced is true.

thanks -mike

More information about the fedora-devel-list mailing list