Anti-virus Programs

stephan schutter rhl at farorbit.com
Thu Jan 29 05:35:58 UTC 2004


Try F-prot! It is free for peronal use on linux.

Steve Bergman wrote:

> Carter J. Castor wrote:
> 
>> I know that the number and popularity of viruses for Linux is extremely
>> lower than Windoze; however, I am on a university network that has
>> viruses floating around like an AIDS convention so I would like to have
>> some sort of anti-virus program running in the background.  The ones I
>> find are either a) commercial apps b) exclusively for e-mail c) open
>> source ones that don't look very complete.  What do you guys use for
>> non-email based virus scanners?
>>
>>
>>  
>>
> You pretty much answered your own question.  There are about as many 
> linux viruses on your network as there are HIV virus particles floating 
> around at an AIDS convention.  In other words, none.   HIV does not 
> "float around".  However, worms and trojans do exist, as well as regular 
> old exploits, etc.  A scanner would be of no help for regular exploits, 
> although it *might* be of some benefit with trojans.  But only after the 
> fact.  Once the trojan has been run even once, your whole box is a 
> potential security risk whether the trojan executable has been removed 
> or not.
> 
> Scanning for virii after the fact is pretty poor as a security policy.  
> Has that policy stemmed the flow of virii in the Windows world?
> 
> Ask yourself how you think your machine might become infected.  Are you 
> keeping your box updated with security patches from your vendor?  This 
> is your best defense against remote network exploits.  Are you running 
> network services that are visible to the network?  This is a vector for 
> "worms", not virii.  Are you running executables from an untrusted 
> source?  That's how you get trojans.  Are you running as root 
> unnecessarily?  To be honest, I have always found the arguments for not 
> running as root to be rather flimsy, but it is still a good idea.  If 
> you do happen to run a trojan, you at least can contain and isolate the 
> contamination more easily, though you could still lose all your data, 
> which is usually more valuable than the 30 minute OS installation.  Are 
> you doing backups?
> 
> Personally, I hate these "there's no magic bullet" answers when they are 
> used to argue against things like transpernt buffer overflow prevention 
> in compilers, which have a real, though not "magic bullet" benefit.  But 
> I just don't see Linux virus scanning being of much value.
> 
> Steve
> 
> 
> 





More information about the fedora-list mailing list