Anti-virus Programs
Charles Howse
chowse at charter.net
Thu Jan 29 19:04:55 UTC 2004
On Wednesday 28 January 2004 11:35 pm, stephan schutter wrote:
> Try F-prot! It is free for peronal use on linux.
>
> Steve Bergman wrote:
> > Carter J. Castor wrote:
> >> I know that the number and popularity of viruses for Linux is extremely
> >> lower than Windoze; however, I am on a university network that has
> >> viruses floating around like an AIDS convention so I would like to have
> >> some sort of anti-virus program running in the background. The ones I
> >> find are either a) commercial apps b) exclusively for e-mail c) open
> >> source ones that don't look very complete. What do you guys use for
> >> non-email based virus scanners?
> >
> > You pretty much answered your own question. There are about as many
> > linux viruses on your network as there are HIV virus particles floating
> > around at an AIDS convention. In other words, none. HIV does not
> > "float around". However, worms and trojans do exist, as well as regular
> > old exploits, etc. A scanner would be of no help for regular exploits,
> > although it *might* be of some benefit with trojans. But only after the
> > fact. Once the trojan has been run even once, your whole box is a
> > potential security risk whether the trojan executable has been removed
> > or not.
> >
> > Scanning for virii after the fact is pretty poor as a security policy.
> > Has that policy stemmed the flow of virii in the Windows world?
> >
> > Ask yourself how you think your machine might become infected. Are you
> > keeping your box updated with security patches from your vendor? This
> > is your best defense against remote network exploits. Are you running
> > network services that are visible to the network? This is a vector for
> > "worms", not virii. Are you running executables from an untrusted
> > source? That's how you get trojans. Are you running as root
> > unnecessarily? To be honest, I have always found the arguments for not
> > running as root to be rather flimsy, but it is still a good idea. If
> > you do happen to run a trojan, you at least can contain and isolate the
> > contamination more easily, though you could still lose all your data,
> > which is usually more valuable than the 30 minute OS installation. Are
> > you doing backups?
> >
> > Personally, I hate these "there's no magic bullet" answers when they are
> > used to argue against things like transpernt buffer overflow prevention
> > in compilers, which have a real, though not "magic bullet" benefit. But
> > I just don't see Linux virus scanning being of much value.
FYI, http://www.f-prot.com/virusinfo/unix.html reports that there are only 2
virii infecting Unix systems, 1 is targeting BSD systems running a vulnerable
version of Apache, and the other is targeting Linux systems running Apache w/
Open SSL enabled
--
Charles Howse
Jackson, TN
Fedora Core 1 Uptime: 4:38
More information about the fedora-list
mailing list