Anti-virus Programs

Charles Howse chowse at charter.net
Thu Jan 29 19:04:55 UTC 2004 

On Wednesday 28 January 2004 11:35 pm, stephan schutter wrote:
> Try F-prot! It is free for peronal use on linux.
>
> Steve Bergman wrote:
> > Carter J. Castor wrote:
> >> I know that the number and popularity of viruses for Linux is extremely
> >> lower than Windoze; however, I am on a university network that has
> >> viruses floating around like an AIDS convention so I would like to have
> >> some sort of anti-virus program running in the background.  The ones I
> >> find are either a) commercial apps b) exclusively for e-mail c) open
> >> source ones that don't look very complete.  What do you guys use for
> >> non-email based virus scanners?
> >
> > You pretty much answered your own question.  There are about as many
> > linux viruses on your network as there are HIV virus particles floating
> > around at an AIDS convention.  In other words, none.   HIV does not
> > "float around".  However, worms and trojans do exist, as well as regular
> > old exploits, etc.  A scanner would be of no help for regular exploits,
> > although it *might* be of some benefit with trojans.  But only after the
> > fact.  Once the trojan has been run even once, your whole box is a
> > potential security risk whether the trojan executable has been removed
> > or not.
> >
> > Scanning for virii after the fact is pretty poor as a security policy.
> > Has that policy stemmed the flow of virii in the Windows world?
> >
> > Ask yourself how you think your machine might become infected.  Are you
> > keeping your box updated with security patches from your vendor?  This
> > is your best defense against remote network exploits.  Are you running
> > network services that are visible to the network?  This is a vector for
> > "worms", not virii.  Are you running executables from an untrusted
> > source?  That's how you get trojans.  Are you running as root
> > unnecessarily?  To be honest, I have always found the arguments for not
> > running as root to be rather flimsy, but it is still a good idea.  If
> > you do happen to run a trojan, you at least can contain and isolate the
> > contamination more easily, though you could still lose all your data,
> > which is usually more valuable than the 30 minute OS installation.  Are
> > you doing backups?
> >
> > Personally, I hate these "there's no magic bullet" answers when they are
> > used to argue against things like transpernt buffer overflow prevention
> > in compilers, which have a real, though not "magic bullet" benefit.  But
> > I just don't see Linux virus scanning being of much value.

FYI, http://www.f-prot.com/virusinfo/unix.html reports that there are only 2 
virii infecting Unix systems, 1 is targeting BSD systems running a vulnerable 
version of Apache, and the other is targeting Linux systems running Apache w/ 
Open SSL enabled

-- 
Charles Howse
Jackson, TN
Fedora Core 1 Uptime:  4:38

More information about the fedora-list mailing list