Virus software? do I need it?

[James Wilkinson]

Jeffrey Engle wrote:
> Is virus software a must have? I'm trying Fedora 9, used Mac OS X for  
> years without it. What say you? Jeff

There is a school of thought that says both traditional viruses and
traditional anti-virus are becoming obsolete. Malware is changing, and
traditional anti-virus is not keeping up.

Desktop systems these days are most likely to be compromised either
through bugs in browsers (or browser-related software such as flash, or
conceivably an office suite, if the user can be enticed to open a Word
document), or through users deliberately installing something that’s
presented as (for example) a video codec.

Very often, the user will be encouraged to visit a website hosting the
malware through spam. The malware won't be in the spam, and traditional
anti-virus techniques won’t spot anything. Anti-spam techniques *will*
stop most spam, but no credible anti-spam technique claims to stop 100%
of spam.

In any case, the malware will be hosted on a computer that is controlled
by the BadGuys. They get to choose which version of the malware they
make available, and they can change it at a moment’s notice. By the time
the anti-virus companies have got signatures out, the BadGuys can have
changed the malware five times. The BadGuys are in league with serious
criminals, and have serious amounts of resources. The anti-virus
companies are losing this race.

And malware is no longer aimed at the computer, or the OS. They’re after
money – either through getting the computer to send spam, or steal
credit card details, or extortion, or whatever. If malware can run as
you, then they’ve got nearly everything they want.

What does this mean for Fedora (and Mac OS)?

Firstly, security updates are your main line of defence. They are as
important as anti-virus ever was.

Secondly, the BadGuys will get to know of security vulnerabilities fast,
possibly before Fedora does. You can help protect yourself by limiting
your exposure. SELinux won’t do you much good (yet), but something like
NoScript (a Firefox add-on) which disables Javascript and Flash, except
when you really want them, will mean that you will probably be running a
lot less code should you visit a website controlled by the BadGuys,
which means there will be less security bugs lurking.

Thirdly, the scarcity of Mac and Linux installs aren’t helping as much
as they used to. The BadGuys can detect what you’re running and launch
an appropriate attack. They’re already doing this for Firefox and
Internet Explorer on Windows.

Most importantly, a thinking user is a *lot* less likely to get infected
on any platform. If you wonder “why is this postcard site getting me to
install this add-in?” then you might not install the malware. If you
just click “OK” (or “Allow”) without even reading the associated
messages, treating “OK” as the computer equivalent of “use a hammer on
it”, then you’re much more likely to “OK” a virus install.

Unfortunately, it’s still way too easy on Fedora to install third-party
Firefox add-ins.

James.

-- 
E-mail:     james@ | Blinking text seems awfully archaic and old-fashioned in
aprilcottage.co.uk | these days of flash and javascript atrocities, but we had
                   | to manage to get annoyed at the technology that was
                   | available at the time; you youngsters won't understand.
                   |     -- http://lwn.net/Articles/140450