Comments on: Do you need an anti-virus even with Linux? http://thetoddtoday.com/2008/03/25/do-you-need-an-anti-virus-even-with-linux/ Technology & Politics Thu, 11 Mar 2010 19:56:36 +0000 http://wordpress.org/?v=2.7.1 hourly 1 By: big virus coming http://thetoddtoday.com/2008/03/25/do-you-need-an-anti-virus-even-with-linux/comment-page-1/#comment-38 big virus coming Fri, 06 Jun 2008 23:29:58 +0000 http://thetoddtoday.com/2008/03/25/do-you-need-an-anti-virus-even-with-linux/#comment-38 [...] that where there's a will there's a way and that way will probably be found. Viruses, spy-ware, roohttp://thetoddtoday.com/2008/03/25/do-you-need-an-anti-virus-even-with-linux/serious virus comingMay 3, 2008 ... big virus coming I checked with Norton Anti-Virus, and they are [...] [...] that where there’s a will there’s a way and that way will probably be found. Viruses, spy-ware, roohttp://thetoddtoday.com/2008/03/25/do-you-need-an-anti-virus-even-with-linux/serious virus comingMay 3, 2008 … big virus coming I checked with Norton Anti-Virus, and they are [...]

]]> By: Akshat http://thetoddtoday.com/2008/03/25/do-you-need-an-anti-virus-even-with-linux/comment-page-1/#comment-6 Akshat Wed, 26 Mar 2008 17:50:05 +0000 http://thetoddtoday.com/2008/03/25/do-you-need-an-anti-virus-even-with-linux/#comment-6 ClamAv is only for windows viruses. It gives you the liberty to scan a win format file like an exe before sending it to a friend on a windows computer. Linux viruses exist but you have to specifically install them, give them root permission. The only way I believe you can get virus in future will be through poisoned repositories. ClamAv is only for windows viruses. It gives you the liberty to scan a win format file like an exe before sending it to a friend on a windows computer.
Linux viruses exist but you have to specifically install them, give them root permission. The only way I believe you can get virus in future will be through poisoned repositories.

]]> By: Philluminati http://thetoddtoday.com/2008/03/25/do-you-need-an-anti-virus-even-with-linux/comment-page-1/#comment-5 Philluminati Wed, 26 Mar 2008 16:40:06 +0000 http://thetoddtoday.com/2008/03/25/do-you-need-an-anti-virus-even-with-linux/#comment-5 Viruses and Worms as you know are programs written specifically to spread through computer systems by exploiting vulnerabilities. I feel the best way to stop Virus and Worms is to fix the flaw that allows them to spread. Anti-virus is a piss poor, money grabbing service that doesn't make sense. If your machine is compromised you can't trust what it says. Anti-virus systems *could* be proactive by telling you what viruses you are *vulnerable* too, but they don't because it's harder to sell. In the face of security on important systems (or even just home systems) Virus detection software is a lost cause on a machine and isn't academically the best solution. Monitoring network traffic for virus signatures is a different story but it's for a different purpose so I won't digress. Anyway, Unlike Windows who up to Vista have only been reactive to security problems, Linux is much more proactive. For example, even though there are no Virus for Linux yet, NSA have already added "SELinux" enhancements to the kernel. SELinux enhancements essentially allows you to set security to *extremely* fine grained level, so for example, your Apache user may never be able to listen on any network port but 80 or cannot write into the /tmp directory. These are rights much more finely grained than standard user permissions. The idea is that every system call the Apache software makes is described in a security configuration file assigned to the Apache user account which runs the Apache software. This way if a buffer overflow attack allows a remote hi-jacker to inject code in to the Apache app, which runs as the Apache user, SE Linux will make any new or different system calls fail. Also, think about how Anti-virus works. Every month you download some definitions. Until you download them you are vulnerable to the attack and afterwards you merely notified of the attack. If you run Apt or Yum update every month you download security fixes. Until that point your vulnerable but afterwards your safe against it. It's almost the same system but with fixes rather than detection. Viruses and Worms as you know are programs written specifically to spread through computer systems by exploiting vulnerabilities. I feel the best way to stop Virus and Worms is to fix the flaw that allows them to spread. Anti-virus is a piss poor, money grabbing service that doesn’t make sense. If your machine is compromised you can’t trust what it says. Anti-virus systems *could* be proactive by telling you what viruses you are *vulnerable* too, but they don’t because it’s harder to sell. In the face of security on important systems (or even just home systems) Virus detection software is a lost cause on a machine and isn’t academically the best solution. Monitoring network traffic for virus signatures is a different story but it’s for a different purpose so I won’t digress.

Anyway, Unlike Windows who up to Vista have only been reactive to security problems, Linux is much more proactive. For example, even though there are no Virus for Linux yet, NSA have already added “SELinux” enhancements to the kernel. SELinux enhancements essentially allows you to set security to *extremely* fine grained level, so for example, your Apache user may never be able to listen on any network port but 80 or cannot write into the /tmp directory. These are rights much more finely grained than standard user permissions. The idea is that every system call the Apache software makes is described in a security configuration file assigned to the Apache user account which runs the Apache software. This way if a buffer overflow attack allows a remote hi-jacker to inject code in to the Apache app, which runs as the Apache user, SE Linux will make any new or different system calls fail.

Also, think about how Anti-virus works. Every month you download some definitions. Until you download them you are vulnerable to the attack and afterwards you merely notified of the attack. If you run Apt or Yum update every month you download security fixes. Until that point your vulnerable but afterwards your safe against it. It’s almost the same system but with fixes rather than detection.

]]>