Re: [AntiVirus + Ubuntu] was - Re: And another Ubuntu convert!


On Jan 21, 2009, at 10:50 PM, NoOp wrote:

On 01/21/2009 03:10 PM, Mario Vukelic wrote:
On Wed, 2009-01-21 at 16:40 -0500, Mark Haney wrote:
Yes a kernel upgrade fixed THAT ONE. But may I remind you that you
really need to google something before you spout nonsense.

http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses

If you search the list archives, you will find a post of mine where I
demonstrate for each one (IIRC) of them that they were either
unsuccessful proof-of-concepts, or were possibly release but never
actually seen in the wild and in any case haven't propagated for years.

Better, read more than one link level deep for yourself and then come
back.

As of today, no known viruses exist in the wild, the same situation as
1996. Given the rise of popularity that GNU/Linux systems have seen
since then, I don't know how much credibility you can derive for your
"it's about popularity" theory. Heck, 30% or more of internet servers
run some linux distro or other, and there's not exactly an epidemic.

I *do* support diligence, but in the right areas (good code, sane
policies, sane behavior, etc.). Following a road that has utterly FAILED
for Windows won't work.



Perhaps you fail to take into consideration the enviroment(s)?

https://help.ubuntu.com/community/Antivirus

Even in a simple dual-boot environment it is a good idea to at least be
aware of AV tools, and actually use them.

Further, making statements such as "no known viruses exist in the wild"
for linux is just plain silly, but I think you already know that.
Malware, rootkits, trojans, vulnerabilities et al *do* exist for linux
- particularly servers, and will increase as desktop versions become
more popular.

One could ignore the fact that many botnets are linux machines with ELF
backdoor viruses with Linux/Rst-B for example, but these seem to be
pretty real:

http://ubuntuforums.org/showthread.php?t=224805
[my server just got hacked by the LINUX/Rst.B virus!]
<http://www.shandyking.com/2006/04/20/linux-exploit-linuxrstb-my-server-was-just-hacked/ >

If you read the second article, you'll notice near the bottom of the post that the server was originally hacked through the news user. The hacker then had to gain root access, then finally install the "virus". Also, if you check the virus description out on Norton, you'll see that the risk level for the virus is VERY LOW. This is where the difference comes in between Windows and *NIX OS's. The security model is completely different. The thing with Linux "viruses" is that the majority of them must be run as 'root' for them to do any real damage. To be run as root, the user either must be logged-in as root and run them, or they must sudo to run them. In most cases, the viruses rely on a fair amount of social engineering to get the user to run them with root privileges. Very few, if any, can gain root privileges on their own (unless they exploit a bug in another program) without user interaction.

In contrast, until Vista, most Windows users run with administrator (Windows's equivalent to root) privileges. So, any application run by the user essentially runs with administrative access to the OS. This is the real reason why there are more Windows viruses than there are for the *NIX variants out there. It's just *easier* to write viruses for Windows, and it's easier for them to actually do damage and run with privileged access.

The reason most people would run an anti-virus program on a Linux desktop would be to prevent the spread of Windows viruses through their Linux box (just to prevent their system from being a "carrier" to use a medical term). The biggest place for anti-virus software on Linux is in the server segment where the server is either acting as a mail server, or is handling Windows files frequently.

Also, with regards to a past post talking about an increase in the number of Mac viruses. A lot of those viruses are due to default configurations of services being insecure. They're due to poorly chosen defaults as opposed to an inherently insecure OS design.

It doesn't hurt to have anti-virus software installed on your Linux desktop, but it's not essential like it is when running Windows.

Attachment: PGP.sig
Description: This is a digitally signed message part

--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Relevant Pages

  • Re: New To Linux
    ... A file can be user root and group root, but when yo uhave a look you will ... The concept behind Linux IS confusing for someone accustomed to windows, ... execute, delete). ... In windows you are always an Administrator unless you use explicitely the ...
    (alt.os.linux.suse)
  • Re: ClamAv: is anyone paying attention?
    ... differentiate viruses, worms, and trojans by their attack vector: ... Al those scanners (and that goes for the Windows ones ... Show me a valid link to a virus that poses a threat, ... windows viruses are not a threat to a Linux machine ...
    (Ubuntu)
  • Re: What is seen in Local Network ? (newbie)
    ... That's because Linux doesn't communicate with SMB ... Windows. ... YaST is pretty comprehensive. ... If you run YaST as a normal user, it should ask you for root password ...
    (alt.os.linux.suse)
  • Re: virusscanner
    ... Are there good virusscanners for Linux, ... box than you are on a Windows machine. ... email in which the virus was transmitted. ... Log in as root to download the "virus" ...
    (alt.os.linux.suse)
  • Re: New To Linux
    ... > A file can be user root and group root, but when yo uhave a look you will ... > The concept behind Linux IS confusing for someone accustomed to windows, ... > User Read write execute ... > In windows you are always an Administrator unless you use explicitely the ...
    (alt.os.linux.suse)