Re: virusscanner
- From: Robert Hull <Robert@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 28 Apr 2006 23:52:50 +0100
In alt.os.linux.suse, on Fri 28 April 2006 16:53, kobold <1@xxxxx>
wrote:
BearItAll <spam@xxxxxxxxxxxxx> wrote in
news:1146054880.54329.0@xxxxxxxxxxxxxxxxxxxx:
m.koezema@xxxxxxxxx wrote:It is indeed true that you are less likely to get a virus on a Linux
In the time I used Windows, i have to use a virusscanner.
Are there good virusscanners for Linux (free), and are virussus
exist for Linux?
box than you are on a Windows machine.
Correct, approximately somewhere over 273200 to 1 (and the 1 is not
viable)
One has to bare in mind that
most of the computers running in the world today, around 94% ish, are
running Windows and as a result most of the machines that get viruses
are Windows machines
Typical windozer's fallacy. The reason why there are over 273200 known
viruses and trojans for Windoze machines is that Windoze was designed
for vulnerability. Mircosoft was so intent on this that they bound one
of their virus propagators (Internet Explorer) tightly into their
operating system. No other browser was written to seek out malicious
software and execute it without the user's knowledge.
On the other hand, in real Operating Systems (Such as Unix, BSD or
Linux) no code is automatically executable simply because it has been
attached to an email. The user has to make a conscious decision to save
the code to disc, modify the attributes to render it executable, then
specifically choose to run that code.
and there is even now a great many people who run
Windows without antivirus or have machines with antivirus but which is
months or years out of date.
And the vast majority of those are passing on infections by the hour. It
is not their fault that Outlook and Outlook Express were designed to
execute viruses without the user having even consciously opened the
email in which the virus was transmitted. It is sufficient to pause
over the subject long enough to bring up the subject in the "preview
pane" and Outlook / Outlook Express will seek out any executable code
contained with the email message and execute it.
Biggest mistake you can make here is like many Linux users I know is
think your Linux box is somehow immune to virus attack as such a state
is almost impossible to achieve on any platform running any OS.
Not immune to attack, there have been proof of concept "viruses" written
every four years or so, but they all fail the definition of a virus
that states that to be a virus the code must be able to self-replicate.
You can never design any system to completely eliminate the sort of
mindless recklessness that is a pre-requisite of enabling a virus to
cause any real harm to a Linux system. To make a so-called "Linux
Virus" run just the once, the user would need to make a conscious
decision to behave in a reckless manner not once, not twice, not three
times but a minimum of *four* times:
1 Log in as root to download the "virus"
2 Save the "virus" to disk
3 Alter the attributes to render it executable
4 Execute the "virus" as root
One thing I have noticed with a lot of desktop Linux users these days
is they rarely type in their root password when they need to carry out
administrative tasks preferring to click the check box that says just
remember the password from now on.
SO then for next time that they perform that operation, they will not
need to enter the root password again, that does not alter the fact
that a so-called "linux Virus" would not be executable at the point
that it entered the user's system.
As anyone who uses Linux as a desktop OS will tell you it soon becomes
a complete and utter ball ache having to type in your root password
twenty times a day just to do a days work.
That is why it is not necessary to operate as root just to "do a day's
work". User programs run as user not as root, this is in direct
opposition to the Windows model where you can have a "non privileged"
user, but they cannot run any task that makes use of the registry.
The Windows user therefore soon learns that they need to be
"administrator" just to check their virus definitions, check whether
they need to "defrag" the disk (a daily task at least) or perform any
of a dozen other tasks that form part of their daily routine.
There are no routine daily tasks under Linux that require the user to
log in as root or even to execute something as root manually.
The only trouble with
activating this very convenient option is that you are effectively
'Windowing' your Linux box as almost any administrative task can be
executed without the need for a root password, just like with Windows,
You are confusing working as root, then recklessly deciding to render
executable malicious software, then recklessly deciding to run it with
entering a password to perform an unusual task.
and a virus can exploit this to the full
It could if there was such a thing as a viable virus on Linux,
unfortunately for your argument, all of the "proof of Concept"
wannabee-virus-like programs written so far fail the definition of what
makes malicious code a virus.
as one process with root
privileges can execute another with the same privileges and so on.
Even something running under root cannot execute something that is not
executable.
As Linux becomes more user friendly it will inevitably become less
secure
Typical windozer's lack of understanding of how security works
this is just one of those things as the two are always a trade
off.
No they are not.
Windows is proof of this, out the box it does everything (or
most) you want but is easier to attack.
It is easy to attack because:
1 Mircosoft designed windows to propagate viruses
2 They deliberately and recklessly release code with known
security vulnerabilities
3 Even after they are forced to admit that there is a vulnerability
they still delay providing the patch
4 It is closed source, so cannot be patched by anyone else
5 They have added more virus propagation techniques to core
elements of Windows such as Internet Explorer, Outlook, Windows
Media Player, Microsoft Office and so on.
6 Having been forced to confront the gaping security hole created
by their choice of networking protocols, they added an even more
insecure protocol as its replacement then bound it so tightly to
the core operation of Windows that to turn off the Port 445
vulnerability results in crippling the system for non-networking
operations
You can lock it right down
with a draconian security policy but it becomes almost unusable in
such a state, again it's a trade off.
Windows does not become *almost* unusable if you turn off all of the
built-in infection vectors, it becomes *completely* unusable.
For what its worth I use AVG's antivirus for Linux, it's corporate (so
it works) free, and you get regular updates, trouble is it can't scan
your hard drive without root privileges
So use one that *can* scan without root privileges. You only need to
scan files owned by root if you have taken deliberate steps to make
them vulnerable.
Even if you believe in the myth of a viable "linux virus", it would only
be able to operate in the environment with which you provide it. If you
run something as a user, it can only attack the files to which that
user has access, so you do not need to scan root-owned files.
Apart from that, a virus scanner on a Linux system will be identifying
the Windows viruses and security attacks in files and/or attachments
that you might serve to a windows machine. none of those files should
be served as root.
like any virus scanner so to
schedule virus scans it must be set to always run as root and thus
have free range.
Fallacy
Remember this; if you don't have a virus scanner how do you know you
don't have a virus?
Do you mean apart from the fact that no "linux viruses" exist in the
wild?
Or do you mean apart from the fact that there are no Linux viruses to
get into the wild in the first place?
Not all viruses are obvious to the end user and the best viruses are
the ones you don't know you have but have been there all along.
True on a windows system where everything is automatically executable by
design of the system, but not on a real Operating System.
--
Robert HULL
Archival or publication of this article on any part of thisishull.net
is without consent and is in direct breach of the Data Protection Act
.
- References:
- virusscanner
- From: m . koezema
- Re: virusscanner
- From: BearItAll
- virusscanner
- Prev by Date: Re: Old problem never resolved. Time for another round.
- Next by Date: Re: How to play a CD?
- Previous by thread: Re: virusscanner
- Next by thread: Re: virusscanner
- Index(es):
Relevant Pages
|
