Anti-virus Programs

Steve Bergman steve at rueb.com
Thu Jan 29 02:25:57 UTC 2004


Carter J. Castor wrote:

>I know that the number and popularity of viruses for Linux is extremely
>lower than Windoze; however, I am on a university network that has
>viruses floating around like an AIDS convention so I would like to have
>some sort of anti-virus program running in the background.  The ones I
>find are either a) commercial apps b) exclusively for e-mail c) open
>source ones that don't look very complete.  What do you guys use for
>non-email based virus scanners?
>
>
>  
>
You pretty much answered your own question.  There are about as many 
linux viruses on your network as there are HIV virus particles floating 
around at an AIDS convention.  In other words, none.   HIV does not 
"float around".  However, worms and trojans do exist, as well as regular 
old exploits, etc.  A scanner would be of no help for regular exploits, 
although it *might* be of some benefit with trojans.  But only after the 
fact.  Once the trojan has been run even once, your whole box is a 
potential security risk whether the trojan executable has been removed 
or not.

Scanning for virii after the fact is pretty poor as a security policy.  
Has that policy stemmed the flow of virii in the Windows world?

Ask yourself how you think your machine might become infected.  Are you 
keeping your box updated with security patches from your vendor?  This 
is your best defense against remote network exploits.  Are you running 
network services that are visible to the network?  This is a vector for 
"worms", not virii.  Are you running executables from an untrusted 
source?  That's how you get trojans.  Are you running as root 
unnecessarily?  To be honest, I have always found the arguments for not 
running as root to be rather flimsy, but it is still a good idea.  If 
you do happen to run a trojan, you at least can contain and isolate the 
contamination more easily, though you could still lose all your data, 
which is usually more valuable than the 30 minute OS installation.  Are 
you doing backups?

Personally, I hate these "there's no magic bullet" answers when they are 
used to argue against things like transpernt buffer overflow prevention 
in compilers, which have a real, though not "magic bullet" benefit.  But 
I just don't see Linux virus scanning being of much value.

Steve






More information about the fedora-list mailing list