Anti-Virus Software ?

Rick Stevens rstevens at vitalstream.com
Tue Oct 5 23:03:38 UTC 2004 

Craig White wrote:
> On Tue, 2004-10-05 at 09:33, Temlakos wrote:
> 
>>On Tue, 2004-10-05 at 12:22, Brian Fahrlander wrote:
>>
>>>On Tue, 2004-10-05 at 11:10, Jonathan Allen wrote:
>>>
>>>>What anti-virus software would you recommend for running on an FC2
>>>>machine ?  There are no windows machines in the network, only Linux
>>>>workstations, also all running FC2.
>>>
>>>    You already are: it's called FC2.  :>  The only reason you'd need to
>>>run AV programs is to protect Windows boxes.
>>>
>>>    Enjoy!
>>
>>I'm sure that's comforting--for now. And we all hope that Linux is
>>inherently more secure against viruses of all types. Maybe we're right.
>>But as more people get fed up with "WinDoze" or "Window$" or however you
>>want to spell it, what will happen when cyber-terrorists start attacking
>>Linux directly with virus operations? That's what some of my clients are
>>asking me right now. What do I tell them?
> 
> ----
> there are open source anti-virus packages for Linux and if the threat
> appears on Linux, he can be assured that more will develop.

<soap>
Fully 80% of the virii and worms on Windows machines get in via one of
two mechanisms, IE or Outlook and its derivitives.  SQL exploits and
other less common attacks make up the other 20%.  If M$ users would stop
using those and go to Firefox/Thunderbird/Mozilla, many of those would
stop propagating.
</soap>

As far as Linux is concerned, I run ClamAV on the mail services so the
odds of a mail-borne virus or worm are almost nil.  Our machines are
heavily locked down via external firewalls AND iptables (yes, a condom
and a hazmat suit).  No extra daemons are running and stuff that require
network connections (e.g. NFS) are done through a second NIC that only
runs the backend stuff and is on a non-routable network with iptables
running on that NIC, too.

The systems are kept up-to-date and passwords rotated often.  They
are checked every day at random times (so you can't predict just when
they'll get poked at) and are checked with tools such as nmap, ps,
netstat and tripwire that are run from hardware write-protected media,
so even a rootkit can't affect those tools.  The network is watched
via a plethora of tools including snort boxes and a lot of customized
stuff I can't discuss.  We still get hit (DOS attacks most of the time),
but for the most part we're pretty secure.

<more soap>
Just because I'm paranoid doesn't mean they AREN'T out to get me!  If
you play on the internet and you don't take steps to protect yourself,
you deserve what you get.  Unfortunately, M$ software is so incestuous
that it's damned near impossible to lock it down and as long as they
stick with that horrid code base, it will remain so.
</more soap>
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-                       When in doubt, mumble.                       -
----------------------------------------------------------------------

More information about the fedora-list mailing list