Ubuntu and virus protection

Stewart Johnston stoooj at gmail.com
Tue Nov 3 10:07:43 GMT 2009 

On Tue, 2009-11-03 at 19:26 +1000, Paul Gear wrote:
> Barry Williams wrote: 
> > ...
> > In my opinion Ubuntu and linux in general has little need for virus
> > protection more information can be found here
> > http://www.whylinuxisbetter.net/items/viruses/index.php?lang=
> Ryan Ralph wrote: 
> > Hi Geoffrey, 
> > I'm a fairly simple user of ubuntu and use it mainly for browsing
> > the internet and music playback. I don't see the need for antivirus
> > on ubuntu as there are practically no viruses around that I've heard
> > of. If you only download software from the repositories and don't
> > run any suspect commands you shouldn't have a problem.
> Lisa Milne wrote: 
> > ... 
> > Yeah, I tend to be of the same opinion. I don't use any antivirus
> > (other
> > than a check on my mail server so I don't pass anything on to
> > windows
> > users), and my main desktop is on a world resolvable IP address with
> > no
> > firewall other than Ubuntu's default iptables settings.
> 
> I must say that i feel that Barry, Ryan, and Lisa are giving bad
> advice.  I see a lot of Mac users doing this too - they think that
> because viruses generally aren't a problem for their platform (which
> is quite true) that they don't need to take precautions (which is far
> from true).  They also think that because they haven't heard of
> something, it's not likely to happen to them.  The logic flaw in this
> should be obvious: it requires infinite knowledge to have 100%
> confidence, and there are new attacks being developed every day. [1]
> 
> The vast majority of attacks around today are related to organised
> crime, often involving targeted spam/phishing attacks or so-called
> "drive-by downloads", where users' data (especially passwords and
> financial information) is sought. [2]  Most of these run in browsers
> and are becoming increasingly cross-platform.  I read recently of an
> attack on a vulnerability in the Adobe virtual machine (inside which
> Flash runs) which required no platform-specific code in the injection
> vector (only JavaScript and a specially-crafted Flash file).  It would
> be simple for a malware developer to test which type of machine they
> were running on and allow the exploit code to be cross-platform.
> 
> The "belt and braces approach" which "in the scrub" [3] wrote about is
> not a nice to have - it's an essential.  There are still ways to be
> unsafe online with Linux, and we should take precautions.  A great
> resource for being informed about this is reading the SANS monthly
> newsletter, "Ouch!". [4]  It has lots of good advice (although how
> much applies to Linux users can vary) and offers a great way to stay
> informed about how to help your Windows friends when they come to you
> with an infected system asking for help!  ;-)
> 
> BTW, i forgot to mention earlier that there are also tools in Ubuntu
> to help you keep an eye out for suspicious activity on your systems &
> networks.  I use rkhunter, chkrootkit, and snort for this.
> 
> Paul
> 
> [1] See the explanation at
> http://en.wikipedia.org/wiki/Zero_day_attack
> [2] See http://www.sans.org/top-cyber-security-risks/ for a nice
> summary of current security issues.
> [3]  BTW, "in the scrub", in the Ubuntu community, it's considered
> polite to use your real name.
> [4]  http://www.sans.org/newsletters/ouch/
> 

I agree with Paul in that all users of any operating system mustn't
think themselves invulnerable, and that there are still potential
avenues of attack. A healthy degree of common sense and awareness of
social engineering scams will stand you in good stead. Noscript is an
awesome tool as well for the security conscious.

However, I'll weigh in on Barry, Ryan & Lisa's side on the anti-virus
issue. The attacks that Paul mentions will not be prevented by running
an anti-virus programme. ClamAV is not designed for Linux desktops. It
is designed for mail gateways to scan for Windows viruses travelling via
email.

To answer the original poster's question, ClamAV/Antivirus is not really
a required part of an Ubuntu'ers toolkit.
However, there are other security precautions that are.

There is an excellent Introduction to Ubuntu security guide on
Ubuntuforums written by Bodhi.zazen which should be essential reading
for all new users. Find the guide at
http://ubuntuforums.org/showthread.php?t=510812

Stoo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-au/attachments/20091103/5ef7f863/attachment.pgp

More information about the ubuntu-au mailing list