Ubuntu and virus protection

Bevin Watson bevin_watson at optusnet.com.au
Tue Nov 3 10:20:00 GMT 2009


Geoffrey, Welcome.  And welcome to the world of lots of people providing
helpful advice.  In my opinion, every piece of advice you have been
given to date has been great.

First off, DO NOT GO BACK TO WINDOWS for internet access just because it
has an anti-virus program.  Even without anti-virus, you are much safer
on Linux.

In my opinion (and I have recently been working in banking fraud {on the
good guys side}), anything on the internet is fair game.
I have an account with less than $100 and I do backups every 24 hours,
and I know that one day I am going to have my money stolen and my
computer trashed.  It is a bit like going out into the city at night -
you know you might be mugged so you don't carry a bunch of cash.

If you feel you want to do the "Gen Y" thing and put your address,
birth-date, sexual preference and tax file number on the internet, then
expect the bad guys to take that information and do whatever they can
with it.

I can personally recommend Dansguardian and clamav and backuppc.  If you
decide you want to use full internet banking (or you are really an
international man of mystery), you should really follow Paul's
recommendations and put in things like snort to track what is happening
in your system.




On Tue, 2009-11-03 at 19:26 +1000, Paul Gear wrote:
> Barry Williams wrote: 
> > ...
> > In my opinion Ubuntu and linux in general has little need for virus
> > protection more information can be found here
> > http://www.whylinuxisbetter.net/items/viruses/index.php?lang=
> Ryan Ralph wrote: 
> > Hi Geoffrey, 
> > I'm a fairly simple user of ubuntu and use it mainly for browsing
> > the internet and music playback. I don't see the need for antivirus
> > on ubuntu as there are practically no viruses around that I've heard
> > of. If you only download software from the repositories and don't
> > run any suspect commands you shouldn't have a problem.
> Lisa Milne wrote: 
> > ... 
> > Yeah, I tend to be of the same opinion. I don't use any antivirus
> > (other
> > than a check on my mail server so I don't pass anything on to
> > windows
> > users), and my main desktop is on a world resolvable IP address with
> > no
> > firewall other than Ubuntu's default iptables settings.
> 
> I must say that i feel that Barry, Ryan, and Lisa are giving bad
> advice.  I see a lot of Mac users doing this too - they think that
> because viruses generally aren't a problem for their platform (which
> is quite true) that they don't need to take precautions (which is far
> from true).  They also think that because they haven't heard of
> something, it's not likely to happen to them.  The logic flaw in this
> should be obvious: it requires infinite knowledge to have 100%
> confidence, and there are new attacks being developed every day. [1]
> 
> The vast majority of attacks around today are related to organised
> crime, often involving targeted spam/phishing attacks or so-called
> "drive-by downloads", where users' data (especially passwords and
> financial information) is sought. [2]  Most of these run in browsers
> and are becoming increasingly cross-platform.  I read recently of an
> attack on a vulnerability in the Adobe virtual machine (inside which
> Flash runs) which required no platform-specific code in the injection
> vector (only JavaScript and a specially-crafted Flash file).  It would
> be simple for a malware developer to test which type of machine they
> were running on and allow the exploit code to be cross-platform.
> 
> The "belt and braces approach" which "in the scrub" [3] wrote about is
> not a nice to have - it's an essential.  There are still ways to be
> unsafe online with Linux, and we should take precautions.  A great
> resource for being informed about this is reading the SANS monthly
> newsletter, "Ouch!". [4]  It has lots of good advice (although how
> much applies to Linux users can vary) and offers a great way to stay
> informed about how to help your Windows friends when they come to you
> with an infected system asking for help!  ;-)
> 
> BTW, i forgot to mention earlier that there are also tools in Ubuntu
> to help you keep an eye out for suspicious activity on your systems &
> networks.  I use rkhunter, chkrootkit, and snort for this.
> 
> Paul
> 
> [1] See the explanation at
> http://en.wikipedia.org/wiki/Zero_day_attack
> [2] See http://www.sans.org/top-cyber-security-risks/ for a nice
> summary of current security issues.
> [3]  BTW, "in the scrub", in the Ubuntu community, it's considered
> polite to use your real name.
> [4]  http://www.sans.org/newsletters/ouch/
> 





More information about the ubuntu-au mailing list