Recommend update for antivirus server documentation

[Rocco Stanzione]

On Sunday 02 April 2006 01:53, Justin wrote:
[snip]
> I would recommend replacing this with something along the lines of "While
> Linux rarely suffers from viruses and other nasties that infect other
> operating systems, it is wise to keep your system protected with anti-virus
> software and up to date definitions."
>
> We all agree that linux is more secure and less prone to viruses then other
> operating systems, however, comments like this tend to promote a certain
> ignorance and a false sense of security.

Where viruses are concerned, it's useful here to mention *why* Linux is more 
secure than Windows.  Viruses tend to do their dirty work by infecting your 
executables and/or shared libraries, which in Linux is impossible (without 
exploiting something like a privilege escalation vulnerability) while 
conducting business as a mortal user.  Moreover, our email clients and web 
browsers  don't willy-nilly execute arbitrary code deliberately.  If they did 
so accidentally (e.g. via a buffer overflow) the damage is limited by the 
fact that you are not running the software as root.  If you keep your 
software up to date and don't do silly things like browsing the web as root, 
the chances are virtually nil that you will be infected by a virus.

Final point: if you have all the worst imaginable habits and you do somehow 
manage to get infected, having ClamAV installed may itself promote a false 
sense of security: it doesn't monitor your files on read/write/execute - 
files have to be deliberately scanned.  If it did perform constant 
monitoring, it would be a much bigger hit to performance than is warranted by 
the risk.

The only clueful Linux users I know who run virus scanners do so to protect 
their Windows users by scanning samba shares and incoming email.

Rocco Stanzione