[AntiVirus + Ubuntu] was - Re: And another Ubuntu convert!

Thu Jan 22 04:50:06 UTC 2009

On 01/21/2009 03:10 PM, Mario Vukelic wrote:
> On Wed, 2009-01-21 at 16:40 -0500, Mark Haney wrote:
>> Yes a kernel upgrade fixed THAT ONE.  But may I remind you that you
>> really need to google something before you spout nonsense.
>> 
>> http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
> 
> If you search the list archives, you will find a post of mine where I
> demonstrate for each one (IIRC) of them that they were either
> unsuccessful proof-of-concepts, or were possibly release but never
> actually seen in the wild and in any case haven't propagated for years.
> 
> Better, read more than one link level deep for yourself and then come
> back.
> 
> As of today, no known viruses exist in the wild, the same situation as
> 1996. Given the rise of popularity that GNU/Linux systems have seen
> since then, I don't know how much credibility you can derive for your
> "it's about popularity" theory. Heck, 30% or more of internet servers
> run some linux distro or other, and there's not exactly an epidemic.
> 
> I *do* support diligence, but in the right areas (good code, sane
> policies, sane behavior, etc.). Following a road that has utterly FAILED
> for Windows won't work.
> 
> 

Perhaps you fail to take into consideration the enviroment(s)?

https://help.ubuntu.com/community/Antivirus

Even in a simple dual-boot environment it is a good idea to at least be
aware of AV tools, and actually use them.

Further, making statements such as "no known viruses exist in the wild"
for linux is just plain silly, but I think you already know that.
  Malware, rootkits, trojans, vulnerabilities et al *do* exist for linux
- particularly servers, and will increase as desktop versions become
more popular.

One could ignore the fact that many botnets are linux machines with ELF
backdoor viruses with Linux/Rst-B for example, but these seem to be
pretty real:

http://ubuntuforums.org/showthread.php?t=224805
[my server just got hacked by the LINUX/Rst.B virus!]
<http://www.shandyking.com/2006/04/20/linux-exploit-linuxrstb-my-server-was-just-hacked/>

And perhaps you missed the Mozilla security announcement:
http://www-archive.mozilla.org/security/older-alerts.html
<quote>
Security Advisory (September 21, 2005) The Mozilla Foundation is aware
of the Linux.RST.b virus that infected Linux Korean contributed versions
of Mozilla Suite 1.7.6 and Thunderbird 1.0.2, as reported by Kaspersky
Lab. No versions of Mozilla Firefox were infected. Infected files have
been removed from the Mozilla ftp mirror network as of September 17.
</quote>

And more recently:
http://www.viruslist.com/en/viruses/encyclopedia?virusid=21703
[Virus.Linux.Alaeda]

ClamAV is pretty well respected in linux circles:
http://www.clamav.net/about/
  http://www.clamav.net/about/who-use-clamav/

I reckon that ClamAV would have folded up shop long ago were there not
reasons for their existence.

Point being is that in _many_ instances an AV isn't required. However in
_many_ instances, depending upon the enviroment, an AV very prudent and
even required. As pointed out in my reponse to your other posts on this
subject, I run dual boot systems w/Windows, a few test servers, transfer
Windows files back and forth via Samba, NTFS, etc (customer and my own),
test cross platform applications (OpenOffice.org, Mozilla, etc), and so
I'd be pretty stupid to not be aware and utilize AV tools as available.
  I'm not advocating rolling out the drum corps and do default AV
installs in Ubuntu, but I am advocating that people be aware of virus,
trojan, rootkit, whatever issues and yes, even install a linux AV on a
system if the environment calls for it.