[AntiVirus + Ubuntu] was - Re: And another Ubuntu convert!
Preston Kutzner
shizzlecash at gmail.com
Thu Jan 22 05:45:39 UTC 2009
On Jan 21, 2009, at 10:50 PM, NoOp wrote:
> On 01/21/2009 03:10 PM, Mario Vukelic wrote:
>> On Wed, 2009-01-21 at 16:40 -0500, Mark Haney wrote:
>>> Yes a kernel upgrade fixed THAT ONE. But may I remind you that you
>>> really need to google something before you spout nonsense.
>>>
>>> http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
>>
>> If you search the list archives, you will find a post of mine where I
>> demonstrate for each one (IIRC) of them that they were either
>> unsuccessful proof-of-concepts, or were possibly release but never
>> actually seen in the wild and in any case haven't propagated for
>> years.
>>
>> Better, read more than one link level deep for yourself and then come
>> back.
>>
>> As of today, no known viruses exist in the wild, the same situation
>> as
>> 1996. Given the rise of popularity that GNU/Linux systems have seen
>> since then, I don't know how much credibility you can derive for your
>> "it's about popularity" theory. Heck, 30% or more of internet servers
>> run some linux distro or other, and there's not exactly an epidemic.
>>
>> I *do* support diligence, but in the right areas (good code, sane
>> policies, sane behavior, etc.). Following a road that has utterly
>> FAILED
>> for Windows won't work.
>>
>>
>
> Perhaps you fail to take into consideration the enviroment(s)?
>
> https://help.ubuntu.com/community/Antivirus
>
> Even in a simple dual-boot environment it is a good idea to at least
> be
> aware of AV tools, and actually use them.
>
> Further, making statements such as "no known viruses exist in the
> wild"
> for linux is just plain silly, but I think you already know that.
> Malware, rootkits, trojans, vulnerabilities et al *do* exist for
> linux
> - particularly servers, and will increase as desktop versions become
> more popular.
>
> One could ignore the fact that many botnets are linux machines with
> ELF
> backdoor viruses with Linux/Rst-B for example, but these seem to be
> pretty real:
>
> http://ubuntuforums.org/showthread.php?t=224805
> [my server just got hacked by the LINUX/Rst.B virus!]
> <http://www.shandyking.com/2006/04/20/linux-exploit-linuxrstb-my-server-was-just-hacked/
> >
If you read the second article, you'll notice near the bottom of the
post that the server was originally hacked through the news user. The
hacker then had to gain root access, then finally install the
"virus". Also, if you check the virus description out on Norton,
you'll see that the risk level for the virus is VERY LOW. This is
where the difference comes in between Windows and *NIX OS's. The
security model is completely different. The thing with Linux
"viruses" is that the majority of them must be run as 'root' for them
to do any real damage. To be run as root, the user either must be
logged-in as root and run them, or they must sudo to run them. In
most cases, the viruses rely on a fair amount of social engineering to
get the user to run them with root privileges. Very few, if any, can
gain root privileges on their own (unless they exploit a bug in
another program) without user interaction.
In contrast, until Vista, most Windows users run with administrator
(Windows's equivalent to root) privileges. So, any application run by
the user essentially runs with administrative access to the OS. This
is the real reason why there are more Windows viruses than there are
for the *NIX variants out there. It's just *easier* to write viruses
for Windows, and it's easier for them to actually do damage and run
with privileged access.
The reason most people would run an anti-virus program on a Linux
desktop would be to prevent the spread of Windows viruses through
their Linux box (just to prevent their system from being a "carrier"
to use a medical term). The biggest place for anti-virus software on
Linux is in the server segment where the server is either acting as a
mail server, or is handling Windows files frequently.
Also, with regards to a past post talking about an increase in the
number of Mac viruses. A lot of those viruses are due to default
configurations of services being insecure. They're due to poorly
chosen defaults as opposed to an inherently insecure OS design.
It doesn't hurt to have anti-virus software installed on your Linux
desktop, but it's not essential like it is when running Windows.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090121/3e823509/attachment.sig>
More information about the ubuntu-users
mailing list