[AntiVirus + Ubuntu] was - Re: And another Ubuntu convert!

Thu Jan 22 05:45:39 UTC 2009

On Jan 21, 2009, at 10:50 PM, NoOp wrote:

> On 01/21/2009 03:10 PM, Mario Vukelic wrote:
>> On Wed, 2009-01-21 at 16:40 -0500, Mark Haney wrote:
>>> Yes a kernel upgrade fixed THAT ONE.  But may I remind you that you
>>> really need to google something before you spout nonsense.
>>>
>>> http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
>>
>> If you search the list archives, you will find a post of mine where I
>> demonstrate for each one (IIRC) of them that they were either
>> unsuccessful proof-of-concepts, or were possibly release but never
>> actually seen in the wild and in any case haven't propagated for  
>> years.
>>
>> Better, read more than one link level deep for yourself and then come
>> back.
>>
>> As of today, no known viruses exist in the wild, the same situation  
>> as
>> 1996. Given the rise of popularity that GNU/Linux systems have seen
>> since then, I don't know how much credibility you can derive for your
>> "it's about popularity" theory. Heck, 30% or more of internet servers
>> run some linux distro or other, and there's not exactly an epidemic.
>>
>> I *do* support diligence, but in the right areas (good code, sane
>> policies, sane behavior, etc.). Following a road that has utterly  
>> FAILED
>> for Windows won't work.
>>
>>
>
> Perhaps you fail to take into consideration the enviroment(s)?
>
> https://help.ubuntu.com/community/Antivirus
>
> Even in a simple dual-boot environment it is a good idea to at least  
> be
> aware of AV tools, and actually use them.
>
> Further, making statements such as "no known viruses exist in the  
> wild"
> for linux is just plain silly, but I think you already know that.
>  Malware, rootkits, trojans, vulnerabilities et al *do* exist for  
> linux
> - particularly servers, and will increase as desktop versions become
> more popular.
>
> One could ignore the fact that many botnets are linux machines with  
> ELF
> backdoor viruses with Linux/Rst-B for example, but these seem to be
> pretty real:
>
> http://ubuntuforums.org/showthread.php?t=224805
> [my server just got hacked by the LINUX/Rst.B virus!]
> <http://www.shandyking.com/2006/04/20/linux-exploit-linuxrstb-my-server-was-just-hacked/ 
> >

If you read the second article, you'll notice near the bottom of the  
post that the server was originally hacked through the news user.  The  
hacker then had to gain root access, then finally install the  
"virus".  Also, if you check the virus description out on Norton,  
you'll see that the risk level for the virus is VERY LOW.  This is  
where the difference comes in between Windows and *NIX OS's.  The  
security model is completely different.  The thing with Linux  
"viruses" is that the majority of them must be run as 'root' for them  
to do any real damage.  To be run as root, the user either must be  
logged-in as root and run them, or they must sudo to run them.  In  
most cases, the viruses rely on a fair amount of social engineering to  
get the user to run them with root privileges.  Very few, if any, can  
gain root privileges on their own (unless they exploit a bug in  
another program) without user interaction.

In contrast, until Vista, most Windows users run with administrator  
(Windows's equivalent to root) privileges.  So, any application run by  
the user essentially runs with administrative access to the OS.  This  
is the real reason why there are more Windows viruses than there are  
for the *NIX variants out there.  It's just *easier* to write viruses  
for Windows, and it's easier for them to actually do damage and run  
with privileged access.

The reason most people would run an anti-virus program on a Linux  
desktop would be to prevent the spread of Windows viruses through  
their Linux box (just to prevent their system from being a "carrier"  
to use a medical term).  The biggest place for anti-virus software on  
Linux is in the server segment where the server is either acting as a  
mail server, or is handling Windows files frequently.

Also, with regards to a past post talking about an increase in the  
number of Mac viruses.  A lot of those viruses are due to default  
configurations of services being insecure.  They're due to poorly  
chosen defaults as opposed to an inherently insecure OS design.

It doesn't hurt to have anti-virus software installed on your Linux  
desktop, but it's not essential like it is when running Windows.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090121/3e823509/attachment.sig>