[AntiVirus + Ubuntu] was - Re: And another Ubuntu convert!

Mark Haney mhaney at ercbroadband.org
Thu Jan 22 14:37:32 UTC 2009

Brian McKee wrote:
> On Wed, Jan 21, 2009 at 11:50 PM, NoOp <glgxg at sbcglobal.net> wrote:
> Hey NoOp,
> I promised I wouldn't comment on the last thread but you started a new
> one, so... :-)
> Let me put it this way.
> 1 - There is no such thing as a completely secure system.
> 2 - Computer security is process, not a destination.
> 2.1 - Determine acceptable risk level  (e.g. does this control
> nuculear warheads? or is it a throwaway VM?)
> 2.2 - Determine risk level of each part of the system (is gedit more
> likely to cause security issues than Firefox?)
> 2.3 - Apply effort in the areas that will most likely to reduce risk.
> Lather, rinse, repeat until level is below that determined in 2.1
> 2.4 - Return to 2.1 - things change constantly
> The system in question was an out of the box desktop in the hands of
> an inexperienced user with a few typical internet apps added.   In my
> mind and the the mind of the OP, installing an AV product *ON THAT
> SYSTEM* would be wasting the time of the user and the installer.  If
> the acceptable risk level was too high for the user or installer,
> they'd get a lot better return of security for time spent by working
> on user training and automating system updates.

You know, I really wanted to leave this thread alone, since I thought
I'd made my case, but I have to comment on this.  I do not see that
adding AV would be a 'waste of time'. It does not take that long to
install and cron a full scan every night.  What is so bloody difficult
about that?

ANY internet facing system is at risk.  And every precaution you can
take SHOULD be taken.  This includes updates and training the user to
understand the basics of system security.  But not including antivirus
is just asking for trouble.

I fail to see where these blinders have suddenly come from.  It's
appalling to me that this type of attitude still prevails.  That a linux
system is invulnerable to viruses therefore AV is not needed.  If you
are so unworried about viruses, I suppose you aren't worried about
rootkits either?  Those are much more common on linux that windows
(maybe until very recently).  Do you not routinely do a scan with rkhunter?

I just can't see how not running AV is ever considered 'OKAY' on any
system.  I give up.  I just cannot believe how many people fail to see
the sense in that one simple precaution.

I've rebuilt way too many compromised systems to trust that it will
NEVER happen to me.

> Does this more formal statement make any more sense to you?  I liked
> the asteroid shield comment better :-)
> Brian

Frustra laborant quotquot se calculationibus fatigant pro inventione
quadraturae circuli

Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Call (866) ERC-7110 for after hours support

More information about the ubuntu-users mailing list