[AntiVirus + Ubuntu] was - Re: And another Ubuntu convert!

[iodine at runbox.no]

Mark Haney wrote:
> You know, I really wanted to leave this thread alone, since I thought
> I'd made my case,

Very poorly. And now you are slipping further.

> but I have to comment on this.  I do not see that
> adding AV would be a 'waste of time'. It does not take that long to
> install and cron a full scan every night.  What is so bloody difficult
> about that?

If you've become infected during the day, a nightly scan
is often not going to help you. That's because once your system
is compromised, the malware owns it and can do all sorts of
nasty things, INCLUDING disabling cron or infecting the very AV
binaries you depend on to secure you. I'm astonished you don't
know that.

> ANY internet facing system is at risk.  And every precaution you can
> take SHOULD be taken.  This includes updates and training the user to
> understand the basics of system security.  But not including antivirus
> is just asking for trouble.

For the inexperienced user it's better than nothing, but such users
are way better off getting educated as they rarely understand
even how their antivirus works, while trusting it to protect them
100%. And that often leads to their downfall.

> I fail to see where these blinders have suddenly come from.  It's
> appalling to me that this type of attitude still prevails.  That a linux
> system is invulnerable to viruses therefore AV is not needed.  If you
> are so unworried about viruses, I suppose you aren't worried about
> rootkits either?  Those are much more common on linux that windows
> (maybe until very recently).  Do you not routinely do a scan with rkhunter?

Again, once you've become owned by a rootkit all bets are off.
Running rkhunter after the fact may or may not work. The more
sophisticated rootkits easily foil such attempts. They easily
fool you into thinking you've got a 100% clean machine. That's
kinda the essence of what they do.

Try to grasp it: Once your system is owned, it's not yours anymore.
Only thing that will save you for sure after that is a clean reinstall.

> I just can't see how not running AV is ever considered 'OKAY' on any
> system.

Lack of knowledge on your part then. Shrug.

> I give up.  I just cannot believe how many people fail to see
> the sense in that one simple precaution.
> 
> I've rebuilt way too many compromised systems to trust that it will
> NEVER happen to me.

Of course it can happen, but you are very wrong to think that
simply having antivirus will save you. The best way to stay
secure is to keep informed about security and acting accordingly.
It's never as easy as simply having the latest anti-this or anti-that.

-- 
Odd