[AntiVirus + Ubuntu] was - Re: And another Ubuntu convert!
Bart Silverstrim
bsilver at chrononomicon.com
Fri Jan 23 22:40:29 UTC 2009
Mario Vukelic wrote:
> On Fri, 2009-01-23 at 08:11 -0500, Bart Silverstrim wrote:
>> A remote user can gain access via SSH, from there elevate privileges,
>> and attack the computer system.
>
> Yes, that's theoretically possible. However, such an attack will in all
> likelihood not allow a virus to actually spread in any meaningful way.
> If it does, then, as I said, we'd have a bigger problem since it would
> mean that ssh is systematically vulnerable.
>
> None of this has anything to do with the capabilities of current (and
> any probable future) AV software.
When discussing viruses....I don't bother even pretending people are
talking about viruses. When's the last time people have seen viruses?
*Real* computer viruses? They disappeared years ago...infecting other
executable files, showing off clever little skills from kids with too
much time...if it's self propagating it's probably a worm. And what
people download in drive-by-browsings are trojans or...well, all of this
falls under the umbrella of malware.
Anyway, AV software is always limited. It interferes with resources, it
can BE an infection vector, and can itself get weaseled up (I've had to
troubleshoot several systems that couldn't get mail anymore because the
engine is redirecting mail for local scanning and got fubared, and there
are others where the AV engine can't update anymore), and you still have
infection windows of time where a new worm or threat is released and you
have to have the company update their sigs THEN you have to GET the new
sigs before being infected, and if the infection of malware involves a
rootkit, you're screwed.
So unless your A/V involves a VM monitor that is watching all network
traffic to and from your active session, living "outside" the operating
system to sandbox it, antiviruses are a band aid that still oozes from
the sides.
If you're wondering about the "BE an infection vector", check out
http://www.net-security.org/article.php?id=162
The original article...can't get to it anymore, but this site looks like
it has a version of the paper.
> <snip>
>
>> I find it funny...though I shouldn't...to think of a cartoon where
>> someone spends all this time ripping hair out hardening their system
>> against malware...only to have a thief steal the hard drive.
>
> Or delete all their files in $USER, etc.
You can restore them if that happens. Can't do that with stolen hard
drives without getting a new drive, and other people have your stuff!
More information about the ubuntu-users
mailing list