[AntiVirus + Ubuntu] was - Re: And another Ubuntu convert!

Mario Vukelic mario.vukelic at dantian.org
Sat Jan 24 18:44:23 UTC 2009

On Fri, 2009-01-23 at 17:40 -0500, Bart Silverstrim wrote:
> When discussing viruses....I don't bother even pretending people are 
> talking about viruses. When's the last time people have seen viruses? 
> *Real* computer viruses? They disappeared years ago...infecting other 
> executable files, showing off clever little skills from kids with too 
> much time...if it's self propagating it's probably a worm. And what 
> people download in drive-by-browsings are trojans or...well, all of this 
> falls under the umbrella of malware.

Probably a safe assumption, but I'd like to think that people mean virus
when they write "virus", I hate it when useful distinction degenerate
just because people are sloppy. Sometimes I even take them literally out
of spite :)

In this case, however, ClamAV was repeatedly suggested as a scanner, so
I'd hope I am safe to assume that people are talking about email
scanners. That's what ClamAV does, preventing intrusions via ssh is out
of its scope.

> Anyway, AV software is always limited.

So true

> If you're wondering about the "BE an infection vector", check out
> http://www.net-security.org/article.php?id=162

It's noteworthy that the headline (as well as the content) is about
"exploiting design flaws in the Win32 API for privilege escalation". So,
the proper remedy is not to install flawed (as you nicely summarized)
anti-malware software -- I think that Windows demonstrated well-enough
where this leads. It seems to me, and I wrote that all along, that the
remedy is to fix the design flaws in the API (and didn't actually Vista
do this, at least in part, with the UAC window?)

> You can restore them if that happens. Can't do that with stolen hard 
> drives without getting a new drive, and other people have your stuff!

I just mentioned it because some people on the "AV or not" threads
always keep saying, "but even despite privilege separation a virus can
still delete the user's files" (to which of course the answer is - I
already said that somewhere - that without a backup you are toast sooner
or later, anyway)

More information about the ubuntu-users mailing list