antivirus software: how do you actually install it?
Franz Waldmüller
waldbauernbub at gmx.at
Tue Mar 23 12:58:56 UTC 2010
Liam Proven schrieb:
> On Tue, Mar 23, 2010 at 9:39 AM, Chris Jones <jonesc at hep.phy.cam.ac.uk> wrote:
[snip]
>
> This is true, and a good point, but being hacked is *not* the same
> thing as getting a virus. I think the point needs clarification.
You are true that this is different. But the point is, that everything
which threatens user data can be considered as malware. In my opinion we
should not
Without brain.exe (or brain.sh) linux systems are vulnerable, too
>
> By default, Ubuntu comes out of the box with no sharing enabled at
> all. No services are listening, not even dhcpd - the network manager
> applet handles that. No OpenSSH, no VNC, no Samba, nothing. Even Linux
> Mint gets this wrong and as installed has sharing on.
>
> But Ubuntu, as it comes, has no ports open and is not listening to
> anything. That makes it pretty damned hard to find a 'sploit and crack
> it from the outside world. Ergo, no need for a firewall; what
> firewalls do is block open ports and Ubuntu doesn't have any so
> there's nothing to block; no need for antispyware, as spyware only
> exists on Windows, there is *none at all*, not even demos of proofs of
> concept, on Linux; and no need for antivirus, because Linux viruses
> are a curiosity for researchers, not a threat.
>
I am not at all familiar with what is a virus and what is not (I think a
virus is something which spreads itself to other systems).
Thanks to the multi-user configuration a linux system is pretty secure.
But we should not omit, that the user may launch a programs or shell
scripts. These programs can erase your data, or connect to other
computers outside your network (No outgoing connections are blocked).
take a look at malicious commands
http://ubuntuforums.org/announcement.php?a=54
If you send a script to a linux user and trigger him to make that script
executable. If the script integrates itself in the list of applications
launched at the user login, the attacker has won.
(even easier on windows)
If I am wrong, please correct my statement.
> If you make Ubuntu into a server, then it's different and different
> rules apply. If you change the config dramatically, then a firewall
> might be sensible, but the Linux kernel *includes* a firewall, so you
> don't need to install one. All you need is a friendly interface to
> configure it, or a sensible default config and a tool to just turn it
> on.
>
agree with you that a server needs more care
just my 2c
Franz
More information about the ubuntu-users
mailing list