antivirus software: how do you actually install it?

Liam Proven lproven at gmail.com
Tue Mar 23 13:19:25 UTC 2010 

2010/3/23 Franz Waldmüller <waldbauernbub at gmx.at>:
> Liam Proven schrieb:
>> On Tue, Mar 23, 2010 at 9:39 AM, Chris Jones <jonesc at hep.phy.cam.ac.uk> wrote:
> [snip]
>
>>
>> This is true, and a good point, but being hacked is *not* the same
>> thing as getting a virus. I think the point needs clarification.
> You are true that this is different. But the point is, that everything
> which threatens user data can be considered as malware. In my opinion we
> should not

Is there a line missing here?

> Without brain.exe (or brain.sh) linux systems are vulnerable, too

:¬) Well, yes, true!

>> By default, Ubuntu comes out of the box with no sharing enabled at
>> all. No services are listening, not even dhcpd - the network manager
>> applet handles that. No OpenSSH, no VNC, no Samba, nothing. Even Linux
>> Mint gets this wrong and as installed has sharing on.
>>
>> But Ubuntu, as it comes, has no ports open and is not listening to
>> anything. That makes it pretty damned hard to find a 'sploit and crack
>> it from the outside world. Ergo, no need for a firewall; what
>> firewalls do is block open ports and Ubuntu doesn't have any so
>> there's nothing to block; no need for antispyware, as spyware only
>> exists on Windows, there is *none at all*, not even demos of proofs of
>> concept, on Linux; and no need for antivirus, because Linux viruses
>> are a curiosity for researchers, not a threat.
>>
> I am not at all familiar with what is a virus and what is not (I think a
> virus is something which spreads itself to other systems).

Viruses spread by themselves, with no user interaction. They infect a
machine and gradually spread through its files. They try to infect
files or media that will be transferred to other machines, so that
they will spread: e.g. USB Flash drives/memory sticks, or CDRs, or
productivity-suite documents that can be emailed.

Worms are similar to viruses but spread directly, typically by
exploiting code on remote machines over a network.

Trojans (short for "Trojan horses") require user interaction; e.g.
they pretend to be some other, desired program or function, so that
the user will run them or give them information.

There are trojans on Linux, but it is a very minor risk so far.

But this is a *critical* difference of paramount importance. The
reason is simple.

*Security software cannot block trojans* because trojans /trick/
people into performing an action, so all they need to do is trick
people into bypassing their security software.

> Thanks to the multi-user configuration a linux system is pretty secure.
> But we should not omit, that the user may launch a programs or shell
> scripts. These programs can erase your data, or connect to other
> computers outside your network (No outgoing connections are blocked).
>
> take a look at malicious commands
> http://ubuntuforums.org/announcement.php?a=54
>
> If you send a script to a linux user and trigger him to make that script
> executable. If the script integrates itself in the list of applications
> launched at the user login, the attacker has won.
> (even easier on windows)
>
> If I am wrong, please correct my statement.

No, you are correct, but there really is nothing much that can be done
about trojans. Once you have someone foolish enough to install a
program or run a command to see the cute kitten picture, or the naked
ladies, or whatever, then no software on Earth can block it, because
security software has to offer the ability to turn it off sometimes.

It can block *known* trojans, but there is the zero-day problem: at
some point, everything is new and not yet known.

Software is not intelligent: it cannot look at a program and work out
what it does and only stop the nasty stuff. Lots of companies sell
products that *claim* to do this. They are all, without exception,
liars.

The distinction between worms and viruses is not really important
these days. Some Windows malware is both and thus crosses the line
between them, blurring it into irrelevance. So the term "worm" is
disappearing as the distinction between a worm & a virus is not really
important or helpful any more. They all get lumped together under the
term "virus".

But the distinction between viruses and trojans is very important,
because there is only one possible defence against trojans: educating
users.

Which is very, very hard, because people are mostly lazy and do not
want to learn.

-- 
Liam Proven • Profile: http://www.linkedin.com/in/liamproven
Email: lproven at cix.co.uk • GMail/GoogleTalk/Orkut: lproven at gmail.com
Tel: +44 20-8685-0498 • Cell: +44 7939-087884 • Fax: + 44 870-9151419
AOL/AIM/iChat/Yahoo/Skype: liamproven • LiveJournal/Twitter: lproven
MSN: lproven at hotmail.com • ICQ: 73187508

More information about the ubuntu-users mailing list