[OT Windows/linux AV's] Re: Analyzing network data with appliance router

Mon Jun 13 02:57:22 UTC 2011

On 06/12/2011 07:29 PM, Ernest Doub wrote:
> On Sun, Jun 12, 2011 at 6:49 PM, NoOp ...
>> I've purged all AVG (free & otherwise) and use Avast instead on my
>> Windows Virtual Machines & others. I'll not go into reasons why, as this
>> is not the proper place to do it.
>>
>> For the VM's I use bridged networking so that the VM has it's own IP
>> address so that I can easily scan from the network using Bitdefender for
>> Unices. That way I'm scanning it from a linux machine rather than from a
>> Windows machine. I use a "test" machine to do the scanning so that it
>> doesn't take up resources on my regular machines. To do that, I mount
>> the machine's drive & then direct BDU to scan; browse to the ~/.gvfs
>> folder where it gets 'virtually' mounted. I do the same for a remote
>> machine on the network.
>>
>> For a dual boot machine, I just mount the ntfs & do it on that directly.
...
> 
> If I'm understanding you correctly you basically have one  linux
> machine whose only function is to stand as the sentry and watchdog for
> the windows machines.
> Do I have this correct?

Not quite. BDU is an on-demand scanner. I rely on Avast to the basic
work & only fire up BDU monthly (or if I suspect something may not be
quite right). Overall all traffic/systems on my network are pretty well
hardended & locked down, so it's not often that I have to do otherwise.

> If that is so it sounds like a pretty well hardened system but not
> practical for most home users.  Would make perfect sense to me for a
> business environment though.

I run my "home/test" networks just the same as if it were a business (I
do considerable testing on multiple applications & OS's & actually do
run my business from it). That said, all of the 'home' networks that I
maintain for customers & relatives get the same treatment. None have yet
to get a virus, malware, or rootkit (knock on electrons) with the
exception of those that were caused by PEBCAK. And even those have been
easily cleaned.

> I have NOD32 running on my wifes windows box and it has been as solid
> as an anvil and very lightweight on resources.
> ED
> 

If it works for you then cool. Note: BDU is also useful for scanning
your existing linux system (my tests show it works better than clamav).
You'll typically only find crap from email payloads, which are pretty
harmless. But we're drifting off topic for Patton who wants a utility to
monitor his network traffic for botnets (sorry Patton). So I suggest
another thread so that Patton's thread doesn't turn into a
AV/No-linuxAV/Don'tNeedAVonLinux/ threadfest. If you'd like more; just
scan the archives & https://help.ubuntu for AV type keywords.