Re: recommended Virus Scanner?

To: Debian-User <debian-user@lists.debian.org>
Subject: Re: recommended Virus Scanner?
From: Ken Irving <fnkci@uaf.edu>
Date: Thu, 27 Nov 2003 23:43:13 -0900
Message-id: <[🔎] 20031128084312.GA26777@shand.engr.uaf.edu>
Mail-followup-to: Debian-User <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20031127145718.GA358@comcast.net>
References: <[🔎] 3FC45ABC.4040607@dmiyu.org> <[🔎] 20031126080705.GA19565@comcast.net> <[🔎] 20031127133905.GK18334@ix.netcom.com> <[🔎] 20031127145718.GA358@comcast.net>

On Thu, Nov 27, 2003 at 06:57:18AM -0800, Tom wrote:
>
> I have a friend who is 1000 times smarter about Unix than me, and he has
> told me the whole history of Sendmail exploits, Bind exploits, and
> horriblly crufty design decisions and gaffs and el crapo code all
> throughout the history of Unix.  His personal opinion is that Linux is a
> mere distraction written by amateurs; FreeBSD is closer to the ideal.

So what?

>From my perspective those various exploits exposed problems which were
then addressed, with the end result of strengthening unix systems,
not weakening them.   Certainly the code comprising kernels, operating
systems, and applications are very complex and subject to screwups and
mistakes, but they also evolve and change, in large part in response to
problems which occur.  The fact that your intelligent friend can even
know about those "crufty design decisions and el crapo code" is to me,
the whole point of open source.

>
> I'm not advocating his belief, it's just that (1) the history of Unix as
> a cracker proof platform is not true; (2) most of the professional Unix
> community views Linux as a largely amateurish attempt relative to their
> "heavy duty code", and (3) we're all human.

Who claims "Unix as a cracker proof platform" anyway?  It's simply
a pragmatic effort to make computers do useful work, and thinking
it's perfect or "ideal" is a delusion.  Problems can't be fixed until
they're either anticipated or exposed, and with open source even the
practictioners of professional, closed source systems can watch what's
going on and jeer if it makes them feel better.

>
> I believe all of your statements I snipped are destined to be crow one
> day we will all eat.

... and having digested that, we'll move on the better for it.  I think
your basic premise is flawed, that Linux is claimed to be perfect and
immune from exploits.

On the subject (Re: recommended Virus Scanner?), I recently included one
in my .procmailrc (http://www.freshmeat.net/yavr/) after seeing it on
this list, and it's got a quite a list of specific exploits to check for
(a lot of them Windows based, I'm sure).  It's caught all of my Sven 
hits at least.  From the top of the code:

  # - features
  #  - trap e-worms with base64 signatures (most known like Klez, Hybris, BugBear...)
  #  - iframe html exploit
  #  - CLSID hidden extensions exploit
  #  - xml codebase exploit
  #  - generic executable trap for bat, pif, vbs, vba, scr, lnk, com, exe
  #  - generic macro detection for doc,dot,xls,xla files
  #  - generic detection for most of nigeria scam e-mails (most of them)
  #    (please remember to configure nigeria scam filter. default is ON)

Ken

-- 
Ken Irving, Research Analyst, fnkci@uaf.edu, 907-474-6152
Water and Environmental Research Center
Institute of Northern Engineering
University of Alaska, Fairbanks

Reply to:

References:
- Re: recommended Virus Scanner?
  - From: Steve Lamb <grey@dmiyu.org>
- Re: recommended Virus Scanner?
  - From: Tom <tb.31123.nospam@comcast.net>
- Re: recommended Virus Scanner?
  - From: "Karsten M. Self" <kmself@ix.netcom.com>
- Re: recommended Virus Scanner?
  - From: Tom <tb.31123.nospam@comcast.net>

Prev by Date: Re: Setting up debian package server for installation over ethernet
Next by Date: kernel 2.6.0-testXX smbfs hang
Previous by thread: Linux security vs. foo (was Re: recommended Virus Scanner?)
Next by thread: freebsd - Re: recommended Virus Scanner?
Index(es):
- Date
- Thread