Re: virus killers?

To: debian-user@lists.debian.org
Subject: Re: virus killers?
From: Jamin W.Collins <jcollins@asgardsrealm.net>
Date: Mon, 14 Oct 2002 07:13:38 -0500
Message-id: <[🔎] 20021014071338.73915f7c.jcollins@asgardsrealm.net>
In-reply-to: <[🔎] 20021014081346.GH11694@brain>
References: <[🔎] ZW2YLGYW86XUNQLWKI13XQHCA6C7.3da72edc@AOpen> <[🔎] 20021011215201.GA37089@doorstop.net> <[🔎] 20021011175037.1cc3ca6d.jcollins@asgardsrealm.net> <[🔎] 20021012052208.GA85220@doorstop.net> <[🔎] 20021012193502.GC4925@jamin-mini> <[🔎] 20021014081346.GH11694@brain>

On Mon, 14 Oct 2002 17:43:46 +0930 Tom Cook <tom.cook@adelaide.edu.au>
wrote:

> I have not done the numbers, but a cost/benefit analysis would surely
> show that, if everyone installed virus checkers on their *nix boxen,
> the aggregate time taken scanning for viruses must be thousands of
> times the aggregate time taken cleaning up after viruses if nobody
> did.

Sure, that's almost a given even in MS land where viruses are many times
more prevalent.  However, are you willing to be responsible for damage
done by an infected machine that could have been prevented with a simple
scanner?  I don't know about you, but I've got more than a few CPU cycles
to spare to a simple scanner.

>  I have no numbers to back this up, just anecdotal evidence.  I
> have seen how long a virus scan takes on a Windoze box.  I know
> no-one, have met no-one, have read writings by no-one and have heard
> of no-one who has had a virus infection on a linux system except the
> guy in the reference you posted, who had to _write the virus himself_
> to acheive it.

The point is that it _can_ be done, Linux is not immune, nothing is.
 
> I think the request was for a *tool* to scan for viruses, not
> requirements for your ideal one.  Since you insist that it is
> necessary to have one, presumably you have taken this fundamental step
> of security.  So which do you use?

clamav

> > IP traffic:
> > I've seen very little (even in the MS sector) that is capable of
> > adequately scanning IP traffic routed through the system.  So, I doubt
> > there is much available in the Linux (or other Unix variant) area.
> 
> Oh get real.  Scan all IP traffic?  

Here are a few that try:

http://www.pandasoftware.com/com/nprod2002/firewall.asp
http://www.trendmicro.com/en/products/gateway/isvw/evaluate/features.htm

> Well, probably it does mean that.  It also means that they should
> never run untrusted code as root, and it means that they should avoid
> the root account as often as possible.

Agreed, but all it takes is _one_ mistake.  We've recently seen two
seemingly trust worthy sources trojaned with a compile-time back door. 
Granted, most users know that they shouldn't compile sources as root, but
I'm sure we can both agree that there are are those that do.

> That a virus can be written for ELF
> binaries is a long way from proving that a virus can replicate
> sustainably on *nix platforms.

Worms have already proven that.

-- 
Jamin W. Collins

Reply to:

References:
- virus killers?
  - From: if.frijns@wanadoo.nl
- Re: virus killers?
  - From: Vineet Kumar <debian-user@virtual.doorstop.net>
- Re: virus killers?
  - From: Jamin W.Collins <jcollins@asgardsrealm.net>
- Re: virus killers?
  - From: Vineet Kumar <debian-user@virtual.doorstop.net>
- Re: virus killers?
  - From: "Jamin W. Collins" <jcollins@asgardsrealm.net>
- Re: virus killers?
  - From: Tom Cook <tom.cook@adelaide.edu.au>

Prev by Date: xterm stops jobs writing to terminal
Next by Date: Re: xterm stops jobs writing to terminal
Previous by thread: Re: virus killers?
Next by thread: Re: virus killers?
Index(es):
- Date
- Thread