Re: anti-virus software for Gnu/Linux

To: debian-user@lists.debian.org
Subject: Re: anti-virus software for Gnu/Linux
From: Rob Weir <rweir@ertius.org>
Date: Tue, 3 Feb 2004 18:59:59 +1100
Message-id: <[🔎] 20040203075959.GB4877@ooder.ertius.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20040203045103.169C9395F@sitemail.everyone.net>
References: <[🔎] 20040203045103.169C9395F@sitemail.everyone.net>

[Please wrap your lines!  It makes it much easier to read, and thus more
likely that you'll get a response.  Anywhere between 70 and 80 is
acceptable; 72 seems to be a nice value.]

On Mon, Feb 02, 2004 at 08:51:03PM -0800, MJ Inabnit said
> Greetings:
> 
> I have read several opinions regarding AV for Gnu/Linux.  The last one
> is Rick's rant
> <http://www.linuxmafia.com/~rick/faq/index.php?page=virus>.  However,
> the information is dated.
> 
> So what is the opinion now-a-days?  I just read a post last week where
> a new Gnu/Linux user strongly advocates AV for all new users.  The
    ^^^

Windows users seem to have a fixation on anti-virus software.  The Linux
approach is to just not run crap random people send to you.  I have
never ever heard of a mail client aside from Outlook that will even let
you run executables emailed to you without at least displaying a
huge-ass warning.

The other important point is that Linux (and all Unices that I'm aware
of) do not consider something executable just because a file has a
certain extension.  To run a program, it has to have the +x permission
bit set on it, which (AFAIK, but I'm pretty damn sure) is impossible for
an email attachment to set.

> claim was something along the line of "What if I send you an Email
> with an executable attachment like [cd, rm -r]".  

Then you laugh at them and forward it to your linux-using friends so
they can laugh at the poster as well.  Unless you manually run that
script, nothing will happen.  Nothing at all.  Also, how could a
anti-virus scanner prevent you from running this?  A kernel module that
stops shell scripts from ever executing the "unlink()" syscall (what rm
does)?

> I still don't buy the claim that I need AV on my box, but I'm also
> very open to sound security advice.

Don't run crap random people send you.  Keep up to date with updates
from security.debian.org (when it's revived, anyway).  Read
debian-security-announce.  Brush your teeth.  Oh, and kudos for being
skeptical :-)

-- 
Rob Weir <rweir@ertius.org> | mlspam@ertius.org  |  Do I look like I want a CC?
Words of the day: terrorism interception Fidel Castro Aldergrove Consul Fat Man

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- anti-virus software for Gnu/Linux
  - From: MJ Inabnit <listpostaddress@linux.net>

Prev by Date: Re: gcc & the kernel, supermount (?)
Next by Date: Re: Adding GTK+ engines to /usr/local
Previous by thread: Re: anti-virus software for Gnu/Linux
Next by thread: Re: anti-virus software for Gnu/Linux
Index(es):
- Date
- Thread