[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian virus/spy-ware detection and detection technique.

On Sat, 17 Jul 2010 14:06:58 +0700, Sthu Deus wrote:

> I have 3 questions on virus/spy-ware detection and detection technique.

He, sounds like a test...
> 1. Which software (may that is even packaged for Debian) is the best at
> Your opinion and why for virus/spy-ware (the software that scans for
> interesting data and sends it to some host) detection?

- For scanning/detecting virus/malware for Windows systems or linux 

- For local scanning (e-mails, Internet browsing) or a bunch of network 
share files?

- By "(sic) and sends it to some host" you mean "keep the admin informed 
by sending an alert to a host" or you mean "collaborative tools to 
benefit others"?

> 2. What's the technique of scanning for the malicious software? - As I
> can understand it should be absolutely trustworthy and at the same time
> - up-to-date (the bases it uses) - so, should I have a separate HDD for
>   the goal that stands most the time separately (on a shelf), updating
>   alone in computer, then again removed and being used only as a primary
>   disk for scanning attached disks - as the secondary? Or there is more
>   easy to perform way of accomplishing this?

Not sure what OS we are talking here...

If you want to assure a true clean environment, better reformat and start 
from scratch. As soon as you plug the disk in a network (or via USB port 
to an infected machine) data on it can be also compromised.
> 3. Is it possible to scan for this very purposes (virus & spy-ware) the
> distro CD/DVD -s - as it is from the media, without explicit manual
> unpacking - to be sure the software is OK (in case when check sums are
> not available OR it is impossible for some reasons to re-download the
> images)?

I think yes. Many AV scanners will scan ISO files (no "unpacking" 
required) but that depends on the AV engine itself.

But (and I think this is important) when you scan and ISO file for 
malware and the result is clean/passed, that is not proving the ISO image 
could have been manipulated and/or changed. Checksum (or similiar 
techniques) is a must. 


Final words: In general, I do not trust AV scanners so much, neither for 
Windows nor other OS. They are still basing their detection score on 
rather older techniques (stock antimalware firm definition files). Any 
good designed OS has to have its own defenses... and the user has to be 
always alert.

> Thank You for Your time.

I hope I've passed the test :-P



Reply to: