Re: Debian virus/spy-ware detection and detection technique.
On Sat, 17 Jul 2010 14:06:58 +0700, Sthu Deus wrote:
> I have 3 questions on virus/spy-ware detection and detection technique.
He, sounds like a test...
> 1. Which software (may that is even packaged for Debian) is the best at
> Your opinion and why for virus/spy-ware (the software that scans for
> interesting data and sends it to some host) detection?
- For scanning/detecting virus/malware for Windows systems or linux
- For local scanning (e-mails, Internet browsing) or a bunch of network
- By "(sic) and sends it to some host" you mean "keep the admin informed
by sending an alert to a host" or you mean "collaborative tools to
> 2. What's the technique of scanning for the malicious software? - As I
> can understand it should be absolutely trustworthy and at the same time
> - up-to-date (the bases it uses) - so, should I have a separate HDD for
> the goal that stands most the time separately (on a shelf), updating
> alone in computer, then again removed and being used only as a primary
> disk for scanning attached disks - as the secondary? Or there is more
> easy to perform way of accomplishing this?
Not sure what OS we are talking here...
If you want to assure a true clean environment, better reformat and start
from scratch. As soon as you plug the disk in a network (or via USB port
to an infected machine) data on it can be also compromised.
> 3. Is it possible to scan for this very purposes (virus & spy-ware) the
> distro CD/DVD -s - as it is from the media, without explicit manual
> unpacking - to be sure the software is OK (in case when check sums are
> not available OR it is impossible for some reasons to re-download the
I think yes. Many AV scanners will scan ISO files (no "unpacking"
required) but that depends on the AV engine itself.
But (and I think this is important) when you scan and ISO file for
malware and the result is clean/passed, that is not proving the ISO image
could have been manipulated and/or changed. Checksum (or similiar
techniques) is a must.
Final words: In general, I do not trust AV scanners so much, neither for
Windows nor other OS. They are still basing their detection score on
rather older techniques (stock antimalware firm definition files). Any
good designed OS has to have its own defenses... and the user has to be
> Thank You for Your time.
I hope I've passed the test :-P