Re: Antivirus for Debian

To: debian-user@lists.debian.org
Subject: Re: Antivirus for Debian
From: "Andrew M.A. Cater" <amacater@galactic.demon.co.uk>
Date: Sun, 23 Aug 2015 19:49:52 +0000
Message-id: <[🔎] 20150823194952.GA3107@galactic.demon.co.uk>
In-reply-to: <[🔎] CAAr43iOCMH2P2PjCFG7ffGRdcTggCFCxCG8D_yuzbBzVeVY9=w@mail.gmail.com>
References: <[🔎] CAMb9PZmocO3KKPOJhAevvouM0Tgfx8ZZc-bUXdgat3Gzv906GQ@mail.gmail.com> <[🔎] CAAr43iOCMH2P2PjCFG7ffGRdcTggCFCxCG8D_yuzbBzVeVY9=w@mail.gmail.com>

On Sun, Aug 23, 2015 at 11:56:29PM +0900, Joel Rees wrote:
> I think we have to be careful when we talk about the usefulness of
> anti-malware tools and tactics.
> 
> Carelessly asserting the superior inherent security of Linux based
> systems can be read as reassurance that we are invincible. Carelessly
> acknowledging the problems with our tools can easily be read as
> reassurance that they are all not useful enough to be bothered with.
> 
> I think both attitudes discourage real understanding of the nature of
> the problems, and encourage bad strategies.
> 

Sophos now produce a free AV for Linux if you don't need support.

Notably, it doesn't work with systemd so would be useless on Red Hat
Enterprise Linux 7 / CentOS 7 / Debian 8.* or Ubuntu LTS shortly.

This is a significant product for £££ in the Windows enterprise market.

One of the hard copy Linux magazines I spotted today summed it up as

AV for your Windows, Mac and Android using friends ...

And it is only effective for virus definitions on these systems.

> In particular, everyone who nodded in assent when someone said or
> implied that no meaningful threats exist in the wild, please go back
> and read the wikipedia page on linux malware again. Sure, the page is
> not perfectly accurate, particularly in the (lack of) discussion of
> strategies, but there is enough there to tell us that real threats
> have existed and do currently exist in the wild.
> 

>From that article:

Linux, Unix and other Unix-like computer operating systems are generally regarded
as very well protected against, but not immune to, computer viruses

[immediately followed by]

There has not yet been a single widespread Linux virus or malware infection
of the type that is common on Microsoft Windows: this is attributable generally
to the malware's lack of root access and fast updates to most Linux vulnerabilities"

Look also at the paragraph on software repositories, maintainer building and the use of 
checksums which does increase or security. 

> (And the argument that threats to MSWindows users can safely be
> ignored by Linux users is just too much us-versus-them, isn't it?)
> 

Nope. Threats that are only a threat to a Windows operating system pose no risk to 
a Linux system whatsoever on that Linux system. The sort of email attachment that is 
a hidden base64 / zip file disguised with a .doc extension is entirely pointless on a Linux 
system.

For Windows, AV is sensible but not infallible - approach any AV vendor and they'll always
caveat the effectiveness of their detection and point out that they don't protect you against
the threat anyway.

Just my 0.02¢

AndyC

> Joel Rees
> 
> Computer memory is just fancy paper,
> CPUs just fancy pens.
> All is a stream of text
> flowing from the past into the future.
> 
> On 2015/08/21 2:59 "Dwijesh Gajadur" <dwijesh1@gmail.com> started a thread:
> >
> > Hello guys. I wanted to know if antivirus is required for Debian or for linux in general. And if it is required, what are the recommended antivirus for Debian?
> > Thank you in advance.
> >
> > With Kind Regards,
> > Dwijesh

Reply to:

References:
- Antivirus for Debian
  - From: Dwijesh Gajadur <dwijesh1@gmail.com>
- Re: Antivirus for Debian
  - From: Joel Rees <joel.rees@gmail.com>

Prev by Date: Re: no pulse audio- so now new sound trouble
Next by Date: Re: From wheezy to stretch: can't start X session when logging in from kdm
Previous by thread: Re: Antivirus for Debian
Next by thread: Request virtualbox setup advice
Index(es):
- Date
- Thread