Re: Anti-virus Programs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Carter J. Castor wrote:

I know that the number and popularity of viruses for Linux is extremely
lower than Windoze; however, I am on a university network that has
viruses floating around like an AIDS convention so I would like to have
some sort of anti-virus program running in the background.  The ones I
find are either a) commercial apps b) exclusively for e-mail c) open
source ones that don't look very complete.  What do you guys use for
non-email based virus scanners?




You pretty much answered your own question. There are about as many linux viruses on your network as there are HIV virus particles floating around at an AIDS convention. In other words, none. HIV does not "float around". However, worms and trojans do exist, as well as regular old exploits, etc. A scanner would be of no help for regular exploits, although it *might* be of some benefit with trojans. But only after the fact. Once the trojan has been run even once, your whole box is a potential security risk whether the trojan executable has been removed or not.

Scanning for virii after the fact is pretty poor as a security policy. Has that policy stemmed the flow of virii in the Windows world?

Ask yourself how you think your machine might become infected. Are you keeping your box updated with security patches from your vendor? This is your best defense against remote network exploits. Are you running network services that are visible to the network? This is a vector for "worms", not virii. Are you running executables from an untrusted source? That's how you get trojans. Are you running as root unnecessarily? To be honest, I have always found the arguments for not running as root to be rather flimsy, but it is still a good idea. If you do happen to run a trojan, you at least can contain and isolate the contamination more easily, though you could still lose all your data, which is usually more valuable than the 30 minute OS installation. Are you doing backups?

Personally, I hate these "there's no magic bullet" answers when they are used to argue against things like transpernt buffer overflow prevention in compilers, which have a real, though not "magic bullet" benefit. But I just don't see Linux virus scanning being of much value.

Steve




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux