On Wednesday 28 January 2004 11:35 pm, stephan schutter wrote: > Try F-prot! It is free for peronal use on linux. > > Steve Bergman wrote: > > Carter J. Castor wrote: > >> I know that the number and popularity of viruses for Linux is extremely > >> lower than Windoze; however, I am on a university network that has > >> viruses floating around like an AIDS convention so I would like to have > >> some sort of anti-virus program running in the background. The ones I > >> find are either a) commercial apps b) exclusively for e-mail c) open > >> source ones that don't look very complete. What do you guys use for > >> non-email based virus scanners? > > > > You pretty much answered your own question. There are about as many > > linux viruses on your network as there are HIV virus particles floating > > around at an AIDS convention. In other words, none. HIV does not > > "float around". However, worms and trojans do exist, as well as regular > > old exploits, etc. A scanner would be of no help for regular exploits, > > although it *might* be of some benefit with trojans. But only after the > > fact. Once the trojan has been run even once, your whole box is a > > potential security risk whether the trojan executable has been removed > > or not. > > > > Scanning for virii after the fact is pretty poor as a security policy. > > Has that policy stemmed the flow of virii in the Windows world? > > > > Ask yourself how you think your machine might become infected. Are you > > keeping your box updated with security patches from your vendor? This > > is your best defense against remote network exploits. Are you running > > network services that are visible to the network? This is a vector for > > "worms", not virii. Are you running executables from an untrusted > > source? That's how you get trojans. Are you running as root > > unnecessarily? To be honest, I have always found the arguments for not > > running as root to be rather flimsy, but it is still a good idea. If > > you do happen to run a trojan, you at least can contain and isolate the > > contamination more easily, though you could still lose all your data, > > which is usually more valuable than the 30 minute OS installation. Are > > you doing backups? > > > > Personally, I hate these "there's no magic bullet" answers when they are > > used to argue against things like transpernt buffer overflow prevention > > in compilers, which have a real, though not "magic bullet" benefit. But > > I just don't see Linux virus scanning being of much value. FYI, http://www.f-prot.com/virusinfo/unix.html reports that there are only 2 virii infecting Unix systems, 1 is targeting BSD systems running a vulnerable version of Apache, and the other is targeting Linux systems running Apache w/ Open SSL enabled -- Charles Howse Jackson, TN Fedora Core 1 Uptime: 4:38
