On Wed, 2005-02-16 at 09:05 -0800, jdow wrote:
> From: "Johnathan Bailes" <johnathan.bailes@xxxxxxxxx>
>
> > On Tue, 15 Feb 2005 18:47:44 -0800, jdow <jdow@xxxxxxxxxxxxx> wrote:
> > >
> > > Rootkits exist. Need I say more?
> > > {^_^}
> > >
> > >
> >
> > Ok, in that case pretty much the only anti-virus software you need on
> > a desktop linux box is chkrootkit.
> >
> > Is it just my sysadmin background or doesn't everyone run this?
> >
> > Delegating user authority does make it more secure and he has a good
> point.
> >
> > In fact, I am sorely afraid the first "linux virus" will be aimed at
> > the ubuntu set and those who have not disabled frickin sudo.
>
> There is a basic problem with chkrootkit. It is "reactive" rather than
> "preventative". (Firewalls are an example of a proactive tool, the third
> type.) Unless you are running it every 15 minutes or so considerable
> damage could be done to your system between runs. If you store customer
> records on the machine you'd really like preventative or proactive type
> protection. It is time for proactive system administrators to look into
> this concept and what is available. The danger at present is fairly
> small. And SELinux is a nice method of locking the door. However, over
> time a tool such as Norton's AntiVirus will very likely prove beneficial
> for people who have systems that contain student records, customer
> records, company financial information, and other things which could
> seriously damage their institution if they were released or even merely
> released prematurely.
Well all anti-virus software is reactive ... btw there was a recent fix
to Norton to fix an exploit where the scanning engine it self would
cause the infection in UPX packed executables.
I remember right you can setup ClamAV to do real-time scans as files are
updated. So if you really want real-time scanning you can do it with
Open Source tools.
Actually SElinux could be used to create a much better "firewall" than
anything that exists under windows that I'm aware of. The NSA developed
SElinux so that could have fine grain control over the interaction
between applications and the OS.
Paul
