Rodolfo Alcazar wrote:
On Fri, 2005-11-25 at 14:48 +0000, Joao Paulo Pires wrote:
'Linux may not be as vulnerable as Windows, but if you think Linux
viruses don't exist, you'd better think again. Virus writers have any
number of possibilities'
I have just read this sentence and I'm concerned because I have only
firewall(from router a from FC4) working on FC4. Could you explain to
me wich actions I should take? Note: I have Toshiba laptop, FC4, Gnome
and Thunderbird. The only programs I know are Clamav and Spamassassin.
Is it enough? Although I know FC4 has SELinux. Best regards, Joao.
Windows viruses depend on a large number of users all using the same
broken software. If you step outside the norm, even on Windows, you
reduce the likelihood of infection enormously. Use the Mozilla suite
instead of Internet Exploder and Lookout (Express), and viruses relying
on the vulnerabilities in MS malware.
In Linux, you don't
a) Have the numbers (as a proportion of all Intentet users)
b) Have a large proportion all using the same software.
If you check email headers, you will see people here using kmail,
mozilla, tbird, evolution, mutt, pine and probably others, and a few
using Windoes and OS X clients.
The likelihood of someone writing a single virus attacking more than one
(counting Mozilla ant tbird as one) _and_ getting it to spread is fairly
small.
Years ago (I was using the then recent RHL 7.3) , Kaspersky released a
virus scanner client for Linux. I pressed them for a catalogue of known
Linux viruses. They came up with a list of five, some of which I'd
heard. At least one was a worm (doesn't spread in email), one was maybe
a problem in RHL 6.2.
- Have updated systems! update your system daily. Yum must program your
yum or apt updates to run at least daily.
That is plain stupidity. It is worse than securing your system sensibly
and applying _no_ updates.
If you blindly apply updates as they appear, you will get a broken
system, nothing surer.
I'm on a list where folk discuss Linux on IBM zSeries. These are serious
folks running serious computer systems supporting serious businesses.
Businesses such as Boeing, Wells Fargo, EDS, Citygroup, Bank of America.
Where people here sometimes think about running a virtual computer,
lotsa those folks run 100 or so in a real box: one maniac became
infamous a few years ago by running 40,000 or so of them. Lots run
virtual networks (and worry about security between them).
These folk don't apply every patch as it arrives, they look at it, see
what it fixes, evaluate how it applies to them, the risk of not applying
it, the risk of applying it and probably don't apply it until next patch
day. Which might be the next refresh of Nahant.
In my case, I only look after little systems and I do update regularly,
and I do download updates automatically, but I always update manually,
after seeing what's affected. That way, if something breaks as a result,
I will know that something changed.
If you run yum daily to keep the system up2date and something breaks,
you will have no idea whether something changed, what changed or when.
That's a pretty serious matter if your business depends on it, if you
have a dozen or a hundred staff sitting round talking coz the server's
down again, if you're filing client's email as spam or turning them away
because your website's down. Again.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list