[huskerlug] Re: antivirus

On Friday 22 August 2003 04:47 pm, you wrote:
> On Friday 22 August 2003 10:17 am, you wrote:
> > What do you guys/girls run for anti-virus on your Linux
> > machines? I'm looking for open source and also, if possible,
> > ok for commercial use.
> >
> > I've done some searching, but most seem to be free for
> > non-commercial use only...
>
> No need.
> Last fall I did research into Linux worms and viruses.   Symantice
> has (did?) have the best collection, 42 in all.   Of them most
> were laboratory speciments, as indicated by the fact they were
> 'found' on less than 3 PCs.   That's like finding a needle in 35
> million haystacks.    Anyway, only three, which were worms,  had
> any effect at all. Two were old and infected less than 500
> machines.  The worse occured last October and was called
> Slapper.  It infected 7,000 machince in Easter Europe.   The
> only way those machines could have been infected was if the user
> was running as root  -- which is something you NEVER want to do.
>
> Linux worms and viruses would require user assistance in order
> to work.   Sort of like receiving an email which said " send the
> email to all people in your address book and then run 'rm -rf'
> as root"
>
> The big worry for Linux is come cracker hacking into your box
> manually.    You can test for that by regularly using chkrootkit.
>
> Keeping your patches up todate and running a good firewall, like
> Shorewall (Firestarter is a good GUI for it), should keep you
> worry free.

Here is the Slapper info. =20
http://securityresponse.symantec.com/avcenter/venc/data/linux.slapper.worm.=
html

When searching for Linux viruses becareful.   Not all bugs with the=20
word "Linux" in their name are really Linux virusrs.  "Linux.Dido" is=20
an example.  It infects 'EXE" files.   No info is given on it.
http://securityresponse.symantec.com/avcenter/venc/dyn/10714.html
So, when you see a search listing 1,500+ "Linux" viruses you know it=20
is an inflated number.  Last fall Symantec listed only 42 Linux=20
virusrs, like I said.

Nice article on why viruses on Linux have a hard time: (It was written=20
before Slapper)
http://librenix.com/?inode=3D21

http://www.viruslist.com/eng/viruslistfind.asp?findWhere=3D011&findTxt=3Dli=
nux

Here's my comment of last fall:
http://nofud.linuxtoday.com/news_story.php3?ltsn=3D2003-04-18-005-26-OP-DT-=
SW-0005
which refers to but does not cite my orginal post.  Unfortunately I=20
can't seem to google it.


=2D-=20
=2D=20
Remember, the Ark was built by amateurs; the Titanic by professionals
GrayGeek

----
Husker Linux Users Group mailing list
To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx
with a subject of UNSUBSCRIBE

Other related posts: