| Apparently my subscription was dropped, but that's fixed now. I've been inactive
|for a while, but have started up a Linux box again. I'll have to relearn a lot!
| ~~~~~~~~~~~~~
| I'd like some recommendations for a stand-alone Linux AV package. I have McAfee
|VirusScan for UNIX, but it's more oriented to clients on a LAN, and, I hear,
|appallingly memory intensive. (I've got Suse 10.1 on a slow 10 GB machine.) I'd also
|like a personal firewall of the style of Zone Alarm...and some anti-spyware
|program(s). It's possible that all of these are on disks 4, 5, and AddOn, but
|without knowing their names I haven't identified them.
|
| ~~~~~~~~~~~~~
| (Incidentally, I've been running Black Ice firewall for XP, and it's very
|aggressive, but utterly fails to learn. For example, I do a daily download and
|execution of the Symantec definition file, and every day it blocks the execution at
|least four times, in spite of my clicking the "Don't ask again" box. It always
|identifies Firefox as a possible rogue application and also as a possible Trojan,
|but doesn't even provide a "Don't ask again" button. NOT RECOMMENDED.)
|
Well, as a word of encouragement, I know several people who are just using the
default installations with the default security and firewall configurations
on current Linux distros and haven't had any trouble. Maybe things are a little
better these days.
If you are already on a firewalled network, enable the default Suse firewall, use
basic security measures and you should be good to go.
But the honest truth is that security is a HUGE topic. There are some companies that
try to market security software but you can't think it'll do everything for you.
Education is your best defense, and you have to constantly educate yourself, read
books, check the security websites for latest advisories, download security software
and learn how to use it.
If you're using Suse 10.1 have you seen this page?
http://www.novell.com/products/suselinux/security.html
Instead of using the phrase 'virus software' maybe it's
better to refer to 'security software' in a Unix/Linux environment. And I don't
really know what to tell you about this - I don't think anyone uses just one piece
of security software in a Unix/Linux environment.
You don't need one 'virus' protection program like you might buy for a windows OS,
but you do need to practice all the basic security measures. It doesn't matter what
'security' software you install if you haven't taken care of basic security
measures.
- don't log on as root except to do system admin: use usernames and good passwords
- check permissions of directories and files
use chmod to set minimum permissions (as root)
(chmod 700 /home/username)
- turn off unnecessary services (as root)
chkconfig --list | grep :on
if you see "zebra" running and you don't need zebra then
chkconfig zebra off
- backup critical data ( hard drives and thumb drives really cheap!)
- check the logs (as root)
more /var/log/messages
more /var/log/secure
To scan for trojans, root-kits, etc. you need to mount the file system so it isn't
live, and run your scanning tools from some standalone CD distribution like knoppix.
There's a ton of security programs on this disk:
http://www.remote-exploit.org/index.php/Auditor_main
Tripwire and chkrootkit are two other programs that come to mind.
If you're doing anything more complicated than home use, like writing software or
web apps or running servers, it gets hairy.
lp
