[huskerlug] Re: Anti-Virus for GNU/Linux? My simple notes for n00bs
- From: Steve <steve@xxxxxxxxxxxxx>
- To: huskerlug@xxxxxxxxxxxxx
- Date: Mon, 1 Sep 2003 11:58:28 -0500
For those that are curious, here is a link I found that lists a few viruses
for Linux:
http://www.viruslist.com/eng/viruslistfind.asp?findWhere=011&findTxt=linux
It's really kind of interesting to read through. Especially the
cross-platform Linux/Windoze virus. Although it's only a proof of concept
virus, it opens up the door to a lot of possibilities.
And just to set the record straight on a few things:
I don't personally worry about getting infected with a virus on a Linux or
Unix machine. Why? I don't have any of my e-mail programs configured to
auto execute programs based on e-mail content. Kmail is even configured so
it doesn't display http e-mail by default. I also don't run programs sent to
me from unknown sources, and I only log in as root when absolutely necessary.
I also believe that it is more difficult to write a virus that will cause
wide-spread infection among *nix users. Why? There is enough variation in
the various *nixes that it makes it more difficult to write a virus that can
attack all, or even most of them. Even within just the Linux camp, there are
enough variations in the various distros that it would require more time and
effort on the part of a virus writer to create a virus the spreads
effectively. One example of this is the OpenSSL security hole found last
year. The early exploits would work in some of the *nix OSes, and not
others. If it worked on Linux, it may not work on *BSD and vice versa. And,
*nix systems tend to run on more architectures than windows. So a virus/worm
that may work on Linux/i386 may not work on Linux/SPARC. However, a
virus/worm writer who is seeking recognition/glory will probably write their
virus for Linux/i386 to get the most bang for the buck.
Also, as Patrick and others have pointed out, end user applications on *nix
based OSes typically have a more secure default setup than their windoze
counterparts (or they don't even include the potentially dangerous "features"
all together).
Do I run a virus scanner at home? No, not yet. Eventually I will. Why?
More for curiosity than anything. I like to see how many viruses are
actually sent to me, and although some e-mails obviously contain a virus, not
all of them are so easy to spot. I'd also like to keep some of them around
for future testing (personal and work related). Although I'm not worried
about my *nix machines becoming infected, I will eventually have a windoze
box or 2 in my house for various reasons (i.e. gaming, kids programs, etc.)
and they do need to be protected with AV software.
I just don't believe that *nix will NEVER have a virus (because as the link
above shows, there are already a few out there).
--
Steve Bremer
RHCE,CCNA
--
Real Men don't make backups. They upload it via ftp and let the world
mirror it. -- Linus Torvalds
--
GnuPG Key fingerprint = 7F06 4D73 7963 BE96 5189 953A E285 CB2C BA03 2746
Available on key servers.
P.S. If anyone is interested in a copy of the Sobig.F virus, I've got about
4500 of them in quarantine at work ;-)
----
Husker Linux Users Group mailing list
To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx
with a subject of UNSUBSCRIBE
Other related posts:
