public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
From: Jonas de Buhr <jonas.de.buhr@gmx.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Which desktop antivirus?
Date: Sat, 22 Oct 2011 16:22:20 +0200	[thread overview]
Message-ID: <20111022162220.7e7a7f77@toxic.dbnet> (raw)
In-Reply-To: <4EA2AC79.5050102@binarywings.net>

Am Sat, 22 Oct 2011 13:43:53 +0200
schrieb Florian Philipp <lists@binarywings.net>:

> Am 22.10.2011 13:29, schrieb Nilesh Govindarajan:
> > On Sat 22 Oct 2011 04:57:33 PM IST, Mick wrote:
> >> Hi All,
> >>
> >> I'm asked for a desktop antivirus (the box is running KDE) but I
> >> have never used an antivirus on Linux.  This page that I googled
> >> up shows a number of them:
> >>
> >>   http://www.makeuseof.com/tag/free-linux-antivirus-programs/
> >>
> >> Meanwhile, portage only lists clamav under app-antivirus/.
> >>
> >> The machine in question is running kmail to receive/send messages
> >> from ISP mail servers and ssmtp to send log messages for relaying
> >> via said ISP.
> >>
> >> What have you tried and what would you recommend for such a
> >> desktop setup?
> > 
> > IMHO, you don't need antivirus on a Linux box, unless you're going
> > to run a mail relay, where you are responsible for saving recipents
> > from viruses.
> 
> I agree. Check that your ISP performs virus checks. If not or if you
> want to be extra sure, I think kmail can work with clamav -- at least
> it could in the old 3.x days when I still used it.
> 
> > The simplest reason of all is, Linux doesn't know how to execute 
> > Windows binaries.
> > 
> 
> Well, this is an oversimplification.
> 1) Any box running Wine is possibly as exposed to your classic
> pretty-women.exe mail attachments as any windows systems.
> 2) You should also be worried about Open/LibreOffice macro viruses as
> well as PDF vulnerabilities. Not to forget Flash, Java or Mozilla
> based exploits.

or image rendering library bugs. or mono. or tricky multi-platform
viruses/worms. saying that linux based viruses don't exist is simply
wrong. there may not be much in the wild, but they definitely are out
there.

it is probably more difficult to write a successful virus for linux
than for windows for a number or reasons but in principle the problem is
the same as on windows.
i think the main technical reason is the heterogeneity of the
installations. one or two local exploits and you can hit almost any
windows XP installation. in linux you have to deal with n combinations
of kernel-version, glibc-version, etc. and there is very little you can
depend on to be in a fixed location in memory since different compiler
options may already change that. there are ways around all this of
course[1], but its a lot of work. too much for the limited impact.
also, a lot of malware seems to depend on social engineering for
infection these days. i think thats going to work less good on a lot of
linux users because the system conditions you to think before you act.

that aside, i predict that we will see some linux viruses or worms with
larger infections in the future. i guess the first ones will be for
ubuntu because it has a large base of rather consistent base
installations.

/jonas

--

[1] fun idea: something exploiting bugs in the usb storage subsystem or
file system handling code spreading to usb sticks. you could probably
even make that multi-platform if you find the needed bugs for different
OSes.


> 
> Still, keeping your system up-to-date and observing the freshly
> revived GLSA notifications is more likely to save your butt than
> clamav.
> 
> Cheers,
> Florian Philipp
> 



  reply	other threads:[~2011-10-22 14:25 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-10-22 11:27 [gentoo-user] Which desktop antivirus? Mick
2011-10-22 11:29 ` Nilesh Govindarajan
2011-10-22 11:43   ` Florian Philipp
2011-10-22 14:22     ` Jonas de Buhr [this message]
2011-10-22 15:40       ` Mick
2011-10-22 17:03         ` [gentoo-user] " Nikos Chantziaras
2011-10-22 20:31           ` Neil Bothwick
2011-10-30 12:35             ` Mick
2011-10-22 11:37 ` Nikos Chantziaras
2011-10-22 14:07   ` Adam Carter
2011-10-22 14:22     ` Pandu Poluan
2011-10-22 15:14     ` Nikos Chantziaras
2011-10-22 19:55       ` Mark Knecht
2011-10-22 20:47       ` Florian Philipp
2011-10-22 21:30       ` Volker Armin Hemmann
2011-10-23  4:04         ` Adam Carter
2011-10-23  7:49         ` Mick
2011-10-23  9:06           ` Florian Philipp
2011-10-22 17:27 ` [gentoo-user] " Dale
2011-10-22 18:46   ` Mick
2011-10-22 19:15     ` Dale
2011-10-23 11:01     ` Volker Armin Hemmann
2011-10-29 15:39       ` Mick
2011-10-29 17:26         ` Mark Knecht
2011-10-29 18:11           ` Mick
2011-10-29 18:25             ` Pandu Poluan
2011-10-29 18:40               ` Mick
2011-10-30 12:50                 ` Mick
2011-10-30 13:32                   ` James Broadhead
2011-10-30 15:29                     ` Mick
2011-10-31  9:54                       ` James Broadhead
2011-10-30 20:01                     ` James Broadhead
2011-10-23 22:47     ` Dale
2011-10-22 19:05   ` Andrey Moshbear
2011-10-22 19:17   ` Pandu Poluan
2011-10-23  7:20     ` du yang
2011-10-23  8:38       ` Pandu Poluan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20111022162220.7e7a7f77@toxic.dbnet \
    --to=jonas.de.buhr@gmx.net \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox