[gentoo-user] Best anti-virus

[gentoo-user] Best anti-virus

[Tony Caudel]

[-- Attachment #1: Type: text/plain, Size: 441 bytes --]

I am currently using the clamv anti-virus program.  I was wondering if there
is a better one for Gentoo, especially one that integrates well with
Thunderbird.  That has been my one disappointment with clamav.  Not
necessarily clamav's fault since T/B maintains its emails in one long file.

Tony

-- 
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
 -- Benjamin Franklin

[-- Attachment #2: Type: text/html, Size: 500 bytes --]

Re: [gentoo-user] Best anti-virus

[Abraham Gyorgy]

[-- Attachment #1: Type: text/plain, Size: 882 bytes --]

If you want open source antivirus, you can only use ClamAV.
Anyway there are a number of free or commercial antivirus solutions for
Linux. (I don't know if any of these supports Thunderbird).

http://www.linux.com/articles/22899

This is a good article about antivirus solutions. You can use ClamAV along
with Sylpheed(Claws) because it has integration for it.

Bye, Gyuszk

2008/5/9 Tony Caudel <tony.caudel@gmail.com>:

> I am currently using the clamv anti-virus program.  I was wondering if
> there is a better one for Gentoo, especially one that integrates well with
> Thunderbird.  That has been my one disappointment with clamav.  Not
> necessarily clamav's fault since T/B maintains its emails in one long file.
>
> Tony
>
> --
> Those who would give up essential Liberty, to purchase a little temporary
> Safety, deserve neither Liberty nor Safety.
>  -- Benjamin Franklin

[-- Attachment #2: Type: text/html, Size: 1264 bytes --]

Re: [gentoo-user] Best anti-virus

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 636 bytes --]

On Fri, 9 May 2008 13:42:28 +0200, Abraham Gyorgy wrote:

> This is a good article about antivirus solutions. You can use ClamAV
> along with Sylpheed(Claws) because it has integration for it.

Which? Sylpheed or Claws? They are now separate programs. Claws Mail no
longer has a clamav plugin because libclamav is GPL 2 only and Claws is
GPL 3, although you can still use actions to pass mails through clamd.
there is a GPL3 compatible plugin that uses clamd rather than linking to
libclamav but it's not in the official distribution.


-- 
Neil Bothwick

The truth shall make you free, but first it shall piss you off.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: [gentoo-user] Best anti-virus

[Dirk Heinrichs]

[-- Attachment #1: Type: text/plain, Size: 907 bytes --]

Am Freitag, 9. Mai 2008 schrieb ext Tony Caudel:

> I am currently using the clamv anti-virus program.  I was wondering if
> there is a better one for Gentoo, especially one that integrates well
> with Thunderbird.  That has been my one disappointment with clamav.  Not
> necessarily clamav's fault since T/B maintains its emails in one long
> file.

Hmm, how many Linux viruses exist out there? Usually these Linux based anti 
virus progs only make sense on mail servers that receive mail for Windows 
users.

Or am I completely wrong here?

Bye...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68      | Web:  http://www.capgemini.com
D-40468 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Best anti-virus

[Volker Armin Hemmann]

On Freitag, 9. Mai 2008, Dirk Heinrichs wrote:
> Am Freitag, 9. Mai 2008 schrieb ext Tony Caudel:
> > I am currently using the clamv anti-virus program.  I was wondering if
> > there is a better one for Gentoo, especially one that integrates well
> > with Thunderbird.  That has been my one disappointment with clamav.  Not
> > necessarily clamav's fault since T/B maintains its emails in one long
> > file.
>
> Hmm, how many Linux viruses exist out there? Usually these Linux based anti
> virus progs only make sense on mail servers that receive mail for Windows
> users.
>
> Or am I completely wrong here?

better save than sorry - and there is more malware than virus' and worms. A 
good av might be able to find some of the less sophisticated rootkits too.
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Best anti-virus

[Dirk Heinrichs]

[-- Attachment #1: Type: text/plain, Size: 1508 bytes --]

Am Freitag, 9. Mai 2008 schrieb ext Volker Armin Hemmann:
> On Freitag, 9. Mai 2008, Dirk Heinrichs wrote:
> > Am Freitag, 9. Mai 2008 schrieb ext Tony Caudel:
> > > I am currently using the clamv anti-virus program.  I was wondering
> > > if there is a better one for Gentoo, especially one that integrates
> > > well with Thunderbird.  That has been my one disappointment with
> > > clamav.  Not necessarily clamav's fault since T/B maintains its
> > > emails in one long file.
> >
> > Hmm, how many Linux viruses exist out there? Usually these Linux based
> > anti virus progs only make sense on mail servers that receive mail for
> > Windows users.
> >
> > Or am I completely wrong here?
>
> better save than sorry - and there is more malware than virus' and worms.
> A good av might be able to find some of the less sophisticated rootkits
> too.

On Linux, to be affected by malware received via mail, the user has to 
explicitely:

1) Save the attachment
2) make it executable
3) finally run it

If you do all this with an attachment (eventually) received from an unknown 
source, you deserve having your data deleted ;-)

Bye...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68      | Web:  http://www.capgemini.com
D-40468 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Best anti-virus

[Alan McKinnon]

On Friday 09 May 2008, Dirk Heinrichs wrote:
> Am Freitag, 9. Mai 2008 schrieb ext Tony Caudel:
> > I am currently using the clamv anti-virus program.  I was wondering
> > if there is a better one for Gentoo, especially one that integrates
> > well with Thunderbird.  That has been my one disappointment with
> > clamav.  Not necessarily clamav's fault since T/B maintains its
> > emails in one long file.
>
> Hmm, how many Linux viruses exist out there? Usually these Linux
> based anti virus progs only make sense on mail servers that receive
> mail for Windows users.
>
> Or am I completely wrong here?

I don't think you are wrong. I know that theoretical Linux viruses do 
exist, but I've yet to actually see one in the wild.

Mail with a virus payload doesn't make much sense in the Linux world - 
how would the payload launch? Mail clients don't launch executables and 
they don't do it on Windows either - they tend to take advantage of 
ActiveX, VBMacros or whatever other sandbox applet MS comes up with 
next week. Linux doesn't have such things.

Rootkits do exist though. But how is an anti-virus program going to 
detect them? By running as root???? OMFG. I think I will be much much 
much safer NOT running Symantec's latest and greatest than running it.


-- 
Alan McKinnon
alan dot mckinnon at gmail dot com

-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Best anti-virus

[Tony Caudel]

[-- Attachment #1: Type: text/plain, Size: 560 bytes --]

On Fri, May 9, 2008 at 6:58 AM, Dirk Heinrichs <dirk.heinrichs.ext@nsn.com>
wrote:


> Hmm, how many Linux viruses exist out there? Usually these Linux based anti
> virus progs only make sense on mail servers that receive mail for Windows
> users.
>
> Or am I completely wrong here?


On the other hand, plenty of us then forward this mail to our windoze-using
friends who would be very unhappy if we infected them.

-- 
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
-- Benjamin Franklin

[-- Attachment #2: Type: text/html, Size: 848 bytes --]

Re: [gentoo-user] Best anti-virus

[Albert Hopkins]

On Fri, 2008-05-09 at 14:25 -0500, Tony Caudel wrote:
> On the other hand, plenty of us then forward this mail to our
> windoze-using friends who would be very unhappy if we infected them.

Then let them get the anti-virus software.

-a


-- 
gentoo-user@lists.gentoo.org mailing list

[gentoo-user] Re: Best anti-virus

[7v5w7go9ub0o]

Tony Caudel wrote:
> I am currently using the clamv anti-virus program.  I was wondering if there
> is a better one for Gentoo, especially one that integrates well with
> Thunderbird.  That has been my one disappointment with clamav.  Not
> necessarily clamav's fault since T/B maintains its emails in one long file.
> 
> Tony
> 

I am extremely pleased with Antivir (aka Avira) and its realtime LKM, 
Dazuko!

1. The Antivir database and heuristics contain dozens of Linux-specific 
rootkits and Trojans. These in addition to Windows sigs. FWICT,  the 
only freeware AntiMalware that take Linux seriously (Kaspersky payware 
does).

2. With Dazuko - a LKM, developed by AntiVir/Avira which provides 
real-time, on-access (read/write) scanning within directories you 
specify in configuration. I scan mail (in a chroot jail), browser and 
downloads (within a chroot jail, within RamDisk), Portage and portage 
work areas, and /home.

Given that emerges are done with Root privilege, this scanning for 
signatures may keep your box from being borked, should someone hack a 
distribution site, or poison the DNS system, or etc.

3. Recent testing by Windows testers indicate that Antivir is now  one 
of the better windows AV's, and that their heuristics are quite 
effective. I'd guess the same to be true for 'ix.

4. It scans for Linux screwups. :-) :-) e.g. here's one that I have left 
unrepaired because I think it's so great:

"ANTIVIR 2008-05-05_05:49:12.39449 Mon May  5 01:49:12 2008 WARNING: 
file '/etc/openvpn/trustconnect/pwd' is group or others accessible"

5. its heuristics have notified me of XSS script attacks (at test sites) 
after scanning scripts loaded into the browser cache, with "suspicious 
script" warnings - and blocking that script from use by the browser. The 
only other tool of similar function that I know of is "NoScript", an 
extension for use in FireFox.

6. I run WAN/LAN-connected applications in chroot jails (Grsecurity 
Hardened). Anything downloaded into a browser jail, lftp or TBird jail 
is moved to a "download" area via a script that invokes a deep scan by 
Antivir after it gets there.  Dazuko invokes a second scan, as it also 
monitors that area.

7. AntiVir is not in portage. Dazuko is. Dazuko can be used with other 
AntiMalwares,  or customized to respond to user-created tests (e.g. 
changed file).

8. Linux and Unix oldtimers will scoff at real-time malware scanning - 
but I'm convinced that in todays world, realtime scanning is one 
important thing (perhaps the only thing) that we can learn from Windows.

HTH



-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Re: Best anti-virus

[forgottenwizard]

On 20:13 Fri 09 May     , 7v5w7go9ub0o wrote:
> I am extremely pleased with Antivir (aka Avira) and its realtime LKM, 
> Dazuko!
>
> 1. The Antivir database and heuristics contain dozens of Linux-specific 
> rootkits and Trojans. These in addition to Windows sigs. FWICT,  the only 
> freeware AntiMalware that take Linux seriously (Kaspersky payware does).
>
> 2. With Dazuko - a LKM, developed by AntiVir/Avira which provides 
> real-time, on-access (read/write) scanning within directories you specify 
> in configuration. I scan mail (in a chroot jail), browser and downloads 
> (within a chroot jail, within RamDisk), Portage and portage work areas, and 
> /home.
>
> Given that emerges are done with Root privilege, this scanning for 
> signatures may keep your box from being borked, should someone hack a 
> distribution site, or poison the DNS system, or etc.
>
> 3. Recent testing by Windows testers indicate that Antivir is now  one of 
> the better windows AV's, and that their heuristics are quite effective. I'd 
> guess the same to be true for 'ix.
>
> 4. It scans for Linux screwups. :-) :-) e.g. here's one that I have left 
> unrepaired because I think it's so great:
>
> "ANTIVIR 2008-05-05_05:49:12.39449 Mon May  5 01:49:12 2008 WARNING: file 
> '/etc/openvpn/trustconnect/pwd' is group or others accessible"
>
> 5. its heuristics have notified me of XSS script attacks (at test sites) 
> after scanning scripts loaded into the browser cache, with "suspicious 
> script" warnings - and blocking that script from use by the browser. The 
> only other tool of similar function that I know of is "NoScript", an 
> extension for use in FireFox.
>
> 6. I run WAN/LAN-connected applications in chroot jails (Grsecurity 
> Hardened). Anything downloaded into a browser jail, lftp or TBird jail is 
> moved to a "download" area via a script that invokes a deep scan by Antivir 
> after it gets there.  Dazuko invokes a second scan, as it also monitors 
> that area.
>
> 7. AntiVir is not in portage. Dazuko is. Dazuko can be used with other 
> AntiMalwares,  or customized to respond to user-created tests (e.g. changed 
> file).
>
> 8. Linux and Unix oldtimers will scoff at real-time malware scanning - but 
> I'm convinced that in todays world, realtime scanning is one important 
> thing (perhaps the only thing) that we can learn from Windows.
>
> HTH
>

I think alot of old-timers also realize that, unless you specifically
allow something to run, then it can't hurt you.

Chances are, unless you are allowing XSS and are surfing sites you can't
trust, you're close to bullet-proof, with the exception of program
exploits that you really can't do anything about.

-- 
gentoo-user@lists.gentoo.org mailing list

[gentoo-user] Re: Best anti-virus

[7v5w7go9ub0o]

forgottenwizard wrote:
> On 20:13 Fri 09 May     , 7v5w7go9ub0o wrote:
>> I am extremely pleased with Antivir (aka Avira) and its realtime LKM, 
>> Dazuko!
>>
>> 1. The Antivir database and heuristics contain dozens of Linux-specific 
>> rootkits and Trojans. These in addition to Windows sigs. FWICT,  the only 
>> freeware AntiMalware that take Linux seriously (Kaspersky payware does).
>>
>> 2. With Dazuko - a LKM, developed by AntiVir/Avira which provides 
>> real-time, on-access (read/write) scanning within directories you specify 
>> in configuration. I scan mail (in a chroot jail), browser and downloads 
>> (within a chroot jail, within RamDisk), Portage and portage work areas, and 
>> /home.
>>
>> Given that emerges are done with Root privilege, this scanning for 
>> signatures may keep your box from being borked, should someone hack a 
>> distribution site, or poison the DNS system, or etc.
>>
>> 3. Recent testing by Windows testers indicate that Antivir is now  one of 
>> the better windows AV's, and that their heuristics are quite effective. I'd 
>> guess the same to be true for 'ix.
>>
>> 4. It scans for Linux screwups. :-) :-) e.g. here's one that I have left 
>> unrepaired because I think it's so great:
>>
>> "ANTIVIR 2008-05-05_05:49:12.39449 Mon May  5 01:49:12 2008 WARNING: file 
>> '/etc/openvpn/trustconnect/pwd' is group or others accessible"
>>
>> 5. its heuristics have notified me of XSS script attacks (at test sites) 
>> after scanning scripts loaded into the browser cache, with "suspicious 
>> script" warnings - and blocking that script from use by the browser. The 
>> only other tool of similar function that I know of is "NoScript", an 
>> extension for use in FireFox.
>>
>> 6. I run WAN/LAN-connected applications in chroot jails (Grsecurity 
>> Hardened). Anything downloaded into a browser jail, lftp or TBird jail is 
>> moved to a "download" area via a script that invokes a deep scan by Antivir 
>> after it gets there.  Dazuko invokes a second scan, as it also monitors 
>> that area.
>>
>> 7. AntiVir is not in portage. Dazuko is. Dazuko can be used with other 
>> AntiMalwares,  or customized to respond to user-created tests (e.g. changed 
>> file).
>>
>> 8. Linux and Unix oldtimers will scoff at real-time malware scanning - but 
>> I'm convinced that in todays world, realtime scanning is one important 
>> thing (perhaps the only thing) that we can learn from Windows.
>>
>> HTH
>>
> 
> I think alot of old-timers also realize that, unless you specifically
> allow something to run, then it can't hurt you.

Agreed! Keep the power off; allow nothing to run; a safe state.

> 
> Chances are, unless you are allowing XSS and are surfing sites you can't
> trust, you're close to bullet-proof, with the exception of program
> exploits that you really can't do anything about.

Well, nowadays you can take a significant steps against "those" exploits
as well - memory protection and RBAC are two obvious ones. Hardened
kernels and hardened chroot jails also effectively confine many of
"those" exploits.

Realtime Linux Anti-Trojan signature scanning overhead is simply cheap
(almost free) insurance IMHO, and may be most important when compiling 
and installing new or updated sourcecode. Or installing a new plugin to 
your browser; or opening a media file.

But I sure acknowledge the majority opinion - almost ALL Linux users, 
and many Windows users as well, choose not to run real-time
AntiMalware scanners.











-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Re: Best anti-virus

[Alan McKinnon]

On Saturday 10 May 2008, 7v5w7go9ub0o wrote:
> But I sure acknowledge the majority opinion - almost ALL Linux users,
> and many Windows users as well, choose not to run real-time
> AntiMalware scanners.

I do this, and I do it for a perfectly obvious reason:

Your suggestion "protects" me from a problem that does not exist.

I can't for the life of me imagine why I would ever do such a thing.

-- 
Alan McKinnon
alan dot mckinnon at gmail dot com

-- 
gentoo-user@lists.gentoo.org mailing list

[gentoo-user] Re: Best anti-virus

[7v5w7go9ub0o]

Alan McKinnon wrote:
> On Saturday 10 May 2008, 7v5w7go9ub0o wrote:
>> But I sure acknowledge the majority opinion - almost ALL Linux users,
>> and many Windows users as well, choose not to run real-time
>> AntiMalware scanners.
> 
> I do this, and I do it for a perfectly obvious reason:
> 
> Your suggestion "protects" me from a problem that does not exist.
> 
> I can't for the life of me imagine why I would ever do such a thing.
> 



Geezzzzee.... I'm suddenly besieged!!! :-)

What is missing in this conversation is specific context; i.e. what are 
the various "threat models" which are the basis for why/what we do in 
security-oriented things. Clearly you've analyzed your situation and 
determined that you don't need it.

- I happen to mostly use a laptop on public wifi; using 
"non-OS-specific" tools such as: Firefox browser and thunderbird mail 
client (each with lots of "extensions" - third-party, unregulated, tools 
that enhance the operation of the browser/mail client. These extensions 
have been found to contain Trojans in the past.

- I often install software directly from the author  - or what I presume 
is the author's webpage; from what I hope is an uncompromised library.

- I stream both via the browser and directly, a full range of media content.

Seems to me that each of these areas represent a small possibility for 
mischief, especially in the case of "extensions"; e.g. everytime I 
invoke "check for updated plugins", I run the risk of something I don't 
want (e.g. password sniffer) from a compromised distribution, or spoofed 
location. An updated heuristic or signature may review that one of the 
extensions I installed last week came with what is now a recognized bug.

You've indicated that the problem doesn't exist - true 'nuff for you. 
But IMHO -a- problem/potential for trouble does exist for me, and I've - 
perhaps unnecessarily - assumed the overhead and complexity of scanning 
what I perceive as the "problem" areas in the way I use this box.

I don't run anti-malware on all activity within the box; just on the 
browser, lftp, media, and mail client jails, the download and work areas 
for portage (and where I compile non-portage software), and the 
/home/TaxAct area where I run WINE (using a dedicated, unprivileged 
taxact:taxact user:group).

Reviewing my original response, it may seem that I was promoting 
real-time Anti-Malware for the masses. No - I definitely do not. Though 
I do think that people should, as a rule, review and create a "threat 
model" for their setup andhow they do business; and after doing so, 
consider AntiVir/Dazuko a potentially useful, possibly cost-effective 
addition.

But we can certainly agree to disagree on the potential usefulness of 
this tool in my situation. :-)

Tony was not determining "if", but rather, "which" anti-malware. What 
really happened is that I'm trying to express the basis for my 
enthusiasm about this particular, versatile Windows-and-Linux 
anti-malware product to Tony - in response to his original question: 
"best" Anti Virus.



-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Re: Best anti-virus

[Tony Caudel]

[-- Attachment #1: Type: text/plain, Size: 3643 bytes --]

On Sat, May 10, 2008 at 3:35 PM, 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com>
wrote:

> Alan McKinnon wrote:
>
>> On Saturday 10 May 2008, 7v5w7go9ub0o wrote:
>>
>>> But I sure acknowledge the majority opinion - almost ALL Linux users,
>>> and many Windows users as well, choose not to run real-time
>>> AntiMalware scanners.
>>>
>>
>> I do this, and I do it for a perfectly obvious reason:
>>
>> Your suggestion "protects" me from a problem that does not exist.
>>
>> I can't for the life of me imagine why I would ever do such a thing.
>>
>>
>
>
> Geezzzzee.... I'm suddenly besieged!!! :-)
>
> What is missing in this conversation is specific context; i.e. what are the
> various "threat models" which are the basis for why/what we do in
> security-oriented things. Clearly you've analyzed your situation and
> determined that you don't need it.
>
> - I happen to mostly use a laptop on public wifi; using "non-OS-specific"
> tools such as: Firefox browser and thunderbird mail client (each with lots
> of "extensions" - third-party, unregulated, tools that enhance the operation
> of the browser/mail client. These extensions have been found to contain
> Trojans in the past.
>
> - I often install software directly from the author  - or what I presume is
> the author's webpage; from what I hope is an uncompromised library.
>
> - I stream both via the browser and directly, a full range of media
> content.
>
> Seems to me that each of these areas represent a small possibility for
> mischief, especially in the case of "extensions"; e.g. everytime I invoke
> "check for updated plugins", I run the risk of something I don't want (e.g.
> password sniffer) from a compromised distribution, or spoofed location. An
> updated heuristic or signature may review that one of the extensions I
> installed last week came with what is now a recognized bug.
>
> You've indicated that the problem doesn't exist - true 'nuff for you. But
> IMHO -a- problem/potential for trouble does exist for me, and I've - perhaps
> unnecessarily - assumed the overhead and complexity of scanning what I
> perceive as the "problem" areas in the way I use this box.
>
> I don't run anti-malware on all activity within the box; just on the
> browser, lftp, media, and mail client jails, the download and work areas for
> portage (and where I compile non-portage software), and the /home/TaxAct
> area where I run WINE (using a dedicated, unprivileged taxact:taxact
> user:group).
>
> Reviewing my original response, it may seem that I was promoting real-time
> Anti-Malware for the masses. No - I definitely do not. Though I do think
> that people should, as a rule, review and create a "threat model" for their
> setup andhow they do business; and after doing so, consider AntiVir/Dazuko a
> potentially useful, possibly cost-effective addition.
>
> But we can certainly agree to disagree on the potential usefulness of this
> tool in my situation. :-)
>
> Tony was not determining "if", but rather, "which" anti-malware. What
> really happened is that I'm trying to express the basis for my enthusiasm
> about this particular, versatile Windows-and-Linux anti-malware product to
> Tony - in response to his original question: "best" Anti Virus.
>
>
>
>
> --
> gentoo-user@lists.gentoo.org mailing list
>
>

I thank everyone for their input.  Guess I'll stick with clamav since it
seems to be one of the best and is open source.  Think I'll also leave a
note withe the Thunderbird folks suggesting anti-virus integration.

Tony
-- 
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
-- Benjamin Franklin

[-- Attachment #2: Type: text/html, Size: 4552 bytes --]

Re: [gentoo-user] Re: Best anti-virus

[Robert Bridge]

On Sat, May 10, 2008 3:58 pm, 7v5w7go9ub0o wrote:
> forgottenwizard wrote:
> Realtime Linux Anti-Trojan signature scanning overhead is simply cheap
> (almost free) insurance IMHO, and may be most important when compiling
> and installing new or updated sourcecode. Or installing a new plugin to
> your browser; or opening a media file.
>
> But I sure acknowledge the majority opinion - almost ALL Linux users,
> and many Windows users as well, choose not to run real-time
> AntiMalware scanners.

Actually, they are not "cheap" and certainly are not "almost free". Real
time scanning is a nice way to bring even high-spec systems to their
knees.

The reality is that an intelligent user doesn't really need the services
they offer, and certainly doesn't need it at the performance cost it
carries.

I expect my operating system to be sufficiently secure (Linux is) that
such threats are minimal, if I'm buying high-spec hardware, I want to be
the one using it, not some silly real-time-scanner package.

And yes, it is possible to lockdown Windows as tightly as a Linux box, you
just need to know what you are doing.

RobbieAB

-- 
<RobbieAB> Actually, I kinda like the thought of useing CGI to do my
project in Fortran
<bonsaikitten> that's quite sane

-- 
gentoo-user@lists.gentoo.org mailing list