[gentoo-user] antivirus

[gentoo-user] antivirus

[Ghaith Hachem]

hello,
i was wondering if there's any good antivirus scanner outthere for
linux i recently got infected on the windows part and the linux
systems are accessible from there so i want to make sure the system is
clean i've been missing some documents from these partitions on
windows but they are availiable on linux
could anyone plz point me to the right manual to read?
thx

--
Cheers,
Ghaith

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[John Jolet]

On Mar 5, 2006, at 11:55 PM, Ghaith Hachem wrote:

> hello,
> i was wondering if there's any good antivirus scanner outthere for
> linux i recently got infected on the windows part and the linux
> systems are accessible from there so i want to make sure the system is
> clean i've been missing some documents from these partitions on
> windows but they are availiable on linux
> could anyone plz point me to the right manual to read?
> thx
clamav is what I use.  I think it's in portage.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Masood Ahmed]

[-- Attachment #1: Type: text/plain, Size: 1257 bytes --]

Ghaith Hachem wrote:
> hello,
> i was wondering if there's any good antivirus scanner outthere for
> linux 

clamav is good, and is also in portage.. just do emerge clamav and
you'll have a good antivirus software running on your gentoo box.

> i recently got infected on the windows part and the linux
> systems are accessible from there so i want to make sure the system is
> clean i've been missing some documents from these partitions on
> windows but they are availiable on linux

I dont think linux can get infected by windows viruses.

> could anyone plz point me to the right manual to read?

check out http://www.clamav.net/doc/latest/html/

also use google to find best resources..

Bye,
Masood Ahmed

-- 
Linux Kernel  : 2.6.15-gentoo-r7
GCC version   : 4.0.2 (Gentoo 4.0.2-r3, pie-8.7.8)
Processor     : AMD Athlon XP 2600+
RAM           : 1 GB DDR 333 SDRAM
CFLAGS USED   : -march=athlon-xp -O3 -m3dnow -msse -mmmx -pipe
                -fomit-frame-pointer -momit-leaf-frame-pointer -ftracer
	        -fno-crossjumping -falign-functions=16 -falign-loops=16
	        -falign-jumps=16 -fno-align-labels -mfpmath=387,sse
	        -maccumulate-outgoing-args
CXXFLAGS USED : $(CFLAGS) -fvisibility-inlines-hidden

[-- Attachment #2: Type: application/pgp-signature, Size: 191 bytes --]

Re: [gentoo-user] antivirus

[Ghaith Hachem]

On 3/6/06, Masood Ahmed <coolmasood@gmail.com> wrote:

> I dont think linux can get infected by windows viruses.

ofcourse but i wanted to make sure it's clean since i have a 120GB
ext3 partition shared with windows so if the virus got in it would
re-infect the windows once i reinstall it and be on all my backups
ofcourse

> > could anyone plz point me to the right manual to read?
>
> check out http://www.clamav.net/doc/latest/html/
>
> also use google to find best resources..
>
> Bye,
> Masood Ahmed
>
> --
> Linux Kernel  : 2.6.15-gentoo-r7
> GCC version   : 4.0.2 (Gentoo 4.0.2-r3, pie-8.7.8)
> Processor     : AMD Athlon XP 2600+
> RAM           : 1 GB DDR 333 SDRAM
> CFLAGS USED   : -march=athlon-xp -O3 -m3dnow -msse -mmmx -pipe
>                 -fomit-frame-pointer -momit-leaf-frame-pointer -ftracer
>                 -fno-crossjumping -falign-functions=16 -falign-loops=16
>                 -falign-jumps=16 -fno-align-labels -mfpmath=387,sse
>                 -maccumulate-outgoing-args
> CXXFLAGS USED : $(CFLAGS) -fvisibility-inlines-hidden
>
>
>


--
Cheers,
Ghaith

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Boyd Stephen Smith Jr.]

On Monday 06 March 2006 00:10, Masood Ahmed <coolmasood@gmail.com> wrote 
about 'Re: [gentoo-user] antivirus':
> I dont think linux can get infected by windows viruses.

Yes, but files accessible from a windows box, but stored on a linux box can 
become carriers.  If they aren't cleaned, they could infect the next (or 
the same) windows bow that asks for them.

In any case, having anti-virus is better than not as long as it doesn't get 
in your way or hog the CPU.

-- 
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Masood Ahmed]

[-- Attachment #1: Type: text/plain, Size: 1249 bytes --]

Boyd Stephen Smith Jr. wrote:
> On Monday 06 March 2006 00:10, Masood Ahmed <coolmasood@gmail.com> wrote 
> about 'Re: [gentoo-user] antivirus':
> > I dont think linux can get infected by windows viruses.
> 
> Yes, but files accessible from a windows box, but stored on a linux box can 
> become carriers.  If they aren't cleaned, they could infect the next (or 
> the same) windows bow that asks for them.
> 

Look what Micro$oft has done to Linux. They make us use anti virus
software.Better dump M$ Windows and use GNU/Linux full time. I'm doing
the same for past 1 year, and no problem to me. 

I dont need anti virus. Atleast not now. :)

PS: In windows world it's a good thing that one runs anti virus.

-- 
Linux Kernel  : 2.6.15-gentoo-r7
GCC version   : 4.0.2 (Gentoo 4.0.2-r3, pie-8.7.8)
Processor     : AMD Athlon XP 2600+
RAM           : 1 GB DDR 333 SDRAM
CFLAGS USED   : -march=athlon-xp -O3 -m3dnow -msse -mmmx -pipe
                -fomit-frame-pointer -momit-leaf-frame-pointer -ftracer
	        -fno-crossjumping -falign-functions=16 -falign-loops=16
	        -falign-jumps=16 -fno-align-labels -mfpmath=387,sse
	        -maccumulate-outgoing-args
CXXFLAGS USED : $(CFLAGS) -fvisibility-inlines-hidden

[-- Attachment #2: Type: application/pgp-signature, Size: 191 bytes --]

Re: [gentoo-user] antivirus

[Alexander Skwar]

Ghaith Hachem wrote:
> hello,
> i was wondering if there's any good antivirus scanner outthere for
> linux i recently got infected on the windows part and the linux
> systems are accessible from there so i want to make sure the system is
> clean

There's no virus scanner for Linux, as there are (at least
currently) no virusses for Linux.

The scanners you'll find, will check for Windows virus.

Alexander Skwar
-- 
Ask not what's inside your head, but what your head's inside of.
		-- J.J. Gibson
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Ghaith Hachem]

yep exactly what i need,
the way linux works would just make it hard to get infected but i had
a shared partition infected and that would be a good reason to have a
scanner

On 3/6/06, Alexander Skwar <listen@alexander.skwar.name> wrote:
> Ghaith Hachem wrote:
> > hello,
> > i was wondering if there's any good antivirus scanner outthere for
> > linux i recently got infected on the windows part and the linux
> > systems are accessible from there so i want to make sure the system is
> > clean
>
> There's no virus scanner for Linux, as there are (at least
> currently) no virusses for Linux.
>
> The scanners you'll find, will check for Windows virus.
>
> Alexander Skwar
> --
> Ask not what's inside your head, but what your head's inside of.
>                 -- J.J. Gibson
> --
> gentoo-user@gentoo.org mailing list
>
>


--
Cheers,
Ghaith

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: antivirus

[Peter]

On Mon, 06 Mar 2006 07:55:18 +0200, Ghaith Hachem wrote:

> hello,
> i was wondering if there's any good antivirus scanner outthere for
> linux i recently got infected on the windows part and the linux
> systems are accessible from there so i want to make sure the system is
> clean i've been missing some documents from these partitions on
> windows but they are availiable on linux
> could anyone plz point me to the right manual to read?
> thx
> 
> --
> Cheers,
> Ghaith

Why not just use A/V when you run Windoze? AVG is still free and quite
excellent.

-- 
Peter


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: antivirus

[Ghaith Hachem]

i have avast updated daily i dono how this virus got in
i must try AVG
On 3/6/06, Peter <pete4abw@comcast.net> wrote:
> On Mon, 06 Mar 2006 07:55:18 +0200, Ghaith Hachem wrote:
>
> > hello,
> > i was wondering if there's any good antivirus scanner outthere for
> > linux i recently got infected on the windows part and the linux
> > systems are accessible from there so i want to make sure the system is
> > clean i've been missing some documents from these partitions on
> > windows but they are availiable on linux
> > could anyone plz point me to the right manual to read?
> > thx
> >
> > --
> > Cheers,
> > Ghaith
>
> Why not just use A/V when you run Windoze? AVG is still free and quite
> excellent.
>
> --
> Peter
>
>
> --
> gentoo-user@gentoo.org mailing list
>
>


--
Cheers,
Ghaith

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: Re: antivirus

[Peter]

On Mon, 06 Mar 2006 16:33:53 +0200, Ghaith Hachem wrote:

> i have avast updated daily i dono how this virus got in
> i must try AVG
> On 3/6/06, Peter <pete4abw@comcast.net> wrote:
>> On Mon, 06 Mar 2006 07:55:18 +0200, Ghaith Hachem wrote:
>>
>> > hello,
>> > i was wondering if there's any good antivirus scanner outthere for
>> > linux i recently got infected on the windows part and the linux
>> > systems are accessible from there so i want to make sure the system is
>> > clean i've been missing some documents from these partitions on
>> > windows but they are availiable on linux
>> > could anyone plz point me to the right manual to read?
>> > thx
>> >
>> > --
>> > Cheers,
>> > Ghaith
>>
>> Why not just use A/V when you run Windoze? AVG is still free and quite
>> excellent.
>>
>> --
>> Peter
>>
>>
>> --
>> gentoo-user@gentoo.org mailing list
>>
>>
> 
> 
> --
> Cheers,
> Ghaith

http://free.grisoft.com will get you there. Good luck

-- 
Peter


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Hemmann, Volker Armin]

On Monday 06 March 2006 08:11, Alexander Skwar wrote:

>
> There's no virus scanner for Linux,
that is wrong. There are several.


> as there are (at least 
> currently) no virusses for Linux.

No, there are virii and worms in the wild.

>
> The scanners you'll find, will check for Windows virus.

that they will do too.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Jarry]

>>i have avast updated daily i dono how this virus got in
>>i must try AVG
>>>Why not just use A/V when you run Windoze? AVG is still free and quite
>>>excellent.

Both AVG and Avast sux hard! I used both of them, paid for updates,
and despite of that I got viruses many times. Even clamav is better!
They (avg/avast) offer virtually no protection against unknown viruses.
No wonder, if you look at their scores on virusbtn.com :-(

Wanna really good antivir-soft? Try nod32! Unfortunatelly, it is not
free, and even trial-version is only for win-world. But it is worth
of every penny. Frequent updates (can be also 2-3 times per day),
perfect heuristic analysis, low cpu/mem load...

Jarry
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[jed mallen]

On 3/7/06, Jarry <jarry@gmx.net> wrote:
> >>i have avast updated daily i dono how this virus got in
> >>i must try AVG
> >>>Why not just use A/V when you run Windoze? AVG is still free and quite
> >>>excellent.
>
> Both AVG and Avast sux hard! I used both of them, paid for updates,
> and despite of that I got viruses many times. Even clamav is better!
> They (avg/avast) offer virtually no protection against unknown viruses.
> No wonder, if you look at their scores on virusbtn.com :-(
>
> Wanna really good antivir-soft? Try nod32! Unfortunatelly, it is not
> free, and even trial-version is only for win-world. But it is worth
> of every penny. Frequent updates (can be also 2-3 times per day),
> perfect heuristic analysis, low cpu/mem load...

kaspersky is another nice one too.

--
Jed R. Mallen
GPG key ID: 81E575A3 fp: 4E1E CBA5 7E6A 2F8B 8756  660A E54C 39D6 81E5 75A3
http://jed.flowhost.com

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[neil]

Jarry wrote:

> I got viruses many times.

Over the past 20-odd years, I have had machines running many versions of 
DOS, all versions of Windows since Windows 286, all versions of OS/2 
since 1.3 and several distributions of Linux. I have never, ever seen a 
virus. I have to wonder what you are doing to be so "unfortunate".


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Tim Igoe]

[-- Attachment #1: Type: text/plain, Size: 964 bytes --]

neil wrote:
> Jarry wrote:
>
>> I got viruses many times.
>
> Over the past 20-odd years, I have had machines running many versions
> of DOS, all versions of Windows since Windows 286, all versions of
> OS/2 since 1.3 and several distributions of Linux. I have never, ever
> seen a virus. I have to wonder what you are doing to be so "unfortunate".
>
If your 'doze boxes have been always been firewalled - ok, that explains
that.

Otherwise I'd be very surprised - try installing XP and connecting to
the t'internet to get all the updates, you'll be lucky to last 5 minutes
with an internet accessible IP :)

My Linux boxes are frequently bombarded by Viruses (even ones that are
years old - SQL Slammer, Blaster etc)

-- 
Tim Igoe
tim@igoe.me.uk
http://tim.igoe.me.uk - Personal Site
http://tv.igoe.me.uk - UK TV Guide
http://f1forums.igoe.me.uk - *New* F1 Forums

"Computers are like Air-con, open windows and they stop working!"



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 191 bytes --]

Re: [gentoo-user] antivirus

[neil]

Hemmann, Volker Armin wrote:


> No, there are virii and worms in the wild.

This is one of my pet hates. There is no such word as "virii". The 
correct plural of "virus" in the English language is "viruses". Whilst 
the word virus comes from Latin, the common pluralisation by replacing 
"us" with "i" would result in "viri". The Latin word "viri" is actually 
the plural of "vir" and means "men". There is no known plural for 
"virus" in Latin.

"Virii" is just non-sensical and means nothing at all.
-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] antivirus

[Bob Young]

-----Original Message-----
From: neil [mailto:neil@ep.mine.nu]
Sent: Wednesday, March 08, 2006 11:23 AM
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] antivirus

Jarry wrote:

> I got viruses many times.

Over the past 20-odd years, I have had machines running many versions of
DOS, all versions of Windows since Windows 286, all versions of OS/2
since 1.3 and several distributions of Linux. I have never, ever seen a
virus. I have to wonder what you are doing to be so "unfortunate".


Here, here. It's really not about the OS, or what "protection" software is
or isn't installed, it's about the habits and practices of the user. Any
computer can (and probably will) be compromised if the user is careless or
naive about what they do and where they go on the Net. Like you, I've run
different versions of DOS, Windows (NT derivatives only), OS/2, & Linux. I
did get a virus once in the early days when running DOS, but since then I've
never had a Windows or Linux box compromised by a virus or malware, and
that's without running any anti-virus software of any kind on any of the
Windows boxes.

 FWIW one of those Windows boxes is currently a web/email/DNS/FTP server
with seven public IPs serving between four and seven domains. There is also
a Gentoo Linux box doing secondary DNS for the domains, the windows box has
a firewall but no AV software at all, both servers (one Windows & one
Gentoo), have remained clean and stable for several years now, as do all of
my various Windows and Gentoo workstations, none of which run any antivirus
software.

In short if a user is getting infected a lot using Windows, switching to
Linux is not curing the root cause. The basic problem is the user needs to
understand what s/he is doing that's allowing malicious code to execute on
their system and stop doing it. In the vast majority of Windows cases,
simply *not* routinely logging on with admin privileges would probably stop
99% plus of the infections.

Regards,
Bob Young



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] [WAY OT] plural of virus (was antivirus)

[Willie Wong]

On Wed, Mar 08, 2006 at 07:40:01PM +0000, Penguin Lover neil squawked:
> This is one of my pet hates. There is no such word as "virii". The 
> correct plural of "virus" in the English language is "viruses". Whilst 
> the word virus comes from Latin, the common pluralisation by replacing 
> "us" with "i" would result in "viri". The Latin word "viri" is actually 
> the plural of "vir" and means "men". There is no known plural for 
> "virus" in Latin.

Part of the reason being 'virus' meaning 'poisonous stuff' in Latin,
and hence, is uncountable (like water or knowledge). According to the
OED, it first appeared in the English language also in that sense. It
was later appropriated in the phrase "filterable virus" meaning "vile
stuff that can pass through filters", which gets shortened and
corrupted to a countable noun with the advance of microscopy.

> "Virii" is just non-sensical and means nothing at all.

Reminds me of a favourite joke:

How do you count viruses?
  1 viri, 2 virii, 3 viriii, 4 viriv, 5 virv ...

W
-- 
W: What I could really use now is a dose of triple expresso.
M: I am afraid the coffee shop ain't open this time of day.
W: Well, in that case, a dose of quantum mechanics will just have to do.
Sortir en Pantoufles: up 116 days, 12:35
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[John Jolet]

>
> In short if a user is getting infected a lot using Windows,  
> switching to
> Linux is not curing the root cause. The basic problem is the user  
> needs to
> understand what s/he is doing that's allowing malicious code to  
> execute on
> their system and stop doing it. In the vast majority of Windows cases,
> simply *not* routinely logging on with admin privileges would  
> probably stop
> 99% plus of the infections.
that's an interesting comment....windows xp is the first version that  
even gives you that option.  and most of the games my kids play on  
the computer simply won't run unless you have admin rights.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Jarry]

Bob Young wrote:

> In the vast majority of Windows cases, simply *not* routinely logging on
> with admin privileges would probably stop 99% plus of the infections.

True, but unfortunatelly, there are too many win-applications (even
serious ones), which does not work correctly (or at all) without user
having admin (power-user) privileges...

Jarry
-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] antivirus

[Bob Young]

-----Original Message-----
From: John Jolet [mailto:john@jolet.net]
Sent: Wednesday, March 08, 2006 12:36 PM
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] antivirus

>
> In short if a user is getting infected a lot using Windows,
> switching to
> Linux is not curing the root cause. The basic problem is the user
> needs to
> understand what s/he is doing that's allowing malicious code to
> execute on
> their system and stop doing it. In the vast majority of Windows cases,
> simply *not* routinely logging on with admin privileges would
> probably stop
> 99% plus of the infections.


that's an interesting comment....windows xp is the first version that
even gives you that option.  and most of the games my kids play on
the computer simply won't run unless you have admin rights.


I agree that the default of not creating a non admin account is a bad
choice, but be that as it may, it's still true that not routinely logging on
with admin rights will stop the vast vast majority of malware dead in it's
tracks. If someone chooses to routinely log on with admin rights after they
know it's dangerous, but do so just because it's the default, then I would
have to question whether or not they are honestly interested in keping the
system clean, or whether there is some other agenda being catered to.

As to <insert App Name here> not running without Admin rights, most of those
cases can be taken care of with RunAs. It's better to run a single App with
Admin privledges rather than have all apps including email and browsers
running with Admin rights.

Regards,
Bob Young


-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] antivirus

[Bob Young]

-----Original Message-----
From: Jarry [mailto:jarry@gmx.net]
Sent: Wednesday, March 08, 2006 1:04 PM
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] antivirus

Bob Young wrote:

> In the vast majority of Windows cases, simply *not* routinely logging on
> with admin privileges would probably stop 99% plus of the infections.

True, but unfortunatelly, there are too many win-applications (even
serious ones), which does not work correctly (or at all) without user
having admin (power-user) privileges...


PowerUser is different from Admin, Admin is the equevelent of root in the
Linux/Unix world, PowerUser is not. The primary and most important
difference is the ability to *write* to the registry, It's perfectly safe to
routinely log on as a PowerUser, as PowerUsers can *not* write to registry
keys that affect the entire system, while Admin users can write to *any*
registry key.

Most applications will run just fine as PowerUser, apps that truly *require*
Admin rights are frankly, poorly designed. Even so, routinely logging on
with Admin rights just because you need/want to run one or two badly
designed apps is still a very bad idea. For the very very few aps that
actually do require Admin rights RunAs is a much better and safer solution.

Regards,
Bob Young


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Ghaith Hachem]

That's very intresting, i actually only use windows xp since all my
university software don't run in wine (OU lan simulator, visual works,
mathcad) anyway having a power user seems to be a good idea i'll try
it when i reinstall windows
thx



--
Cheers,
Ghaith

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Jarry]

Bob Young wrote:

> PowerUser is different from Admin, Admin is the equevelent of root in the
> Linux/Unix world, PowerUser is not. The primary and most important
> difference is the ability to *write* to the registry, It's perfectly safe to
> routinely log on as a PowerUser, as PowerUsers can *not* write to registry
> keys that affect the entire system, while Admin users can write to *any*
> registry key.

I'm not sure if this is true. Anyway, PowerUser has the ability
to install sw (even system patches!), alter executables and system
files! PowerUser can write to C:\ProgramFiles, or C:\Windows, and
that is exactly, what a virus need to spread itself. Not many viruses
can hide their code in registry (that is just equivalent to /etc in
unix-world), mostly they attach themselves to some exe/sys file,
or overwrite them...

So, if you start a virus-infected program as a PowerUser, there
are perfect conditions for spreading infection. If there were
some virus for linux, and you start it as a normal user, it can
not alter executables in /usr or /sbin, because user does not have
write access to them. Such a virus could infect only *your* files.

I'd say PowerUser is something between a restricted user, and admin.

Jarry
-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] antivirus

[Bob Young]

-----Original Message-----
From: Jarry [mailto:jarry@gmx.net]
Sent: Wednesday, March 08, 2006 8:50 PM
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] antivirus

Bob Young wrote:

> PowerUser is different from Admin, Admin is the equevelent of root in the
> Linux/Unix world, PowerUser is not. The primary and most important
> difference is the ability to *write* to the registry, It's perfectly safe
to
> routinely log on as a PowerUser, as PowerUsers can *not* write to registry
> keys that affect the entire system, while Admin users can write to *any*
> registry key.

I'm not sure if this is true. Anyway, PowerUser has the ability
to install sw (even system patches!),


No, PowerUsers can *NOT* install software, installing software (in most
cases) requires writing to registry keys outside of the HKEY_CURRENT_USER
hive, which is something a PowerUser cannot do. Windows update will
definitely fail without admin privileges; I know this for a fact. I've on a
number of occasions tried to run WindowsUpdate from my normal PowerUser
account; it will display a dialog box specifically stating that Admin
privileges are required.


alter executables and system
files! PowerUser can write to C:\ProgramFiles, or C:\Windows, and
that is exactly, what a virus need to spread itself.


As to the ability of writing to the Program Files or the Windows directory
that may be true, and in theory I suppose it probably represents a small
degree of risk. In several years of actual practice however I can say it
hasn't caused a problem for me personally. In addition, if someone is really
concerned about the issue, removing write and/or modify permissions for
PowerUsers on those directories is a fairly trivial task. Since I've not
tried this I can't say for sure what side effects it might have with some
applications, so I'm not advocating it, though I don't see any obvious
reasons why it should cause major problems ( Still... !Do a Backup first!).


 Not many viruses
can hide their code in registry (that is just equivalent to /etc in
unix-world), mostly they attach themselves to some exe/sys file,
or overwrite them...


I wasn't suggesting that viruses "hide their code" in the registry, that's
not what the registry is for or how it's used. I was suggesting that any
modification that affects the system as a whole or impacts more than just
the current user is going to require modifying registry keys that cannot be
written without Admin privileges.


So, if you start a virus-infected program as a PowerUser, there
are perfect conditions for spreading infection. If there were
some virus for linux, and you start it as a normal user, it can
not alter executables in /usr or /sbin, because user does not have
write access to them. Such a virus could infect only *your* files.


In practice it just doesn't happen that way. In addition it should be noted
that by default even PowerUsers don't have write/modify permission on some
sensitive directories C:\Windows\System32\drivers for example. This
directory contains device drivers (code that runs in ring0 with unlimited
privileges). For PowerUsers this directory is "Read & Execute" "List
Contents" and  "Read" that's all the permission a PowerUser has. So while a
PowerUser might be able to modify some application level code in the Windows
directory, actually compromising system security is a matter.


I'd say PowerUser is something between a restricted user, and admin.


True. I've used both Linux and Windows over the years, and they each have
their strengths and weaknesses. Finer grained user permissions/privileges is
one of the areas where Windows has an edge.

Regards,
Bob Young






-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] antivirus

[Michael Kintzios]

> -----Original Message-----
> From: Bob Young [mailto:BYoung@nucoretech.com] 
> Sent: 08 March 2006 21:05
> To: gentoo-user@lists.gentoo.org
> Subject: RE: [gentoo-user] antivirus
> 
[snip]
> As to <insert App Name here> not running without Admin 
> rights, most of those
> cases can be taken care of with RunAs. It's better to run a 
> single App with
> Admin privledges rather than have all apps including email 
> and browsers
> running with Admin rights.

Actually, it would be better to troubleshoot the particular application
and allow it write/execute or modify rights *only* to the files it needs
to access for the particular plain user (typically some files or a
folder under C:\Program Files).

It may take some time to set up access rights for all such badly written
apps, but it'll keep your M$Windoze box as safe as it will ever be.  If
in addition you shut down all the open by default Windoze ports
(135-139, 445, 500, 1900, 4000 + remote admin) and disable
unnecessary/dangerous services and also stop using OE and IE (or at
least stop using them with their default settings) you should be safe
enough going about your normal business.

The above suggestions will ensure that viruses cannot be easily
installed (thus protecting users from clicking idiotically on any
rubbish they happen to receive as an email attachment) and will also
stop most of the trojans scanning the internet for default open Windoze
ports.  I know it works - my wife has not had her NT4/WinXP OS infected
since 1998, despite downloading all sort of garbage.  Of course, running
Nod32 also helps every now and then, mostly by providing early warnings
about mail attachments.
-- 
Regards,
Mick

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Tim Igoe]

[-- Attachment #1: Type: text/plain, Size: 965 bytes --]

Ghaith Hachem wrote:
> That's very intresting, i actually only use windows xp since all my
> university software don't run in wine (OU lan simulator, visual works,
> mathcad) anyway having a power user seems to be a good idea i'll try
> it when i reinstall windows
> thx
>
>
>
> --
> Cheers,
> Ghaith
A windows `Power User` is too privileged for most uses. Ideally Windows
would be great if it followed the Linux way of working more - install as
Admin (thats fine imo) but run as a completely unprivileged (guest or
standard) user.

I've had problems with windows machines not running software as
unprivileged users before now. Causes too many problems due to the
access and thus viruses / malware that get installed.

-- 
Tim Igoe
tim@igoe.me.uk
http://tim.igoe.me.uk - Personal Site
http://tv.igoe.me.uk - UK TV Guide
http://f1forums.igoe.me.uk - *New* F1 Forums

"Computers are like Air-con, open windows and they stop working!"



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 191 bytes --]

RE: [gentoo-user] antivirus

[Bob Young]

> -----Original Message-----
> From: Tim Igoe [mailto:tim@igoe.me.uk]
> Sent: Thursday, March 09, 2006 11:36 AM
> To: gentoo-user@lists.gentoo.org
> Subject: Re: [gentoo-user] antivirus
> 
> A windows `Power User` is too privileged for most uses. 

What rights/privledges does a powerUser have that you believe are "too privledged?"

I've run my Windows systems as a PowerUser for years and they've always remained clean and stable, even without using antivirus software.


> Ideally Windows
> would be great if it followed the Linux way of working more - install as
> Admin (thats fine imo) but run as a completely unprivileged (guest or
> standard) user.

I disagree, I'd much rather have more than two different types of users, (God and everyone else). I prefer "Guest" to have different privledges than a "regular" user, and an anonymous internet visitor to have a different set from either of those, while more technicaly savy and trusted users might be given a PowerUser account.


> I've had problems with windows machines not running software as
> unprivileged users before now. Causes too many problems due to the
> access and thus viruses / malware that get installed.

Yes, there are some poorly designed programs that insist on Admin rights, but I'm not aware of any such cases that won't function properly when executed with RunAs. I think it's way better to have one or two applications running with Admin privledges than everything including browsers and email executing with Admin rights. 

Beyond that, just a PowerUser account having write access to some files under the system folder does not automatically mean that external malicious forces, i.e. malware authors, can actually successfuly modify them. It's still required that the user do something to cause some untrusted script or code to execute. If scripting isn't enabled in the browser, and the user doesn't open unknown/unexpected/untrusted attachments, there isn't really any viable way for malware to be installed.

I'm sorry to be arguing positively for Windows on a Gentoo list, I do use Gentoo and it is my favorite Linux distro, I've just never been able to muster up blind dislike for any computer operating system. I try to look at the pros and cons of a particular feature's implementation, and judge it objectively. I don't always come down in favor of Windows, or Linux, it just depends on the particular functionality being discussed.

Regards,
Bob Young



-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] antivirus

[Bob Young]

> -----Original Message-----
> From: Michael Kintzios [mailto:michaelkintzios@lycos.co.uk]
> Sent: Thursday, March 09, 2006 9:12 AM
> To: gentoo-user@lists.gentoo.org
> Subject: RE: [gentoo-user] antivirus
>
> > -----Original Message-----
> > From: Bob Young [mailto:BYoung@nucoretech.com]
> > Sent: 08 March 2006 21:05
> > To: gentoo-user@lists.gentoo.org
> > Subject: RE: [gentoo-user] antivirus
> >
> [snip]
> > As to <insert App Name here> not running without Admin
> > rights, most of those
> > cases can be taken care of with RunAs. It's better to run a
> > single App with
> > Admin privledges rather than have all apps including email
> > and browsers
> > running with Admin rights.
>
> Actually, it would be better to troubleshoot the particular application
> and allow it write/execute or modify rights *only* to the files it needs
> to access for the particular plain user (typically some files or a
> folder under C:\Program Files).

In most cases it's not blocked file writes that cause these apps to fail,
it's blocked access to registry keys. In many cases, I'm convinced it's
simply a matter of the app incorrectly specifying read/write access to a
value or key that it really only needs read access to. It would be
inappropiate and dangerous to grant registry write permissions to regular
users, even just for certain keys or subsections, just to fix one or two
badly designed apps.

If it were just a matter of writing to files under the "Program Files"
directory, then the apps would work under a PowerUser account, and yet there
are indeed badly designed apps that fail to run as a PowerUser, but work
fine when executed with Admin rights.


> It may take some time to set up access rights for all such badly written
> apps, but it'll keep your M$Windoze box as safe as it will ever be.  If
> in addition you shut down all the open by default Windoze ports
> (135-139, 445, 500, 1900, 4000 + remote admin) and disable

I agree that a properly configured firewall is important to system security
on any machine with a public IP address, that's true regardless of what
operating system is running on it.

> unnecessary/dangerous services and also stop using OE and IE (or at
> least stop using them with their default settings) you should be safe
> enough going about your normal business.

I've never used OE under Windows, I consider it a throw away app, I find the
full version of Outlook much more capable. As to the defaults for it and IE,
I'd agree that it's possible to choose more "lockedown" settings. I'm less
concerned about this if they are running under a non Admin account and are
behind a decently configured firewall. Personally I find html email much
more readable and expressive than bland ASCII text, that being said, neither
I nor my wife open unknown/untrusted attachments. WRT IE, I enable/disable
scripting/ActiveX depending on what I'm doing and what I know about my
destination(s).

Regards,
Bob Young





-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Justin Krejci]

Could try norman AV. www.norman.com

On Monday 06 March 2006 12:26 pm, Jarry wrote:
> >>i have avast updated daily i dono how this virus got in
> >>i must try AVG
> >>
> >>>Why not just use A/V when you run Windoze? AVG is still free and quite
> >>>excellent.
>
> Both AVG and Avast sux hard! I used both of them, paid for updates,
> and despite of that I got viruses many times. Even clamav is better!
> They (avg/avast) offer virtually no protection against unknown viruses.
> No wonder, if you look at their scores on virusbtn.com :-(
>
> Wanna really good antivir-soft? Try nod32! Unfortunatelly, it is not
> free, and even trial-version is only for win-world. But it is worth
> of every penny. Frequent updates (can be also 2-3 times per day),
> perfect heuristic analysis, low cpu/mem load...
>
> Jarry
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Midnight Toker]

There is of course ClamAV for windows -all the power and Open Source- 
ness of Clam in a windows .exe

http://www.clamwin.com/

Fligg.

On 6 Mar 2006, at 18:26, Jarry wrote:

>>> i have avast updated daily i dono how this virus got in
>>> i must try AVG
>>>> Why not just use A/V when you run Windoze? AVG is still free and  
>>>> quite
>>>> excellent.
>
> Both AVG and Avast sux hard! I used both of them, paid for updates,
> and despite of that I got viruses many times. Even clamav is better!
> They (avg/avast) offer virtually no protection against unknown  
> viruses.
> No wonder, if you look at their scores on virusbtn.com :-(
>
> Wanna really good antivir-soft? Try nod32! Unfortunatelly, it is not
> free, and even trial-version is only for win-world. But it is worth
> of every penny. Frequent updates (can be also 2-3 times per day),
> perfect heuristic analysis, low cpu/mem load...
>
> Jarry
> -- 
> gentoo-user@gentoo.org mailing list
>

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] antivirus

[Midnight Toker]

If you've been running without Anti Virus software for years now, how  
do you know the machines are clean of virus's?


On 8 Mar 2006, at 20:24, Bob Young wrote:

>
>
> -----Original Message-----
> From: neil [mailto:neil@ep.mine.nu]
> Sent: Wednesday, March 08, 2006 11:23 AM
> To: gentoo-user@lists.gentoo.org
> Subject: Re: [gentoo-user] antivirus
>
> Jarry wrote:
>
>> I got viruses many times.
>
> Over the past 20-odd years, I have had machines running many  
> versions of
> DOS, all versions of Windows since Windows 286, all versions of OS/2
> since 1.3 and several distributions of Linux. I have never, ever  
> seen a
> virus. I have to wonder what you are doing to be so "unfortunate".
>
>
> Here, here. It's really not about the OS, or what "protection"  
> software is
> or isn't installed, it's about the habits and practices of the  
> user. Any
> computer can (and probably will) be compromised if the user is  
> careless or
> naive about what they do and where they go on the Net. Like you,  
> I've run
> different versions of DOS, Windows (NT derivatives only), OS/2, &  
> Linux. I
> did get a virus once in the early days when running DOS, but since  
> then I've
> never had a Windows or Linux box compromised by a virus or malware,  
> and
> that's without running any anti-virus software of any kind on any  
> of the
> Windows boxes.
>
>  FWIW one of those Windows boxes is currently a web/email/DNS/FTP  
> server
> with seven public IPs serving between four and seven domains. There  
> is also
> a Gentoo Linux box doing secondary DNS for the domains, the windows  
> box has
> a firewall but no AV software at all, both servers (one Windows & one
> Gentoo), have remained clean and stable for several years now, as  
> do all of
> my various Windows and Gentoo workstations, none of which run any  
> antivirus
> software.
>
> In short if a user is getting infected a lot using Windows,  
> switching to
> Linux is not curing the root cause. The basic problem is the user  
> needs to
> understand what s/he is doing that's allowing malicious code to  
> execute on
> their system and stop doing it. In the vast majority of Windows cases,
> simply *not* routinely logging on with admin privileges would  
> probably stop
> 99% plus of the infections.
>
> Regards,
> Bob Young
>
>
>
> -- 
> gentoo-user@gentoo.org mailing list
>

-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] antivirus

[Bob Young]

Every few months or so I'll load Norton AntiVirus, grab the latest latest
virus definitions, and do a full scan of the entire system, nothing is ever
found. After the scan is complete I uninstall it.

The importance of Antivirus software is waaay over exagarated. For people
who aren't willing to adopt the few simple practices that would keep them
safe, AntiVirus software may have some value. However, for anyone willing to
adhere to a few basic rules, AV software is mostly the modern day equevelent
of Snake Oil, it's a waste of money and CPU cycles.

Regards
Bob Young

> -----Original Message-----
> From: Midnight Toker [mailto:the@midnightoker.co.uk]
> Sent: Wednesday, March 15, 2006 1:57 AM
> To: gentoo-user@lists.gentoo.org
> Subject: Re: [gentoo-user] antivirus
>
>
> If you've been running without Anti Virus software for years now, how
> do you know the machines are clean of virus's?
>
>
> On 8 Mar 2006, at 20:24, Bob Young wrote:
>
> > Here, here. It's really not about the OS, or what "protection"
> > software is
> > or isn't installed, it's about the habits and practices of the
> > user. Any
> > computer can (and probably will) be compromised if the user is
> > careless or
> > naive about what they do and where they go on the Net. Like you,
> > I've run
> > different versions of DOS, Windows (NT derivatives only), OS/2, &
> > Linux. I
> > did get a virus once in the early days when running DOS, but since
> > then I've
> > never had a Windows or Linux box compromised by a virus or malware,
> > and
> > that's without running any anti-virus software of any kind on any
> > of the
> > Windows boxes.
> >
> >  FWIW one of those Windows boxes is currently a web/email/DNS/FTP
> > server
> > with seven public IPs serving between four and seven domains. There
> > is also
> > a Gentoo Linux box doing secondary DNS for the domains, the windows
> > box has
> > a firewall but no AV software at all, both servers (one Windows & one
> > Gentoo), have remained clean and stable for several years now, as
> > do all of
> > my various Windows and Gentoo workstations, none of which run any
> > antivirus
> > software.
> >
> > In short if a user is getting infected a lot using Windows,
> > switching to
> > Linux is not curing the root cause. The basic problem is the user
> > needs to
> > understand what s/he is doing that's allowing malicious code to
> > execute on
> > their system and stop doing it. In the vast majority of Windows cases,
> > simply *not* routinely logging on with admin privileges would
> > probably stop
> > 99% plus of the infections.
> >
> > Regards,
> > Bob Young
> >
> >
> >
> > --
> > gentoo-user@gentoo.org mailing list
> >
>
> --
> gentoo-user@gentoo.org mailing list
>
>


-- 
gentoo-user@gentoo.org mailing list