From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-77626-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Jf3OM-0001C0-0G
	for garchives@archives.gentoo.org; Fri, 28 Mar 2008 01:28:26 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 3A84BE0568;
	Fri, 28 Mar 2008 01:28:23 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id E421EE0568
	for <gentoo-user@lists.gentoo.org>; Fri, 28 Mar 2008 01:28:22 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by smtp.gentoo.org (Postfix) with ESMTP id 7E394674AA
	for <gentoo-user@lists.gentoo.org>; Fri, 28 Mar 2008 01:28:22 +0000 (UTC)
X-Virus-Scanned: amavisd-new at gentoo.org
X-Spam-Score: -2.196
X-Spam-Level: 
X-Spam-Status: No, score=-2.196 required=5.5 tests=[AWL=0.403,
	BAYES_00=-2.599]
Received: from smtp.gentoo.org ([127.0.0.1])
	by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id xQgDrQRJC27P for <gentoo-user@lists.gentoo.org>;
	Fri, 28 Mar 2008 01:28:16 +0000 (UTC)
Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.250])
	by smtp.gentoo.org (Postfix) with ESMTP id C74B467495
	for <gentoo-user@gentoo.org>; Fri, 28 Mar 2008 01:28:15 +0000 (UTC)
Received: by an-out-0708.google.com with SMTP id c8so8699ana.43
        for <gentoo-user@gentoo.org>; Thu, 27 Mar 2008 18:28:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding;
        bh=rYIt9xCcXRi8ffadjnC2NsiSXw52XNfMHuFnkKZi6B8=;
        b=roGJ7b07jwq/O4u+o0GQaSV77/EwHlMvK42S59BbIYTParDeiLJU7KTVvFiitwlI/QgCwj6eubOaXCiorqg00Q7gP2RwnWmcbzRfENJy63D3hckM6nZKx5NT6aNGzSC+NewJlZwEiDLjlOHqtIDHNUc1LqWQrIfRoRS0sgKHVvM=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding;
        b=GDEueRja4+ELHRStsXKQq3qoMLNFUsZoka+YdHlboP+sbFBwZZ09roJCGyJkV7ln1CZ/K/zghAEtgKzHjKcnsZ4dTEtX59FaPM9Wz18ow8/2m3hcoHfQLEliaxBSipSDBnUO9sVWs6vsxXdiLi9y1CvysXzw1nOQXiuhl9GqPAg=
Received: by 10.100.207.5 with SMTP id e5mr4993577ang.113.1206667694728;
        Thu, 27 Mar 2008 18:28:14 -0700 (PDT)
Received: from ?10.200.1.14? ( [75.127.65.162])
        by mx.google.com with ESMTPS id 8sm1507283agd.30.2008.03.27.18.28.12
        (version=SSLv3 cipher=RC4-MD5);
        Thu, 27 Mar 2008 18:28:13 -0700 (PDT)
Message-ID: <47EC49AC.40003@gmail.com>
Date: Thu, 27 Mar 2008 21:28:12 -0400
From: 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com>
User-Agent: Thunderbird 2.0.0.12 (X11/20080213)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] Re: Boot Gentoo to clean windows
References: <8978E31831121041B2E97EBC0BF8503306AAD3B5@EXVS01.hostedexchange.com>	 <47EB02BE.9020707@gmail.com> <1206641274.30987.110.camel@NOTE_GENTOO64.PHHEIMNETZ>
In-Reply-To: <1206641274.30987.110.camel@NOTE_GENTOO64.PHHEIMNETZ>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Archives-Salt: e8e36014-7160-4a5e-b79d-973b49287317
X-Archives-Hash: 439f9703bf5e286e773fb8bb9673eea4

Florian Philipp wrote:
<snip>
>> FWIW, AntiVir, Bitdefender, and F-Prot run quite well on Linux, and each 
>> has BOTH Linux and Windows Trojan and virus signatures. So you can 
>> install these and scan your windows box, and then scan your Linux 
>> box/downloads for malware (e.g. openoffice files, media files, etc.).
>>
>> Add Dazuko, and you can get real-time scanning of your Linux box while 
>> downloading/compiling software.
> 
> This is getting OT but I still want to ask:
> Is it really necessary to run an anti-virus on linux? I just want to
> hear some opinions on that topic because I thought security fixes for
> your software are the way to go for fighting virae on linux.

Anti-Virus on Linux.  No.
(presuming that you don't run as root, and have lots of unprivileged 
users for individual applications.)

Anti-Malware on Linux.  Yes.
(Malware gets to the box via spoofed or hacked software distribution or 
creation sites; bad links or poisoned DNS caches; or via (e.g.) browser 
memory attacks - at plugins or exploits)

The oldtimers will tell you that safe hex and perhaps integrity 
monitoring (e.g. Samhain or tripwire) are all that's needed. But desktop 
Linux with Browsing, IM, etc. is changing that, IMHO.

The three packages above have Linux Trojan and Rootkit signatures, as 
well as Windows malware sigs. Easy enough to run an occasional scan of 
the Linux box (or Windows partition); and to scan each Linux download 
before reading, compiling, or passing on.

(Dazuko additionally allows realtime scans of compilation read/writes).

IMHO, Linux and MAC are the next frontier for malware, and -SADLY- 
AntiMalware signature and heuristic techniques are one thing we can 
learn about from Windows :-(




-- 
gentoo-user@lists.gentoo.org mailing list