| 1 |
Alan McKinnon wrote: |
| 2 |
> On Saturday 10 May 2008, 7v5w7go9ub0o wrote: |
| 3 |
>> But I sure acknowledge the majority opinion - almost ALL Linux users, |
| 4 |
>> and many Windows users as well, choose not to run real-time |
| 5 |
>> AntiMalware scanners. |
| 6 |
> |
| 7 |
> I do this, and I do it for a perfectly obvious reason: |
| 8 |
> |
| 9 |
> Your suggestion "protects" me from a problem that does not exist. |
| 10 |
> |
| 11 |
> I can't for the life of me imagine why I would ever do such a thing. |
| 12 |
> |
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
Geezzzzee.... I'm suddenly besieged!!! :-) |
| 17 |
|
| 18 |
What is missing in this conversation is specific context; i.e. what are |
| 19 |
the various "threat models" which are the basis for why/what we do in |
| 20 |
security-oriented things. Clearly you've analyzed your situation and |
| 21 |
determined that you don't need it. |
| 22 |
|
| 23 |
- I happen to mostly use a laptop on public wifi; using |
| 24 |
"non-OS-specific" tools such as: Firefox browser and thunderbird mail |
| 25 |
client (each with lots of "extensions" - third-party, unregulated, tools |
| 26 |
that enhance the operation of the browser/mail client. These extensions |
| 27 |
have been found to contain Trojans in the past. |
| 28 |
|
| 29 |
- I often install software directly from the author - or what I presume |
| 30 |
is the author's webpage; from what I hope is an uncompromised library. |
| 31 |
|
| 32 |
- I stream both via the browser and directly, a full range of media content. |
| 33 |
|
| 34 |
Seems to me that each of these areas represent a small possibility for |
| 35 |
mischief, especially in the case of "extensions"; e.g. everytime I |
| 36 |
invoke "check for updated plugins", I run the risk of something I don't |
| 37 |
want (e.g. password sniffer) from a compromised distribution, or spoofed |
| 38 |
location. An updated heuristic or signature may review that one of the |
| 39 |
extensions I installed last week came with what is now a recognized bug. |
| 40 |
|
| 41 |
You've indicated that the problem doesn't exist - true 'nuff for you. |
| 42 |
But IMHO -a- problem/potential for trouble does exist for me, and I've - |
| 43 |
perhaps unnecessarily - assumed the overhead and complexity of scanning |
| 44 |
what I perceive as the "problem" areas in the way I use this box. |
| 45 |
|
| 46 |
I don't run anti-malware on all activity within the box; just on the |
| 47 |
browser, lftp, media, and mail client jails, the download and work areas |
| 48 |
for portage (and where I compile non-portage software), and the |
| 49 |
/home/TaxAct area where I run WINE (using a dedicated, unprivileged |
| 50 |
taxact:taxact user:group). |
| 51 |
|
| 52 |
Reviewing my original response, it may seem that I was promoting |
| 53 |
real-time Anti-Malware for the masses. No - I definitely do not. Though |
| 54 |
I do think that people should, as a rule, review and create a "threat |
| 55 |
model" for their setup andhow they do business; and after doing so, |
| 56 |
consider AntiVir/Dazuko a potentially useful, possibly cost-effective |
| 57 |
addition. |
| 58 |
|
| 59 |
But we can certainly agree to disagree on the potential usefulness of |
| 60 |
this tool in my situation. :-) |
| 61 |
|
| 62 |
Tony was not determining "if", but rather, "which" anti-malware. What |
| 63 |
really happened is that I'm trying to express the basis for my |
| 64 |
enthusiasm about this particular, versatile Windows-and-Linux |
| 65 |
anti-malware product to Tony - in response to his original question: |
| 66 |
"best" Anti Virus. |
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
-- |
| 71 |
gentoo-user@l.g.o mailing list |
Archives