1 |
Alan McKinnon wrote: |
2 |
> On Saturday 10 May 2008, 7v5w7go9ub0o wrote: |
3 |
>> But I sure acknowledge the majority opinion - almost ALL Linux users, |
4 |
>> and many Windows users as well, choose not to run real-time |
5 |
>> AntiMalware scanners. |
6 |
> |
7 |
> I do this, and I do it for a perfectly obvious reason: |
8 |
> |
9 |
> Your suggestion "protects" me from a problem that does not exist. |
10 |
> |
11 |
> I can't for the life of me imagine why I would ever do such a thing. |
12 |
> |
13 |
|
14 |
|
15 |
|
16 |
Geezzzzee.... I'm suddenly besieged!!! :-) |
17 |
|
18 |
What is missing in this conversation is specific context; i.e. what are |
19 |
the various "threat models" which are the basis for why/what we do in |
20 |
security-oriented things. Clearly you've analyzed your situation and |
21 |
determined that you don't need it. |
22 |
|
23 |
- I happen to mostly use a laptop on public wifi; using |
24 |
"non-OS-specific" tools such as: Firefox browser and thunderbird mail |
25 |
client (each with lots of "extensions" - third-party, unregulated, tools |
26 |
that enhance the operation of the browser/mail client. These extensions |
27 |
have been found to contain Trojans in the past. |
28 |
|
29 |
- I often install software directly from the author - or what I presume |
30 |
is the author's webpage; from what I hope is an uncompromised library. |
31 |
|
32 |
- I stream both via the browser and directly, a full range of media content. |
33 |
|
34 |
Seems to me that each of these areas represent a small possibility for |
35 |
mischief, especially in the case of "extensions"; e.g. everytime I |
36 |
invoke "check for updated plugins", I run the risk of something I don't |
37 |
want (e.g. password sniffer) from a compromised distribution, or spoofed |
38 |
location. An updated heuristic or signature may review that one of the |
39 |
extensions I installed last week came with what is now a recognized bug. |
40 |
|
41 |
You've indicated that the problem doesn't exist - true 'nuff for you. |
42 |
But IMHO -a- problem/potential for trouble does exist for me, and I've - |
43 |
perhaps unnecessarily - assumed the overhead and complexity of scanning |
44 |
what I perceive as the "problem" areas in the way I use this box. |
45 |
|
46 |
I don't run anti-malware on all activity within the box; just on the |
47 |
browser, lftp, media, and mail client jails, the download and work areas |
48 |
for portage (and where I compile non-portage software), and the |
49 |
/home/TaxAct area where I run WINE (using a dedicated, unprivileged |
50 |
taxact:taxact user:group). |
51 |
|
52 |
Reviewing my original response, it may seem that I was promoting |
53 |
real-time Anti-Malware for the masses. No - I definitely do not. Though |
54 |
I do think that people should, as a rule, review and create a "threat |
55 |
model" for their setup andhow they do business; and after doing so, |
56 |
consider AntiVir/Dazuko a potentially useful, possibly cost-effective |
57 |
addition. |
58 |
|
59 |
But we can certainly agree to disagree on the potential usefulness of |
60 |
this tool in my situation. :-) |
61 |
|
62 |
Tony was not determining "if", but rather, "which" anti-malware. What |
63 |
really happened is that I'm trying to express the basis for my |
64 |
enthusiasm about this particular, versatile Windows-and-Linux |
65 |
anti-malware product to Tony - in response to his original question: |
66 |
"best" Anti Virus. |
67 |
|
68 |
|
69 |
|
70 |
-- |
71 |
gentoo-user@l.g.o mailing list |