1 |
On Thursday 27 March 2008, Dale wrote: |
2 |
> Florian Philipp wrote: |
3 |
> > This is getting OT but I still want to ask: |
4 |
> > Is it really necessary to run an anti-virus on linux? I just want |
5 |
> > to hear some opinions on that topic because I thought security |
6 |
> > fixes for your software are the way to go for fighting virae on |
7 |
> > linux. |
8 |
> |
9 |
> I have not ran a anti-virus here for years and no problems so far. I |
10 |
> don't think Linux has this problem except for the rootkit thing. It |
11 |
> seems Linux is just pretty much immune to this sort of thing. |
12 |
|
13 |
Not really immune as such, just well protected. It's very hard to gain |
14 |
remote access as a user and then find an exploit to elevate to root |
15 |
priviledges. The devastation wrought on the internet by zombie windows |
16 |
machines is by and large not really possible on Linux to anything like |
17 |
the same degree - if an attacker dupes a user into running some malware |
18 |
it tends to run as the user which limits what the malware can do i.e. |
19 |
no ports open below 1024 etc etc. |
20 |
|
21 |
BUT some points to keep in mind: |
22 |
|
23 |
1. Linux us still small fry in the desktop market, and not really a |
24 |
target for malware scumbags. Why should they? It's much harder to do |
25 |
especially when Redmond's finest code in the wild is such juicy low |
26 |
hanging fruit. This is bound to change, just a matter of time |
27 |
|
28 |
2. There are some Linuxes out there that run everything as root. |
29 |
Xandros, I'm especially looking at you here. Apparently the Xandros |
30 |
devs like the way Redmond does things, right down to the brain dead |
31 |
design decisions <sigh> human stupidity is apparently boundless |
32 |
|
33 |
3. If an attacker gains access to your machine, he can trash your |
34 |
personal stuff just for spite. This is catastrophic to the average user |
35 |
even though it leaves the rest of the internet just as it was |
36 |
|
37 |
-- |
38 |
Alan McKinnon |
39 |
alan dot mckinnon at gmail dot com |
40 |
|
41 |
-- |
42 |
gentoo-user@l.g.o mailing list |