1 |
Am Sat, 22 Oct 2011 13:43:53 +0200 |
2 |
schrieb Florian Philipp <lists@×××××××××××.net>: |
3 |
|
4 |
> Am 22.10.2011 13:29, schrieb Nilesh Govindarajan: |
5 |
> > On Sat 22 Oct 2011 04:57:33 PM IST, Mick wrote: |
6 |
> >> Hi All, |
7 |
> >> |
8 |
> >> I'm asked for a desktop antivirus (the box is running KDE) but I |
9 |
> >> have never used an antivirus on Linux. This page that I googled |
10 |
> >> up shows a number of them: |
11 |
> >> |
12 |
> >> http://www.makeuseof.com/tag/free-linux-antivirus-programs/ |
13 |
> >> |
14 |
> >> Meanwhile, portage only lists clamav under app-antivirus/. |
15 |
> >> |
16 |
> >> The machine in question is running kmail to receive/send messages |
17 |
> >> from ISP mail servers and ssmtp to send log messages for relaying |
18 |
> >> via said ISP. |
19 |
> >> |
20 |
> >> What have you tried and what would you recommend for such a |
21 |
> >> desktop setup? |
22 |
> > |
23 |
> > IMHO, you don't need antivirus on a Linux box, unless you're going |
24 |
> > to run a mail relay, where you are responsible for saving recipents |
25 |
> > from viruses. |
26 |
> |
27 |
> I agree. Check that your ISP performs virus checks. If not or if you |
28 |
> want to be extra sure, I think kmail can work with clamav -- at least |
29 |
> it could in the old 3.x days when I still used it. |
30 |
> |
31 |
> > The simplest reason of all is, Linux doesn't know how to execute |
32 |
> > Windows binaries. |
33 |
> > |
34 |
> |
35 |
> Well, this is an oversimplification. |
36 |
> 1) Any box running Wine is possibly as exposed to your classic |
37 |
> pretty-women.exe mail attachments as any windows systems. |
38 |
> 2) You should also be worried about Open/LibreOffice macro viruses as |
39 |
> well as PDF vulnerabilities. Not to forget Flash, Java or Mozilla |
40 |
> based exploits. |
41 |
|
42 |
or image rendering library bugs. or mono. or tricky multi-platform |
43 |
viruses/worms. saying that linux based viruses don't exist is simply |
44 |
wrong. there may not be much in the wild, but they definitely are out |
45 |
there. |
46 |
|
47 |
it is probably more difficult to write a successful virus for linux |
48 |
than for windows for a number or reasons but in principle the problem is |
49 |
the same as on windows. |
50 |
i think the main technical reason is the heterogeneity of the |
51 |
installations. one or two local exploits and you can hit almost any |
52 |
windows XP installation. in linux you have to deal with n combinations |
53 |
of kernel-version, glibc-version, etc. and there is very little you can |
54 |
depend on to be in a fixed location in memory since different compiler |
55 |
options may already change that. there are ways around all this of |
56 |
course[1], but its a lot of work. too much for the limited impact. |
57 |
also, a lot of malware seems to depend on social engineering for |
58 |
infection these days. i think thats going to work less good on a lot of |
59 |
linux users because the system conditions you to think before you act. |
60 |
|
61 |
that aside, i predict that we will see some linux viruses or worms with |
62 |
larger infections in the future. i guess the first ones will be for |
63 |
ubuntu because it has a large base of rather consistent base |
64 |
installations. |
65 |
|
66 |
/jonas |
67 |
|
68 |
-- |
69 |
|
70 |
[1] fun idea: something exploiting bugs in the usb storage subsystem or |
71 |
file system handling code spreading to usb sticks. you could probably |
72 |
even make that multi-platform if you find the needed bugs for different |
73 |
OSes. |
74 |
|
75 |
|
76 |
> |
77 |
> Still, keeping your system up-to-date and observing the freshly |
78 |
> revived GLSA notifications is more likely to save your butt than |
79 |
> clamav. |
80 |
> |
81 |
> Cheers, |
82 |
> Florian Philipp |
83 |
> |