| 1 |
Am Sat, 22 Oct 2011 13:43:53 +0200 |
| 2 |
schrieb Florian Philipp <lists@×××××××××××.net>: |
| 3 |
|
| 4 |
> Am 22.10.2011 13:29, schrieb Nilesh Govindarajan: |
| 5 |
> > On Sat 22 Oct 2011 04:57:33 PM IST, Mick wrote: |
| 6 |
> >> Hi All, |
| 7 |
> >> |
| 8 |
> >> I'm asked for a desktop antivirus (the box is running KDE) but I |
| 9 |
> >> have never used an antivirus on Linux. This page that I googled |
| 10 |
> >> up shows a number of them: |
| 11 |
> >> |
| 12 |
> >> http://www.makeuseof.com/tag/free-linux-antivirus-programs/ |
| 13 |
> >> |
| 14 |
> >> Meanwhile, portage only lists clamav under app-antivirus/. |
| 15 |
> >> |
| 16 |
> >> The machine in question is running kmail to receive/send messages |
| 17 |
> >> from ISP mail servers and ssmtp to send log messages for relaying |
| 18 |
> >> via said ISP. |
| 19 |
> >> |
| 20 |
> >> What have you tried and what would you recommend for such a |
| 21 |
> >> desktop setup? |
| 22 |
> > |
| 23 |
> > IMHO, you don't need antivirus on a Linux box, unless you're going |
| 24 |
> > to run a mail relay, where you are responsible for saving recipents |
| 25 |
> > from viruses. |
| 26 |
> |
| 27 |
> I agree. Check that your ISP performs virus checks. If not or if you |
| 28 |
> want to be extra sure, I think kmail can work with clamav -- at least |
| 29 |
> it could in the old 3.x days when I still used it. |
| 30 |
> |
| 31 |
> > The simplest reason of all is, Linux doesn't know how to execute |
| 32 |
> > Windows binaries. |
| 33 |
> > |
| 34 |
> |
| 35 |
> Well, this is an oversimplification. |
| 36 |
> 1) Any box running Wine is possibly as exposed to your classic |
| 37 |
> pretty-women.exe mail attachments as any windows systems. |
| 38 |
> 2) You should also be worried about Open/LibreOffice macro viruses as |
| 39 |
> well as PDF vulnerabilities. Not to forget Flash, Java or Mozilla |
| 40 |
> based exploits. |
| 41 |
|
| 42 |
or image rendering library bugs. or mono. or tricky multi-platform |
| 43 |
viruses/worms. saying that linux based viruses don't exist is simply |
| 44 |
wrong. there may not be much in the wild, but they definitely are out |
| 45 |
there. |
| 46 |
|
| 47 |
it is probably more difficult to write a successful virus for linux |
| 48 |
than for windows for a number or reasons but in principle the problem is |
| 49 |
the same as on windows. |
| 50 |
i think the main technical reason is the heterogeneity of the |
| 51 |
installations. one or two local exploits and you can hit almost any |
| 52 |
windows XP installation. in linux you have to deal with n combinations |
| 53 |
of kernel-version, glibc-version, etc. and there is very little you can |
| 54 |
depend on to be in a fixed location in memory since different compiler |
| 55 |
options may already change that. there are ways around all this of |
| 56 |
course[1], but its a lot of work. too much for the limited impact. |
| 57 |
also, a lot of malware seems to depend on social engineering for |
| 58 |
infection these days. i think thats going to work less good on a lot of |
| 59 |
linux users because the system conditions you to think before you act. |
| 60 |
|
| 61 |
that aside, i predict that we will see some linux viruses or worms with |
| 62 |
larger infections in the future. i guess the first ones will be for |
| 63 |
ubuntu because it has a large base of rather consistent base |
| 64 |
installations. |
| 65 |
|
| 66 |
/jonas |
| 67 |
|
| 68 |
-- |
| 69 |
|
| 70 |
[1] fun idea: something exploiting bugs in the usb storage subsystem or |
| 71 |
file system handling code spreading to usb sticks. you could probably |
| 72 |
even make that multi-platform if you find the needed bugs for different |
| 73 |
OSes. |
| 74 |
|
| 75 |
|
| 76 |
> |
| 77 |
> Still, keeping your system up-to-date and observing the freshly |
| 78 |
> revived GLSA notifications is more likely to save your butt than |
| 79 |
> clamav. |
| 80 |
> |
| 81 |
> Cheers, |
| 82 |
> Florian Philipp |
| 83 |
> |
Archives