On Sun, 18 May 2008, Wayne Stallwood wrote:
On Sun, 2008-05-18 at 02:07 +0100, Srdjan Todorovic wrote:
What about Linux viruses? (http://en.wikipedia.org/wiki/Linux_Virus)
What about them ? How many of them have actually been seen in the wild
They do exist.
outside test conditions ? You do know that list is actually compiled from data taken from various AV solution providers.
True, the list (as with the windows virus list) is provided by biased entities that want to sell you something. Can you trust them?
If you get software from trusted repositories and are not using your machine as a mail gateway or samba server for windows machines then there are currently very few reasons to run local AV protection.
Unless the trusted source becomes comprimised, true.
Unlikely? How would you know that you were infected with a Linux virus if you dont have a Linux anti-virus?
The difference between Windows and Linux in this respect (at the moment), is that to get malware on linux takes either a lot of effort or a lot of stupidity, whereas on Windows it takes effort not to get infected.
A lot of effort on behalf of the attacker and enough stupidity on the behalf of the user, or did I misunderstand?
As for personal app firewall, I think I read in the snort docs ages ago that you could configure it to drop routes to hosts that seemed to be attacking you, and the dropping would be automatic. I think you'd get an email notification about it too. Maybe some NIDS experts on here can confirm that.
It is also possible to configure iptables to drop based on the name of the binary, although this needs a nice pointy clicky gui to make it
Which is a bit silly given that if you have a virus/spyware combo, the name of the binary could change and then the iptables rule will no longer be effective.
but you're unlikely to need them.
Seriously, we need to stop this attitude that Linux is invincible. It isn't.
Nobody is saying Linux is invincible, but everything you do with security is a cost (be that user time, computer time or money) vs actual threat level calculation. In my opinion currently unless you are trying to protect downstream Windows boxes that calculation for antivirus on linux (or Mac's for that matter) does not stack. The situation may change in the future as Windows userbase shrinks and the target size of Linux and OSX increases however.
The think that gets me is that although Windows boxen are allegedly easier to break into, I feel they don't really offer much in terms of power after you break into them. A Unix-like system wil probably offer more power to a cracker. Anyone have experience of this? What kind of tools does Windows malware install? And what tools does Linux malware install?
-Srdj