On Sun, 2008-05-18 at 02:07 +0100, Srdjan Todorovic wrote:
What about Linux viruses? (http://en.wikipedia.org/wiki/Linux_Virus)
What about them ? How many of them have actually been seen in the wild outside test conditions ? You do know that list is actually compiled from data taken from various AV solution providers.
Now if you read advice from people who don't have a business interest in selling you protection you will generally hear the same thing echoed again and again. If you get software from trusted repositories and are not using your machine as a mail gateway or samba server for windows machines then there are currently very few reasons to run local AV protection.
If you care enough about this unlikely threat, you could consider
Unlikely? How would you know that you were infected with a Linux virus if you dont have a Linux anti-virus?
The difference between Windows and Linux in this respect (at the moment), is that to get malware on linux takes either a lot of effort or a lot of stupidity, whereas on Windows it takes effort not to get infected. Although that said in the last 10 years I would say that I have on my own Windows machines had about 2 viruses and one bout of spyware. Even in those cases I am not so sure I was at the helm when they got infected.
But yes, clamav would be a good idea. It also means that if you were in Linux and you downloaded some programs for Windows, you'd feel safer.
I don't believe there is a direct equivalent of anti-spyware or a personal application firewall for Linux,
I haven't looked, but given that AVG and Avast have integrated anti spyware into their Windows products, I wonder if they have done the same with their linux products. Again though, at the moment unless you are trying to protect a Windows machine the other side of you or perhaps in a dual boot environment I don't really see the point.
As for personal app firewall, I think I read in the snort docs ages ago that you could configure it to drop routes to hosts that seemed to be attacking you, and the dropping would be automatic. I think you'd get an email notification about it too. Maybe some NIDS experts on here can confirm that.
It is also possible to configure iptables to drop based on the name of the binary, although this needs a nice pointy clicky gui to make it workable for most users. However personally I hate application level firewalls on desktop machines, even on Windows. The protection they offer is overstated anyway.
but you're unlikely to need them.
Seriously, we need to stop this attitude that Linux is invincible. It isn't.
Nobody is saying Linux is invincible, but everything you do with security is a cost (be that user time, computer time or money) vs actual threat level calculation. In my opinion currently unless you are trying to protect downstream Windows boxes that calculation for antivirus on linux (or Mac's for that matter) does not stack. The situation may change in the future as Windows userbase shrinks and the target size of Linux and OSX increases however.