Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 20 of 20
Originally Posted by twhiting9275 This isn't windows we're talking about here, where things can easily take control of your system, this is Linux, where you have to TELL the system ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux Engineer LondoJowo's Avatar
    Join Date
    May 2005
    Location
    Richmond, TX
    Posts
    804

    Quote Originally Posted by twhiting9275
    This isn't windows we're talking about here, where things can easily take control of your system, this is Linux, where you have to TELL the system what to do, specifically
    If you setup a user with permissions to only run the program needed, Windows can be just as secure as Linux. However that's not the default setup (administrative account) or the way many people setup Windows (ie Power User with administrative rights).

    Yet if Windows installation was the same as Linux the web would be filled with post claiming Microsoft/Bill Gates is dictating how the OS will be setup and taking their personal freedoms away.

  2. #12
    Linux Engineer LondoJowo's Avatar
    Join Date
    May 2005
    Location
    Richmond, TX
    Posts
    804

    Re: Anti Virus

    Quote Originally Posted by L33tLinuxN00b
    Anybody Know A Good Free Open Source Samba Fileserver Antvirus Protection Manager...
    I use and recommend Clamav. I used the KDE GUI of Clamav called KlamAV.

  3. #13
    Linux User George Harrison's Avatar
    Join Date
    Mar 2005
    Location
    Pepperland
    Posts
    445
    Quote Originally Posted by twhiting9275
    You don't NEED a "linux antivirus", as the number of virii for Linux systems is so small it's ridiculous. This isn't windows we're talking about here, where things can easily take control of your system, this is Linux, where you have to TELL the system what to do, specifically
    o..k.. now that is just being arrogant. Search on Wikipedia and you will find a hefty list of Linux viruses. Not only that, but there are such things as rootkits... I protect my system with FireHOL and Firestarter, ClamAV, and chkrootkit plus, I am behind a router and I am still worried about security. It is very well possible that over a period of 1-2 years with no maintenence, your system will be attacked and running a server triples that chance if you do not secure your system. The only time you can really boast/rant and tell people that you do not need an anti virus is with OpenBSD and even then you still have to be careful.

    Now that my rant is done - go with ClamAV.

    EDIT: Link I bet that you thought there would be a lot less than 13. No Operating System is invulnerable you can't push the tilde button on your keyboard and enter in "god" and expect to be in God Mode, you must secure your system before it is attacked. Crazy kids these days.
    Registered Linux user #393103

  4. $spacer_open
    $spacer_close
  5. #14
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    http://www.icon.co.za/~psheer/book/n...00000000000000
    I have heard that LINUX does not suffer from virus attacks. Is it true that there is no threat of viruses with UNIX systems?

    A virus is a program that replicates itself by modifying the system on which it runs. It may do other damage. Viruses are small programs that exploit social engineering, logistics, and the inherent flexibility of a computer system to do undesirable things.

    Because a UNIX system does not allow this kind of flexibility in the first place, there is categorically no such thing as a virus for it. For example, UNIX inherently restricts access to files outside the user's privilege space, so a virus would have nothing to infect.

    However, although LINUX cannot itself execute a virus, it may be able to pass on a virus meant for a Windows machine should a LINUX machine act as a mail or file server. To avoid this problem, numerous virus detection programs for LINUX are now becoming available. It's what is meant by virus-software-for-LINUX.

    On the other hand, conditions sometimes allow an intelligent hacker to target a machine and eventually gain access. The hacker may also mechanically try to attack a large number of machines by using custom programs. The hacker may go one step further to cause those machines that are compromised to begin executing those same programs. At some point, this crosses the definition of what is called a "worm." A worm is a thwarting of security that exploits the same security hole recursively through a network. See the question on security below.

    At some point in the future, a large number of users may be using the same proprietary desktop application that has some security vulnerability in it. If this were to support a virus, it would only be able to damage the user's restricted space, but then it would be the application that is insecure, not LINUX per se.

    Remember also that with LINUX, a sufficient understanding of the system makes it possible to easily detect and repair the corruption, without have to do anything drastic, like reinstalling or buying expensive virus detection software.
    The simple answer is that there are no viruses for GNU/Linux, yes there are worms but worms are not viruses and it's important that people make that distinction, unfortunately a lot of people seem to make the mistake of thinking that worms are viruses, they are not.

    Rootkits are not viruses, viruses propagate through the system destroying everything they come in contact with, programs that allow a back door for an attacker are called trojans, a rootkit is pretty much what's defined as a trojan.
    It would be possible to create a script that deletes everything the user has access to, but because GNU/Linux is a true multiuser environment, providing the user does not run as a root, then it's ensured that the user will not have access to anything outside of their home directory, eliminating the possibility of a system wide failure through these methods.

    With regular backups, ensuring that you get your software from an official source, and also getting into the habit of checking scripts before you run them, then this kind of thing isn't much to worry about either.
    The statement is correct, you don't need an antivirus, but out of common curtosy to the fact that file servers and mail servers can harbour viruses intended for a different platform, then comes the place for an antivirus to be run.

    It's important that people use the correct definitions and understand that "virus" is not a catch all term, it applies to a specific type of program that performs a specific type of action.

    Worms, "a thwarting of security that exploits the same security hole recursively through a network", the chances are high that the worm in question would be designed for a security hole that had been available for some time, it doesn't just happen overnight, keep essential services and software updated with stable versions and the chances of getting caught by one are much lower, also run only what's needed.
    Rootkits, a simple age old rule, "if you don't know what it does, don't run it as root", and always get your software from official sources, or at least get into the habit of md5 hash checking it first.

    And that pretty much covers it.

  6. #15
    Linux Engineer
    Join Date
    Apr 2005
    Location
    Belgium
    Posts
    1,429
    Quote Originally Posted by MunterMan
    Not all Latin words ending in -us have -i as their plural.

    viri is the Latin word for 'men' (plural of vir, man, the root of the English virile)

    There is in fact no written attestation of a Latin plural of virus.

    Does not help you with your problem, but tough, I am in a bad mood.

    BTW, I am not a pedant, in the strict sense of the word.
    It follows the flexion of fructus (IV): fructus, fructus.

    So the plural is virus.
    ** Registered Linux User # 393717 and proud of it ** Check out www.zenwalk.org
    ** Zenwalk 2.8 - Xfce 4.4 beta 2- 2.6.17.6 kernel = Slack on steroids! **

  7. #16
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    Quote Originally Posted by George Harrison
    EDIT: Link I bet that you thought there would be a lot less than 13. No Operating System is invulnerable you can't push the tilde button on your keyboard and enter in "god" and expect to be in God Mode, you must secure your system before it is attacked. Crazy kids these days.
    A small cleanup on some of those items.
    • Apm - A worm that exploits a buffer overrun in the program package BIND
      Adore - A worm that exploits four different known vulnerabilities, these vulnerabilities concern BIND named, wu-ftpd, rpc.statd and lpd services
      Bliss - A virus that writes code to binaries with write capabilities of the user, in a multiuser environment no user should have write access to any binaries, only root, the effects of having it so are simply predictable. Perhaps the statement should be changed to "There shouldn't be any viruses for GNU/Linux", easily avoidable and shouldn't of happened in the first place.
      Cheese - Another worm, this one replicates between systems that were previously cracked by the "Ramen" Linux worm.
      DevNull - This worm is related to Slapper.
      Kork - A worm that uses the known vulnerability in lpd service to propagate from a vulnerable Linux system to another.
      Lion - A worm that uses transaction signatures buffer overflow (also known as TSIG) vulnerabilitiy in BIND named server to spread itself.
      Mighty - A worm that exploits a vulnerability in the "Secure Sockets Layer" SSL "mod_ssl" interface code of Apache.
      OSF.8759 - A virus and trojan in one, quite a clever one too, detects if it is run under a debugger and skips the infection routine altogether.
      Ramen - A worm that effects a buffer overrun in Red Hat systems.
      RST - A virus and trojan rolled into one, probably the worst to date.
      Slapper - A network worm that spreads by using a flaw discovered in August 2002 in OpenSSL libraries, has a few variations.
      Staog - A virus written in assembly, used a kernel exploit to stay resident and infected binaries as they were executed, obselete by fix and upgrading of kernel


    In that entire list there are 4 viruses (programs that are catagorically described as such), one of them is easily avoidable, you shouldn't have write permissions in the first place and don't run as root.
    The first 2 are a virus and trojan (aka rootkit) rolled into one, OSF.8759 relies on being in a particular directory to do it's work, namely /bin, suggesting that it would first have to be installed, most probably with a compromised package, official sources and md5 hash checking will make this pretty much obsolete, discovered in 2002, the question remains as to whether a binary run from a directory will have access to the other binaries or not, if not this one is also obsolete.
    RST, also discovered in 2002, again infects all binaries in the current directory and also /bin, both being of the same nature and both discovered in 2002 suggests that this /bin exploit has been fixed and this virus is also obsolete.
    Lastly Staol, obsolete by kernel fix, it's way of getting into the system are that of a worm, and it's actions are that or a virus.

    The backdoor capabilities of the last 2 are slightly worrying, but are no more dangerous than pure rootkits, "if you don't know what it does, don't run it as root", or better yet don't run it at all. While these may be classed as viruses all they seem to do is ruin your binaries, I'm yet to see any propagating of the program involved.

    I'm not saying GNU/Linux is perfect, infact if it was there would be no need to continue developing it, but these things happen and they get fixed very quickly, so quickly infact that from that entire list I can probably say that "no viruses exist" since they are all obsolete, bar one, but you shouldn't have write access anyway.

    The most common argument is that GNU/Linux isn't as popular and viruses aren't as easily writable, but that's far from the point, apache is open source and the most popular around, yet is more secure and suffers less successfull attacks than it's closed source proprietary competitor IIS.

    This pretty much confirms what I said in the first place.

  8. #17
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    To make things simple for the people wondering, "are any of my files user writable outside my home directory", here's a command to search your entire system for files that are group and world writable, after this you can see about tightening things up.
    Code:
    find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \;
    You can run this command as root to make sure it checks every single file, it checks for group and world writable files so running as root won't go picking up every file on the system, also I find the best permissions to have for binaries is 755 (rwx r-x r-x), only root will be able to write to the files, remember to set special permissions like 4755 for programs like su that need to do setuid.
    Changing f for d will search for user and world writable directories.
    Code:
    find / -type d \( -perm -2 -o -perm -20 \) -exec ls -lg {} \;
    Speaking of special permissions, this command will search for all files that have the special permission set.
    Code:
    find / -type f \( -perm -04000 -o -perm -02000 \) -exec ls -lg {} \;
    Lastly don't allow any unowned files on your system, if you find any, verify it's integrity and give it an owner, most commonly root.
    Code:
    find / -nouser -o -nogroup
    Hope that helps.

  9. #18
    Just Joined!
    Join Date
    Mar 2005
    Location
    Ghana
    Posts
    35

    linux shield

    with the infection happening Linkable Executable Files, we are getting closer to malicious attacks by codes.

    well i recommend LinuxShield from McAfee though commercial and expensive, its an effective choice i use too.

  10. #19
    Just Joined!
    Join Date
    Sep 2005
    Location
    Edinburgh & Aix-en-Provence
    Posts
    70
    thanx everyone think im gonna use f prot... and clamav...
    This went by a bit quick, in Windows mixing Anti Virus products is usualy lethal. even security products that ostensibly do different things eg Anti Spyware, Anti Virus from different software house can sometimes react badly.

    Is this not the case in Linux, and if not why not.

  11. #20
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692

    Lightbulb

    Since kapranoony the spammer brought this old thread to life (with his obscene post), I'd actually like to add something on to the discussion:

    I do use clamav on FreeBSD and GNU/Linux boxes, simply because most people I interact with (read: exchange documents and other files with) run Windows. So I can scan their files if I'd like to be sure I'm not propagating some nasty virus.

Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •