[H-GEN] Anti-Virus software for linux

Nikolai Lusan nikolai at humbug.org.au
Mon Apr 22 11:18:44 EDT 2002 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

<Initial text rewraped for world^H^H^H^H^Hlist peace and my sanity>

hphillips at 4ward.com.au wrote:

 > I just came across this site ->
 > http://www.avp.ru/products.html?tgroup=4&pgroup=11 amongst the text
 > on that page is 'new viruses _for_ Linux appear every day'.
 > Are there any viruses for linux? If so how many? Surely they don't
 > appear every day!

By the nature of the permission based sytems that bless the *nix world 
virii are not like they are in windows world. What I have constantly 
seen reffered to a a "virus for linux" is in fact a trojaned program, 
that is a program that serves as a vehical for malicious tasks. A user 
may only destroy what he/she has access to - hence the old addage not to 
do things as root - and often does not have the ability to install sytem 
wide software.



 > I am writing a basic sales brochure for small business to implement
 > linux solutions and was asked about viruses on linux. Every other
 > site I have been to has virus scanners that check the mail passing
 > through and/or the files stored on the box, no other site has even
 > mentioned viruses FOR linux.

Given the things being touted as virii these days (worms like code red 
and nimda[1] and the plethora of outlook based mail worms) alot of 
people would call what is, in actual fact, a trojan "a virus". This is 
not true, for a trojan to get onto a *nix system the superuser has to do 
something bad (like take binary software from an untrusted source or 
compile and install software without running fundamental checks on the 
source [2]. The only thing I have ever contemplated using a virus 
scanner for on a linux system was to protect wintel based networks from 
virii on samba shares or email accounts.


 > Are Kaspersky just full of male cow excrement trying make a sale?

It depends on how you look at it, the specs I see don't say anything 
about protecting from specific virii or how it works, they also don't 
say anything about the software being usefull for non-linux virii.


 > I know they are Russian so they can say anything and get away with it.

I will let you get away with that because of the .ru domain, but be very 
careful about how you use the term russian, I would hate to have to 
brand you a racist :)


Nikolai[3]


[1] Begone from my logs oh foul beasties!
[2] things like system(mail user at site.com < /etc/shadow) are very bad.
[3] everyone else on this list footnotes, so why not me :)[4]
[4] any finding grammar, spelling or typing errors needs to run this
     post through a de-robify script ;)


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list