[lug] Virus software for Linux

Peter Hutnick peter-lists at hutnick.com
Thu Apr 18 14:52:40 MDT 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 18 April 2002 02:18 pm, Jonathan Briggs wrote:
> I have to disagree with the general idea that virus scanners will be
> useless on Linux.  I think that with the popularity of Linux rising,
> virus scanners will become necessary as standard parts of desktop
> security.

Surely being a prevalent system draws the attention of virus authors.  OTOH 
the argument that Linux doesn't have viruses because it is obscure sounds 
even less believable today than it did a couple of years ago.

It is simply trivial to write a windows virus and non-trivial to write a Linux 
virus.

> Many of today's "virus scanners" are actually much more than that.  They
> include what amounts to host-based intrusion detection.  For example,
> malicious JavaScript and Flash programs may be blocked, even if the web
> browser would be happy to execute them.  Trojan programs (not
> technically viruses) may be blocked, even if the user is silly enough to
> execute them.

I don't mean this in a mean way, but what do you think IDS is?  It certainly 
doesn't have anything to do with flash or javascript.

I'd also submit that this is very browser dependent.  So, for instance, there 
was a hack that would cause IE to over-write the boot sector.  A typical 
Linux system has /two/ defenses against this.  1. A normal user cannot write 
to the boot sector and 2. "native" Linux browsers won't try.

> We may also have to deal with Microsoft Office on Linux.  It can be run
> today using the Codeweaver Crossover program, and in the future there
> may even be a native port.

Who is we?  There is no doubt that user-space apps can walk all over a users 
own files on a UNIX like system with a traditional permissions system.  (Not 
so with ACLs, but that is another debate.)

I don't run programs that have a history of doing so.

So, I guess if you choose to run crappy software you need other crappy 
software to de-crapify it.  I concede the point.

> If Linux starts running Microsoft software, Linux will need to deal with
> Microsoft (non)security (mis)features.  We will certainly need virus
> scanners then.
>
> Remember, it isn't much comfort that your root owned system programs and
> files are perfectly safe, when all the data owned by your user account
> has just been wiped out.

Now you are saying "you."  Don't include me in your sick little world of 
programs that produce system commands at the request of strange data.

Seriously, how bizarre is it to run software who's only job is to selectively 
break the functionality of other software so it doesn't damage your data at 
the request of arbitrary data /pushed/ to you off the internet?

- -Peter

- -- 
/"\ ASCII Ribbon campaign against HTML e-mail
\ /
 X   Get my PGP key at http://hutnick.com/pgp
/ \  6128 5651 6F23 EC17 6EBD  737D 960A 20E6 76CA 8A59
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8vzIYlgog5nbKilkRAistAJ4xjOrZhJHGo7Rz73Zyypo+drUmQQCeJKkg
uJ86eg/KNoEME0CDhqcC4Jc=
=uk4N
-----END PGP SIGNATURE-----

More information about the LUG mailing list