[lug] Virus software for Linux

Jonathan Briggs zlynx at acm.org
Thu Apr 18 17:00:18 MDT 2002 

On Thu, 2002-04-18 at 14:52, Peter Hutnick wrote:
> On Thursday 18 April 2002 02:18 pm, Jonathan Briggs wrote:
[snipped]
> > Many of today's "virus scanners" are actually much more than that.  They
> > include what amounts to host-based intrusion detection.  For example,
> > malicious JavaScript and Flash programs may be blocked, even if the web
> > browser would be happy to execute them.  Trojan programs (not
> > technically viruses) may be blocked, even if the user is silly enough to
> > execute them.
> 
> I don't mean this in a mean way, but what do you think IDS is?  It certainly 
> doesn't have anything to do with flash or javascript.

IDS is an Intrusion Detection System.  A virus or trojan counts as an
Intrusion to me.  I would also classify a malicious Javascript or Flash
script as an Intrusion.  Defining IDS as simply detecting buffer
overflows and shell code is rather limiting.

I used the term loosely, I admit.  So do IDS vendors.

[snip]
> > We may also have to deal with Microsoft Office on Linux.  It can be run
> > today using the Codeweaver Crossover program, and in the future there
> > may even be a native port.
> 
> Who is we?
[snip]

"We" are system administrators.  Some administrators may have the power
to declare, "No!  We are _not_ running that!"  Other administrators have
to deal with it because they cannot say "No!" and remain employed.

"We" are users who _want_ to run Microsoft Office because it has
features no other office suite has.  Excel is an excellent spreadsheet,
for example.

Please feel free to replace "We" with "Users who want to run Microsoft
and system administrators who have to deal with it."

> So, I guess if you choose to run crappy software you need other crappy 
> software to de-crapify it.  I concede the point.

Sure, although I object to classifying all virus scanners as crappy
software.  A virus scanner can protect a user against crappy software or
their own stupidity / inexperience.  A virus scanner is also good as
part of a layered security model.

A paranoid layered security model would have border firewalls, network
IDS, application proxies (with virus scanners), host firewalls, host
IDS, host virus scanners, buffer overflow prevention libraries on the
host, and the host would be running security audited software.

Using many security layers is smart and a virus scanner fits right in. 
It is pure arrogance (and usually false) to claim, "My
OS/application/whatever is fully secure and unbreakable!"

[snip]
> > Remember, it isn't much comfort that your root owned system programs and
> > files are perfectly safe, when all the data owned by your user account
> > has just been wiped out.
> 
> Now you are saying "you."  Don't include me in your sick little world of 
> programs that produce system commands at the request of strange data.

Very well:
Most users won't care that the root owned system programs and files are
perfectly safe, when all of the data owned by their user account has
just been wiped out.
[snip]
-- 
Jonathan Briggs
jbriggs at esoft.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20020418/52164aa6/attachment.pgp>

More information about the LUG mailing list