LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 12-06-2016, 04:37 PM   #46
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth&Mars (I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that work on freest-HW; has been KDE, CLI, Novena-SBC but open.. http://goo.gl/NqgqJx &c ;-)
Posts: 4,888
Blog Entries: 2

Rep: Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567

Should rather wrap our heads around do we need virus and malware; parents, anyone?
 
Old 12-07-2016, 12:24 AM   #47
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881

Rep: Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063
Quote:
Originally Posted by sundialsvcs View Post
Well, the download images and packages and so-forth are digitally signed, which is why the "public key" used by a distro is updated from time to time. The integrity of the package is verified before its contents are used.

You continue to use the word, "infect." That's a biological term. It implies that, if I send a piece of malicious software to you, your computer will install it, without your knowledge, unless you run software that's supposed to act like a digital "immune system." That is not a valid analogy.

Easily, the most convenient way to install software on your machine and to have it be running is to embed it within the JavaScript that is running an innocuous-looking advertisement. (Which is why I block every advertisement from a web-site.) But, even so, that software "runs as you."

The most critical thing that you must ensure is that rogue software cannot gain elevated privileges. "Windows Home Edition" users are administrators, and it is difficult for them to be otherwise, and Microsoft never says a thing about the potential danger. Many Linux users are by-default members of the wheel group, which means that "root access" needs only their login password. These are vulnerabilities that no "scanner" can prevent: it is intrinsic to the way that they have set up their machines and their own access privileges.

"Anti-virus software" is sold just because it "feels good." Because it makes you somehow feel that you are doing something that is both necessary and prudent. And yet, what one piece of software "has access to everything?" You got it: the "anti-virus software" itself. These packages have been exploited to create vectors on many occasions.

I guess it's the same reasoning that enables pharmacies in the United States to sell "flu shots" to get a quick $25.00 profit from an 8¢ injection that won't do you any good anyhow.
Yes, I know that packages are signed and repos are checked for viruses, this is why wherever possible I install software from packages. And always make sure signatures match what they are supposed to be.

As for the word 'infect', it's a word, your reading too much into it.

I agree with you, that in order for ANY piece of software to do ANYTHING on your computer it has to actually be RUN in the first place.

The first PC I ever brought come with Windows XP Home Edition on it, and I therefore do agree with you there. As well as the point that you should be careful about which user groups your 'everyday' account is a member of.

But from what I can read (correct me if I'm wrong) you are trying to say that, there will never be any possibly that antivirus software would/could be useful and/or a valid security measure. And/or that there will never be any possibly that a virus would/could be run on your system. I could not agree with you there.

You are forgetting that humans are not prefect and could be careless/make mistakes (correct me if I'm wrong).

I'm not sure what 'flu shots' have to do with computer security.

It sounds to me like you are one of those people that believes everything/most things must be one big conspiracy (correct me if I'm wrong).
 
Old 12-07-2016, 02:39 AM   #48
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,727

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
Yes, the "virus industry" is indeed one big scam. And terms like "virus" and "infect" are just marketing terms used by said industry - and the vast majority of people, not being fully computer literate, believe the "biological" scaremongering which sundialsvcs refers to. And as he states above, it's about feeling safe rather than actually being more secure. This software tends to constantly remind you, via pop up notifications, that it's protecting you and eliminating "threats". In most cases this is a few browser cookies, but the average person sees that 50 odd "problems" were resolved and this has a soothing effect. "Personal firewall" software from the same vendors also tends to show the user notifications of "attackers" (probably icmp packets...) which it has stopped.

Most anti-malware software also suffers from the problem of false positives - i.e. an innocent program in a compressed file or a bit of text or a completely innocent script is flagged up as "suspicious" and quarantined. This is because most corporate anti-malware software is designed, primarily, from a litigative perspective.

It revolves around MS windows and the big corporations creating anti-malware software for that OS and it has made some people very rich.

You only need something like clamav if you're in any way involved in administering servers and want to stop malware spreading to and from windows workstations which are using your NFS/SMB shares, mail server, whatever...

Last edited by cynwulf; 12-07-2016 at 02:44 AM.
 
1 members found this post helpful.
Old 12-07-2016, 02:47 AM   #49
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth&Mars (I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that work on freest-HW; has been KDE, CLI, Novena-SBC but open.. http://goo.gl/NqgqJx &c ;-)
Posts: 4,888
Blog Entries: 2

Rep: Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567
Lightbulb

Quote:
Originally Posted by jsbjsb001 View Post
...
You are forgetting that humans are not prefect and could be careless/make mistakes (correct me if I'm wrong).

I'm not sure what 'flu shots' have to do with computer security.
...
...non sequitur... or, science as both medicine and security are a practice not right (eg most education with voting on policies plus not seeing borders or race) and wrong( voting for people(!)!

Anyone remember Battlestar Galactica?
Click image for larger version

Name:	d4d318447fec07c21a0998a6469fd50f.jpg
Views:	14
Size:	10.3 KB
ID:	23700
 
Old 12-08-2016, 12:08 AM   #50
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881

Rep: Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063
Quote:
Originally Posted by cynwulf View Post
You only need something like clamav if you're in any way involved in administering servers and want to stop malware spreading to and from windows workstations which are using your NFS/SMB shares, mail server, whatever...
This was my main point originally, but clamav is not exactly up there in terms of detection rates, so personally I would go for something else in terms of antivirus software.

Also, if your not paying anything for antivirus software (clamav, AVG Free Edition, etc), the antivirus vendor is not actually making any money from you in the first place.

At the end of the day, you have to make your own judgement in terms of having antivirus software on your Linux box. And as you 'suggest' (for lack of better words) you need to work out what your actual risk(s) are in the first place.
 
Old 12-08-2016, 02:57 AM   #51
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,727

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
Quote:
Originally Posted by jsbjsb001 View Post
Also, if your not paying anything for antivirus software (clamav, AVG Free Edition, etc), the antivirus vendor is not actually making any money from you in the first place.
AVG is not "free", it's proprietary software and actually adware/spyware in itself:

http://www.wired.co.uk/article/avg-p...er-search-data
http://www.zdnet.com/article/avg-sec...ive-ever-seen/
https://bugs.chromium.org/p/project-...id=675&redir=1

Quote:
Originally Posted by jsbjsb001 View Post
At the end of the day, you have to make your own judgement in terms of having antivirus software on your Linux box. And as you 'suggest' (for lack of better words) you need to work out what your actual risk(s) are in the first place.
If you are just a home desktop user, running just a single Linux box, it's probably a waste of time and effort.
 
Old 12-08-2016, 11:41 AM   #52
crazy-yiuf
Member
 
Registered: Nov 2015
Distribution: Debian Sid
Posts: 119

Rep: Reputation: 51
Quote:
clamav is not exactly up there in terms of detection rates
Also, if your not paying anything for antivirus software (clamav, AVG Free Edition, etc), the antivirus vendor is not actually making any money from you in the first place.
This is exactly why I recommended virustotal. You upload an executable, get the signature checking of all the major vendors, and don't have to install any unsavory software. The executables you get from the repo have safeguards far superior to (and in addition to) basic signature detection, with the possible exception of testing distros.
 
Old 12-08-2016, 05:26 PM   #53
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,610
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
Quote:
Originally Posted by jsbjsb001 View Post
I'm not sure what 'flu shots' have to do with computer security.

It sounds to me like you are one of those people that believes everything/most things must be one big conspiracy (correct me if I'm wrong).
"Yeah, you're wrong."

"Flu shots" are heavily hyped at every pharmacy, grocery store, and roadside stand in the USA, because they are extremely profitable. (The vaccine costs almost nothing.) Because the influenza virus is very mutagenic, it is difficult to produce a vaccine that will work well "this year." (See this article from CDC.gov for a good layman's run-down of the matter.)

Yes, I am of the reasoned opinion that "anti-virus software" can in fact do more harm than good.

Last edited by sundialsvcs; 12-08-2016 at 05:27 PM.
 
Old 12-08-2016, 11:07 PM   #54
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881

Rep: Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063
Quote:
Originally Posted by cynwulf View Post
AVG is not "free", it's proprietary software and actually adware/spyware in itself:
If you are not paying anything for the software in the the first place, how is the antivirus vendor making any money out of you? And yes, it is proprietary, do agree with you there.

Quote:
Originally Posted by sundialsvcs View Post
"Yeah, you're wrong."

"Flu shots" are heavily hyped at every pharmacy, grocery store, and roadside stand in the USA, because they are extremely profitable. (The vaccine costs almost nothing.) Because the influenza virus is very mutagenic, it is difficult to produce a vaccine that will work well "this year." (See this article from CDC.gov for a good layman's run-down of the matter.)

Yes, I am of the reasoned opinion that "anti-virus software" can in fact do more harm than good.
About?
If your talking about 'flu shots', I don't think your computer is going to get any better if you gave it a 'flu shot'! Sorry.
 
Old 12-09-2016, 02:25 AM   #55
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,727

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
You don't pay for facebook, the vast majority of google services and MS recently started giving away windows 10 as a "free" upgrade... who or what do you think pays for all of this? (Hint: Read the links I posted)
 
Old 12-09-2016, 02:35 AM   #56
crazy-yiuf
Member
 
Registered: Nov 2015
Distribution: Debian Sid
Posts: 119

Rep: Reputation: 51
Quote:
Originally Posted by jsbjsb001 View Post
If you are not paying anything for the software in the the first place, how is the antivirus vendor making any money out of you?
The quote you were responding to listed three ways.

In addition, and as mentioned, it attempts to make people paranoid enough to buy the full version by reporting cookies, pings, and most FOSS software, as dangerous threats.
 
1 members found this post helpful.
Old 12-12-2016, 11:46 PM   #57
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881

Rep: Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063
Quote:
Originally Posted by cynwulf View Post
You don't pay for facebook, the vast majority of google services and MS recently started giving away windows 10 as a "free" upgrade... who or what do you think pays for all of this? (Hint: Read the links I posted)
And microsoft still expects you to PAY $$$ for the previous version, you are upgrading FROM. As for facebook and google, they make most of their $$$ though ADVERTISING (and also run on Linux, from what I've read). And for those of us who do not have a facebook account, I for one, am not even seeing ANYTHING (including ad's) on it. So in terms of your first point, it's a bit like saying "I PAYED $$$ for xy or z and got a FREE xy or z" in return. Well this is called capitalism, my friend!

You should also understand that it costs $$$ to develop ANY kind/type of software (FOSS or proprietary), so someone's PAYING for that as well, no?
 
Old 12-13-2016, 01:56 PM   #58
crazy-yiuf
Member
 
Registered: Nov 2015
Distribution: Debian Sid
Posts: 119

Rep: Reputation: 51
Quote:
And microsoft still expects you to PAY $$$ for the previous version, you are upgrading FROM. As for facebook and google, they make most of their $$$ though ADVERTISING (and also run on Linux, from what I've read). And for those of us who do not have a facebook account, I for one, am not even seeing ANYTHING (including ad's) on it. So in terms of your first point, it's a bit like saying "I PAYED $$$ for xy or z and got a FREE xy or z" in return. Well this is called capitalism, my friend!

You should also understand that it costs $$$ to develop ANY kind/type of software (FOSS or proprietary), so someone's PAYING for that as well, no?
I'm not sure who you're arguing with here. You were the one who asked:
Quote:
If you are not paying anything for the software in the the first place, how is the antivirus vendor making any money out of you?
And we answered. Our answers did not belie our understanding of capitalism. Nor did anyone make the claim that development doesn't cost money.

Personally, I find the dissemination of my browsing habits distasteful. One example why: It's not particularly far fetched to imagine a certain autocracy compiling a database of all this information once the ad agencies are done with it, and running some clever software over it to create profiles. If I critique a leader in that country, even under a false name, and then travel there on a business trip twenty years later, I could find myself getting arrested.

This may seem paranoid to you - fair enough. But to me, there is a cost associated with using spyware. It's also possible that they'll accidentally gather some data like your bank account number and ship it off over unencrypted channels. They could be doing anything with it, even knowingly selling your info to criminals who try to use it to steal your identity.

The cost associated with developing FOSS isn't passed on to me. It is either volunteered or amortized across the group(s) paying for it. So that point really has nothing to do with the current conversation.
 
Old 12-15-2016, 10:02 PM   #59
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881

Rep: Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063
Quote:
Originally Posted by crazy-yiuf View Post
I'm not sure who you're arguing with here. You were the one who asked:

And we answered. Our answers did not belie our understanding of capitalism. Nor did anyone make the claim that development doesn't cost money.

Personally, I find the dissemination of my browsing habits distasteful. One example why: It's not particularly far fetched to imagine a certain autocracy compiling a database of all this information once the ad agencies are done with it, and running some clever software over it to create profiles. If I critique a leader in that country, even under a false name, and then travel there on a business trip twenty years later, I could find myself getting arrested.

This may seem paranoid to you - fair enough. But to me, there is a cost associated with using spyware. It's also possible that they'll accidentally gather some data like your bank account number and ship it off over unencrypted channels. They could be doing anything with it, even knowingly selling your info to criminals who try to use it to steal your identity.

The cost associated with developing FOSS isn't passed on to me. It is either volunteered or amortized across the group(s) paying for it. So that point really has nothing to do with the current conversation.
Exactly what I quoted in the first place (see quote above yours, in my last reply). As cynwulf was talking about the Windows 10 upgrade (which is an UPGRADE, NOT a free OS), facebook and google, but the last point I made still remains the same. If you download the 'free' edition of AVG Antivirus (or the 'free' version of any other antivirus software), you are NOT paying for the use of it. But cynwulf wanted to get off topic, so once again how are you paying for the use of the 'free' edition of AVG Antivirus (or once again the 'free' version of any other such software)?

Edit: Hint, you are NOT! Unless you PAY for the FULL/paid for version of it!

Last edited by jsbjsb001; 12-15-2016 at 10:08 PM.
 
Old 12-18-2016, 12:36 AM   #60
crazy-yiuf
Member
 
Registered: Nov 2015
Distribution: Debian Sid
Posts: 119

Rep: Reputation: 51
Quote:
so once again how are you paying for the use of the 'free' edition of AVG Antivirus (or once again the 'free' version of any other such software)?
And once again: you're paying with your privacy. If you don't consider that paying, then that's fine.

Arguments about how to use words aside, I couldn't help but feel a tad smug seeing this a few minutes ago:
https://linux.slashdot.org/story/16/...can-enterprise

From the looks of it, a user wouldn't have had to do anything other than install the software to be vulnerable. Vulnerabilities of this severity are extremely rare on Linux, most of the ones you hear about require at least two mistakes on the user's part (e.g., installing an iffy package then visiting an iffy website).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Google lays bare security flaws in anti-malware product with 250 million users LXer Syndicated Linux News 0 02-03-2016 09:30 AM
LXer: AV-TEST Laboratory Says Free Anti-Virus Apps on Linux Are the Worst LXer Syndicated Linux News 0 10-06-2015 01:41 AM
Anti-virus and malware remover advertising Tomermory LQ Suggestions & Feedback 4 06-28-2007 11:04 AM
Time for Linux users to start using Anti-Virus? pengu Linux - Security 35 08-12-2006 06:32 AM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 02:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 12:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration