LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-24-2006, 06:54 PM   #16
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 1,960

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333

Quote:
Originally Posted by bxb32001
This seems to be the common trend in thinking among *nix users. Let me ask, how about other computer users you interact with? I mean, the infected file may not affect you but what about files that you recieve and pass on to other people.
Many virus attachments are easily identified. Personally, I'd question the technical competence of anyone who forwards attachments without knowing where they're from or who created them.

If an email has an attachment with a 'pif' or 'scr' file extension, you can assume it's safe to delete.

All it takes is a bit of naus.
 
Old 07-24-2006, 08:23 PM   #17
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
There is only 1 or 2 reasons to run a virus scanner on linux, and both have to do with windows. I have clamav running on the mail server at work. That is a good use of it, as there are plenty of viruses that hit it. With the server getting 20,000 emails a day, we have about 20-30 viruses hit us a day. That is rather insignifigant percentage wise, but it does make sense to stop infected emails at the server. You do NOT need clamav to stop email viruses on your linux machine if it isn't a mail server.

Also on a file server, you may want anti-virus, just to be certain that nothing uploaded to it has a windows based virus. Something similiar to the post earlier that mentioned scanning downloads before transfering them to his daughter's computers. If you share files with win machines, it makes sense to scan.

The linux viruses are a joke. Almost all are created by the anti-virus companies, with the hope of convincing the world that linux is at risk, and needs to pay for protection. Specifically, to pay them for protection. The way file permissions are set on linux, you can't hurt the system itself, unless you are one of those fools who run as full time root in a GUI, in which case I hope you reap the results of doing that.

Clamav works great. You don't even need the GUI version of it. you can get it installed in text mode by downloading it from http://clamav.net, and install it according to the directions on the most excellent http://qmailrocks.org website. You set it up in text mode, and have a cron job update it nightly. All you have to change is where it scans.

Peace,
JimBass
 
Old 07-25-2006, 02:58 AM   #18
bxb32001
Member
 
Registered: May 2001
Location: Beijing
Distribution: Fedora, Knoppix
Posts: 204

Rep: Reputation: 30
Quote:
Originally Posted by rkelsen
Many virus attachments are easily identified. Personally, I'd question the technical competence of anyone who forwards attachments without knowing where they're from or who created them.

If an email has an attachment with a 'pif' or 'scr' file extension, you can assume it's safe to delete.

All it takes is a bit of naus.
*Sigh* You have just verified that only technically competent people should be using Linux and that every other average Joe (perhaps 90% of the global population) should just use Windows or OS/X. Not everyone has "naus". Stop the ego trip, please!

Also, I was not talking about such things as simple as e-mails with dubious attachments. I meant to talk about infected files that aren't dubious at all (granted, those are rare nowadays). I've been in numerous situations where I could have given someone an infected file without my knowing it. Fortunately, I had not. Everytime one interacts with Windows users, I think it's a good idea to be able to check the files that are used between oneself and them.
 
Old 07-25-2006, 03:09 AM   #19
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Just a little addition here.

I run clamav in conjunction with amavis-new and postfix to catch viruses (viri?) as the come in via email. I also run it (via clamscan) on Samba shares/home directories, etc. through cron. I believe it's also possible to tie clamav in with squid to check downloads with the squid_clam_redirector.
 
Old 07-25-2006, 01:01 PM   #20
PingFloyd
Member
 
Registered: Jun 2006
Posts: 94

Rep: Reputation: 16
Quote:
Originally Posted by ethics
Yeah, when you pass on that pwnzj00comp_winME.exe.scr to your grandma, think twice.

Seriously though, i do agree, in such a digital age people need to be more responsible with data. I mention using PGP etc at work and people look at me like i've got the plague. I gather that some ISPs do scan files these days, which i suppose saves the user the hassle but then what do they do with this information?.

I always make a point of using trusted sources and checking any files i send
I gotta agree with this to some extent. It's a bit of delimma though. On one hand one doesn't want to be responsible for others to possibly suffer grief (windows users) when they have within their power to help prevent it (eg. keeping clamav on their system for protection of windows machine that they may share data with). However, the other side of that is the question of if one is being an enabler to there being a sucker born every minute to Bill's scams.

It's kind of a situation where, in this particular case, viruses are someone else's problem. Is it the linux user's responsibility to get involved and take responsibility for what another user should? That's like being their parent. The result is they never learn. Why should someone else be someone else's parent to begin with? First, what gives them the right? Second, why should one put effort into being part and supporting a system that they know is flawed in the first place? As an analogy, should I pay say a compulsive gambler's debts thereby helping the system that profits off of their vulnerability, while at the same time, helps the gambler to keep on going on the same dead end route.

I think the better approach is to let the naive learn from their own mistakes, but always present them with the information that there is better alternatives and options. It is up to naive what path they want to take and whether they want to listen to such helpful advice. So it's my philosophy that I will put in the energay to share the information that could help them if they're willing to put in the energy to listen, keep and open mind, or at the very least, just give what I am telling them some consideration. Also, if they have a respectful attitude, I'm very likely to go out of my way to help where ever I can (eg. Help them in some manner when they get stuck with some sort of issue or problem. Be it share information or showing how to do things if needed.).

Prime example is how, the poster this reply is in reference to, put forth the time an energy to present the importance of things such as PGP. Yet his collegues wouldn't give him the time of day or even the basic courtesy of giving any consideration to what he was expressing. Why shouldn't a person let someone else's rudeness and ignorance come back to bite them in the ass? That's the only way some people seem to ever wake up.

In the long run, does it really do anyone a service to help them continue on a less than ideal course? It certainly does nothing for the helper, and it only helps to propogate the root of a problem.

Anyway, that's my opinionated philosophy on this topic. It may sound harsh, but the reality is that I tend to be an enabler sometimes just because sometimes I am too soft. So much of what I am talking about is ideals.
 
Old 07-25-2006, 07:41 PM   #21
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 1,960

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
Quote:
Originally Posted by bxb32001
*Sigh* You have just verified that only technically competent people should be using Linux and that every other average Joe (perhaps 90% of the global population) should just use Windows or OS/X.
No. I'm not saying that at all.

Where I live, naus means common sense. Common sense is not the same as technical competence.
 
Old 07-25-2006, 11:28 PM   #22
bxb32001
Member
 
Registered: May 2001
Location: Beijing
Distribution: Fedora, Knoppix
Posts: 204

Rep: Reputation: 30
Quote:
Originally Posted by rkelsen
No. I'm not saying that at all.

Where I live, naus means common sense. Common sense is not the same as technical competence.
I was replying more to your post as a whole; your first paragraph, particularly, which seemed insulting and condescending.

Anyway, enough of this, I get what you mean and I hope you do mine. Bygones...
 
Old 07-30-2006, 05:34 AM   #23
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Quote:
Originally Posted by rkelsen
Where I live, naus means common sense. Common sense is not the same as technical competence.
Everywhere I've lived, admittedly not Melbourn, "naus" means "pertaining to ships". The word for "common sence" is usually "nous". So, perhaps you meant, windows is appropriate for the Navy? (popup dialog: do you really want to launch nuclear missiles? 3 buttons: yes, no, cancel.)

...but you also said:
Quote:
Personally, I'd question the technical competence of anyone who forwards attachments without knowing where they're from or who created them.
Hence bxb32001's reply.

On the general tenor of the thread: virus scanners are most useful for protecting non-'nix users. Though there exist many virii for linux, as well as hybrids which can cross infect, these are mostly academic - created to demostrate some archane point of computer theory - rather than a serious threat. Even if you are not running a mail server, it is probably polite to run packages through a scanner if you intend to pass them to a windows user.

Linux users need to guard against social engineering as a path for inserting malware. Especially with the rise of managed repositories ... yum and apt etc. Already there are many third party sites: "add this line to your repos.d/sources.lst to improve performance". Or "use our improved updates engine".

It is a matter of time before this bahavior starts to be exploited. The package managers run as root after all.
 
Old 07-30-2006, 08:21 AM   #24
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 1,960

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
Quote:
Originally Posted by Simon Bridge
Everywhere I've lived, admittedly not Melbourn, "naus" means "pertaining to ships". The word for "common sence" is usually "nous". So, perhaps you meant, windows is appropriate for the Navy?
OK, smarty dacks. I misspelt it. Build a bridge.

And, for the record, it's Melbourne. I find it funny that someone can make a spelling error while correcting someone else's.
Quote:
Originally Posted by Simon Bridge
...but you also said
Yes, I know. That is what I said first. I then clarified my meaning, which was accepted by bxb32001. He accepted it. Don't try to stir up trouble where there is none.
Quote:
Originally Posted by Simon Bridge
Linux users need to guard against social engineering as a path for inserting malware. Especially with the rise of managed repositories ... yum and apt etc. Already there are many third party sites: "add this line to your repos.d/sources.lst to improve performance". Or "use our improved updates engine".

It is a matter of time before this bahavior starts to be exploited. The package managers run as root after all.
You may be right, but I seem to recall that there was an issue with a compromised Debian repository a few years back. It made headlines on all the Linux news sites. Due to the fact that the community was so quick to respond, I'd be amazed if anyone suffered any damage as a result of the incident.

I think that the nature of Linux and it's community renders your concerns unfounded.
 
Old 07-31-2006, 03:05 AM   #25
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Quote:
Originally Posted by rkelsen
OK, smarty dacks. I misspelt it. Build a bridge.

And, for the record, it's Melbourne. I find it funny that someone can make a spelling error while correcting someone else's.
Me two
Quote:
Yes, I know. That is what I said first. I then clarified my meaning, which was accepted by bxb32001. He accepted it. Don't try to stir up trouble where there is none.
Actually, it is only an accident that his post came before mine. This can happen... and no harm done.

Concerning reasons for anti-virus stuff:
Quote:
You may be right, but I seem to recall that there was an issue with a compromised Debian repository a few years back. It made headlines on all the Linux news sites. Due to the fact that the community was so quick to respond, I'd be amazed if anyone suffered any damage as a result of the incident.

I think that the nature of Linux and it's community renders your concerns unfounded.
As of yet ... my concerns involving non-'nix users are not adressed in the example.

My concerns involving 'nix users involved the increased use of unnofficial third party repos and widespread 'nix use.

In these very forums we have witnessed social engeneering attacks ... as simple as a script which the user is encouraged to download and run as root... containing the instruction to delete the entire file tree and redirect output to the bit-bucket. This user suffered total damage in this attack.

Which kinda illustrates my point. The main defence in linux is the need for root access for decent damage. Users could be social engeneered to allow this ... any situation in which users get used to installing (or running installers) as root has potential to be used in this kind of atack. It is also not really something that anti-virus scanners can help with.

Imagine a world where linux is half as used as winows is now, and by the same type of user? Do you really think that folk won't find ways to exploit this?

It's a case of wait and see though - maybe the open-source-effect will work so that linux users will never be as naive as their windows counterparts... maybe.
 
Old 07-31-2006, 03:30 AM   #26
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally Posted by Simon Bridge
Imagine a world where linux is half as used as winows is now, and by the same type of user? Do you really think that folk won't find ways to exploit this?

It's a case of wait and see though - maybe the open-source-effect will work so that linux users will never be as naive as their windows counterparts... maybe.
Which also quite clearly means that the usage of sudo as you
find it in Ubuntu by default should be banished, and its makers
should be deep-fried in boiling oil?


Cheers,
Tink
 
Old 07-31-2006, 04:09 AM   #27
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Better make that olive oil tinkster - don't want them getting high cholesterol
 
Old 08-01-2006, 04:32 AM   #28
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Quote:
Which also quite clearly means that the usage of sudo as you
find it in Ubuntu by default should be banished, and its makers
should be deep-fried in boiling oil?
This is something I have had many arguments about. In principle, a well run machine is more secure with root enabled and sudo deactivated. However, research suggests, a regular user will be more secure with root disabled and sudo enabled for the first user only. Enabling root and sudo is probably a Bad Thing - but I have no data on that.
 
Old 08-12-2006, 12:50 AM   #29
PingFloyd
Member
 
Registered: Jun 2006
Posts: 94

Rep: Reputation: 16
What I'm curious about is what would happen if say someone booted a Linux machine off of a floppy that contained a boot-sector virus.

My guess is that perhaps a Windows installation that was on the system for dual-boot might be affected, but that Linux might not boot or Lilo or Grub might get confused or complain or something. Or would Lilo and Grub most likely boot and everything would go on peachy except with there being boot-sector virus code appended to the MBR that does absolutely nothing to Linux but occupy vacant space. Am I anywhere near correct in this assumption?

One of the reasons I'm asking is because I accidentally booted off a diskette that I'm not completely sure it's viral free since it's from my old system that would often get viral infections thanks my girl friend lol. I know it sound pretty stupid, but I was transfering some files and had forgotten about it in the drive.

Also, to remove such a virus would someone be best off to overwrite the MBR via "dd" and giving the proper parameters so that it overwrites the entire length of the boot sector (I forget how many sectors or blocks it is) without stepping beyond (what would the options and arguements to pass be?), and then say reinstall lilo or grub again to make the system bootable?
 
Old 08-13-2006, 04:14 AM   #30
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 1,960

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
Quote:
Originally Posted by PingFloyd
My guess is that perhaps a Windows installation that was on the system for dual-boot might be affected, but that Linux might not boot or Lilo or Grub might get confused or complain or something. Or would Lilo and Grub most likely boot and everything would go on peachy except with there being boot-sector virus code appended to the MBR that does absolutely nothing to Linux but occupy vacant space. Am I anywhere near correct in this assumption?
A quick Google(tm) yielded this:

http://ingles.homeunix.org/presos/li.../security.html

"There is one type of virus that can infect a Linux system - a boot-sector virus. This kind of virus does not use an operating system at all, but instead runs using the BIOS. When the boot-sector virus runs, Linux isn't even running yet, so it can't intercept it. However, no known boot-sector virus is written to work with Linux, and so as soon the machine is infected with such a virus, it probably won't boot. At this point, all you need to do is boot from a Linux floppy and erase the virus."
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Antivirus survey: Do you run an antivirus program on linux? atom Linux - General 29 09-03-2009 04:22 PM
Antivirus for Lunix similar Norton Antivirus for Windows Chivozertsev Linux - Software 1 03-31-2005 08:56 AM
What's the #1 AntiVirus for Linux? WarlockofVirgo Linux - Security 9 11-06-2004 01:46 PM
Linux Antivirus rudy152 Linux - Software 9 08-03-2004 09:48 PM
antivirus for linux yenonn Linux - Newbie 6 03-11-2003 09:16 AM


All times are GMT -5. The time now is 03:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration