antivirus install or no?
i've been doing alot of reading about viruses in linux. I've read some people saying that linux doesn't get virses and others saying that it can. I am just wanting some general input what you regular users are doing for security.
I notice that most of the programs that come up under antivirus are mainly for mail scanning. should install an antivrius program or even a firewall other than the one RedHat 9 comes with? /Jason |
For most linux users AV products are snake oil
unless you spend all your time as root (Bad! NO! *Whack w/ 2x4*) or you are acting as a screen for windows clients. Under linux you can only write to a file you have permissions for so if you run an infected program you can only infect files that you own. Most people don't actually own the programs they run they are owned by root and hence are safe from virii. I think a better option is to run a program like trip wire. |
so will this proggy check for virii, or will just show which files have been changed since a certain time. It says it checks integrity, so i am wondering what it acutally does.
/Jason |
Yes that's what tripwire does.
Since privilege separation is more complete under linux (see a paper on the shatter attack) there is less danger to most linux systems from email, malicious web attacks and from the most of the security problems that haunt Windows. However there is still a risk of attack. AIDES and tripwire help in intrusion detection by checking if the configuration files and executables on your computer have be changed. Tripwire "walks" down directories specified in its config and compares them to previously recorded walks. It does this by taking an MD5 sum for each file at install and using that virgin database for comparisons. Most of the "real" antivirus software for linux is so linux mail server don't pass on infected email messages to vulnerable windows clients. |
aww ic ic , makes sense then, i am gonna try to get this tripwire running then, hope it works for RH9.1!
thanks for your insight /Jason |
Tripwire is good, but I think they went commercial
try AIDES I believe it's GPL and freely distributed. |
Most of the "real" antivirus software for linux is so linux mail server don't pass on infected email messages to vulnerable windows clients.
(...) As for the "virus" thingie I wish we as a Linux community try to "convert" people away from the typical perception of "viruses" and direct them towards what is important wrt Linux: user/filesystem permissions, b0rken/suid/sgid software, worms, trojans and rootkits. (...) (For more see the LQ FAQ: Security references, post #3, "Intrusion detection etc" under "Viruses on Linux/GNU, Antivirus software") |
Right on. That's why I refer to AV software as
snake oil. People have been made aware of virii and so it is in their mind as something to worry about. |
How does Tripwire/AIDES protect its own data? I made a list of md5sums of some key apps and files using, well, md5sum, and saved it to a floppy. Any data on a network-exposed harddrive is vulnerable to compromise. If your virgin database gets deflowered, comparisons against it don't do much good. So if it doesn't save that (and itself) to a floppy, I wouldn't put too much trust in it. Then again, I'm pretty clueless when it comes to networking and security.
|
How does Tripwire/AIDES protect its own data? I made a list of md5sums of some key apps and files using, well, md5sum, and saved it to a floppy.
It's exactly what I've always been promoting. Always save the binary and a copy of the databases to read-only media. |
If you read about tripwire or AIDES they recommend you
run it and save the db to a read only media like a CD-R or floppy (make sure to open the little window afterwards) all before you connect to any kind of network. Computers are often attacked within minutes of connecting to the Internet. |
Quote:
Belt and braces and all that. |
All times are GMT -5. The time now is 10:31 AM. |