Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
@jpollard
If antiviruses can detect what is already known, that is already A LOT. It doesn't make them useless. I wouldn't see you fighting off KNOWN viruses 'bare-handedly' only because they're known. It's silly, really. Antiviruses are important, whether you like to acknowledge it or not. By that I don't mean to say they're sufficient, obviously.
Actually, useless.
The proper way to fix a system is to fix the vulnerability. After that, the anti-virus is useless.
Using an anti-virus product is admitting you can't fix the vulnerability, AND admitting that your OS vendor can't fix the vulnerability either.
And that starts making one wonder if the vulnerabilities are deliberately put in JUST so more money can be sucked out of your pocket.
Windows has been the ONLY operating system that seems to MANDATE the use of an anti-virus product...
And that starts making one wonder if the vulnerabilities are deliberately put in JUST so more money can be sucked out of your pocket.
If that were true, and it might as well be, that doesn't make antiviruses useless. On the contrary.
We still don't know the context where the OP's server is deployed. But if you're using file sharing or an e-mail server, not using an antivirus is ridiculous. It's just arrogant to state otherwise, given that most end users will use Windows, whether you like it or not.
If that were true, and it might as well be, that doesn't make antiviruses useless. On the contrary.
We still don't know the context where the OP's server is deployed. But if you're using file sharing or an e-mail server, not using an antivirus is ridiculous. It's just arrogant to state otherwise, given that most end users will use Windows, whether you like it or not.
For properly supported operating systems, antivirus is useless.
All it does is raise the cost using vulnerable operating system, and if you have to depend on OTHER operating system to protect that one, you are still expecting things that are useless.
If you are file sharing to Windows, Windows has to check the files before it loads it. How can Windows trust ANYTHING coming into it? Thus again, anti-virus on systems that don't need it is still just wasted effort.
The malware that is unknown to the anti-virus will STILL get through, no matter where the anti-virus product is run.
For properly supported operating systems, antivirus is useless.
All it does is raise the cost using vulnerable operating system, and if you have to depend on OTHER operating system to protect that one, you are still expecting things that are useless.
If you are file sharing to Windows, Windows has to check the files before it loads it. How can Windows trust ANYTHING coming into it? Thus again, anti-virus on systems that don't need it is still just wasted effort.
The malware that is unknown to the anti-virus will STILL get through, no matter where the anti-virus product is run.
Well said!
IMO, anti-virus and many associated terms are a conditioned psychological addicition, not a useful technology.
and if you have to depend on OTHER operating system to protect that one, you are still expecting things that are useless.
You're using a lot of fallacious arguments, which is rather common, I'd say. The point is that one should use an antivirus both on the server side, and on the client side. It's not about depending on other operating systems, as you put it, it is about securing the server in order to limit exposing the workstations. If some malware does eventually reach the workstations, then, as a last resort, their own antiviruses will protect them. But normally that shouldn't be the case - if you're maintaining your server properly. And yes, you're not protecting so much the server itself, if it's linux-based, but the workstations (which are most probably windows based). It's not as if I enjoy having to use antiviruses and so on (I don't use one myself, but I guess that's also because I'm using a mac), I'm just being realistic.
A linux server might easily host viruses that don't affect the server itself, but will affect the computers which make use of that server. It's really rather basic.
And you don't need to repeat for a third time your argument that antiviruses can't protect you against new viruses. I think I've already understood that. It's good taking it into consideration, but it doesn't follow that there's an implicit protection against known viruses that can be offered by other mechanisms than antiviruses. If an antivirus can protect me against ALL KNOWN viruses, then god damn it, that's a useful antivirus.
I think it is possible for anti-virus to be compromised on client-side since it runs on elevated permissions. But I came up with an interesting idea (I think). It's to use a VM with Clamav as a reverse proxy (to act as a filter), and then another VM of OpenBSD between the host and the proxy, that will contain Damn Vulnerable Linux aswell as Malwarebytes in a sandboxed environment, where possible malware will pass through for a second integrity check. The whole point of DVL is to test possible reaction of malware by analyzing heuristics.. I chose DVL because I'll be behind a Linux box, I guess you can use XP if your behind a Windows..
Last edited by linux4evr5581; 10-21-2016 at 05:07 PM.
You're using a lot of fallacious arguments, which is rather common, I'd say. The point is that one should use an antivirus both on the server side, and on the client side. It's not about depending on other operating systems, as you put it, it is about securing the server in order to limit exposing the workstations. If some malware does eventually reach the workstations, then, as a last resort, their own antiviruses will protect them. But normally that shouldn't be the case - if you're maintaining your server properly. And yes, you're not protecting so much the server itself, if it's linux-based, but the workstations (which are most probably windows based). It's not as if I enjoy having to use antiviruses and so on (I don't use one myself, but I guess that's also because I'm using a mac), I'm just being realistic.
It is still just wasting time.
Quote:
A linux server might easily host viruses that don't affect the server itself, but will affect the computers which make use of that server. It's really rather basic.
But still useless as the "computer which make use of that server" must still recheck everything.
Quote:
And you don't need to repeat for a third time your argument that antiviruses can't protect you against new viruses. I think I've already understood that.
Oh good. Since you now acknowledge it is useless.
Quote:
It's good taking it into consideration, but it doesn't follow that there's an implicit protection against known viruses that can be offered by other mechanisms than antiviruses. If an antivirus can protect me against ALL KNOWN viruses, then god damn it, that's a useful antivirus.
It just means your operating system is so poor that it really shouldn't be used. Wasting time looking for viruses (is it up to a million by now?) is a never ending task. It just takes longer and longer...
The only protection against ALL KNOWN viruses is to FIX THE VULNERABILITY. Nothing else.
One last thing: Once the vulnerability is fixed, there is no need to look for viruses using it... Which is why anti-virus products are worthless. All they do is promote NOT FIXING the vulnerability in the first place.
BTW: IBM went through the problem in the 60s. Adding patches to fix the unlerlying OS worked... until the effort of adding a patch to fix one problem uncovered a different one or indroduced a new vulnerability.
When IBM realized this, they then turned their effort of OS370. And relegated OS360 to only running in a VM. Most patching stopped on OS360.
Microsoft COULD have done the same when XP was brought out. Unfortunately, they instead merged all the bugs and insecurity from Window 98 into XP. And STILL had the most insecure system ever.
And did it again with 2000... never fixing the problems. Just adding the past problems to the next release.
Is it any wonder that Windows costs the industry several billion every year?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.