Anti-Virus

cactusface · 07-16-2007, 01:39 AM

I have a friend who likes the idea of Linux, but is almost petrified by the idea of a virus attact,loosing all his info/data or crashing the system. (He's the same with his current windows setup?? and uses AV, spyware, anti hacking, etc)

I don't think its a problem... Any ideas or help?? any Good Anti-virus programs for linux?

Regards

Mel.

AceofSpades19 · 07-16-2007, 01:44 AM

I don't know of anybody actually getting a linux virus but theres ClamAV, you can also get AVG and Avast for linux

St.Jimmy · 07-16-2007, 02:01 AM

Linux viruses, classically, are
few and far between
slow to propogate
and easy to kill.
Just don't run as root most of the time, and boot to knoppix and run chrootkit every once in a while.

btmiller · 07-16-2007, 02:07 AM

Also, make back-ups regularly, either to another machine over the network or to CDs/DVDs (preferably both). Viruses/hackers aren't the only things that can destroy data ... hard drives do fail on occasion.

JamesHall · 07-16-2007, 10:00 AM

All of the above advice is very sound. Good security practice is the same regardless of which OS you're using, and there are some very good Linux AV products out there. Personally I've been using F-Prot for Linux for quite a while now:

http://www.f-prot.com/products/home_use/linux/

Free to download, but I strongly recommend you read the documentation under the 'Documentation for F-PROT Antivirus for Linux Workstations' link near the top of the page to make sure you have a nice easy install experience.

If your friend is that concerned about security, Linux is actually a great choice for him. As well as the lower risk of malware infection, Linux gives you much more control and transparency with regard to your system so you can actually see much more of what's going on 'under the hood' than you can with Windows.

I made the switch to Linux two years ago and I've never looked back - if you can get your friend over the first hurdle I'm sure he'll wish he'd done it years ago too. Good luck!

jakykong · 07-16-2007, 03:37 PM

Probably not the most sound advice, but personally, I've been running linux for several years and haven't ever seen anyone getting a virus (on a linux box).
I still keep clamAV around, and scan annually, but even so, neither have I ever been infected.

IMO, virus scanners in linux seem much more targetted at preventing propagation to windows computers than at cleaning up infections within linux.

You can reassure your friend that he's much more likely to lose data from hardware failures than from malicious software.

Mustafa^Qasim · 07-16-2007, 03:47 PM

Well! Linux box itself didn't need any antivirus. If you just keep your kernel patches update, not use root then you are completely free of virus. Antivirus on Linux are used just

a) your Linux box is a file server for Windows machine, so if someone put infected data on ur box then it will not infect ur LInux box but if someone else windows user copy that data then it can spread the virus.. so on Linux file server we use to clean infected files coming frm windows users to avoid the propagation of virus.

b)If you machine is a mail server of router then u can put an antivirus to scan the traffic to avoid virus propagation in ur network.

otherwise on a workstation i never heard of a virus attack.

Just put a well developing linux distro n keep its update and get relaxed..

jakykong · 07-16-2007, 04:39 PM

Quote:

Originally Posted by Mustafa^Qasim

Well! Linux box itself didn't need any antivirus. If you just keep your kernel patches update, not use root then you are completely free of virus. Antivirus on Linux are used just

Quote:

Originally Posted by Mustafa^Qasim

Just put a well developing linux distro n keep its update and get relaxed..

Be careful.

Linux, like any other piece of software, is susceptible to bugs. They aren't always obvious, even to the programmer. With bugs comes the possibility of viruses. Networked computers are inherently insecure; we can help, but there's no way to plug every hole.

Granted, Linux is far less susceptible to such bugs due to it's development model. To date, I haven't heard of any viruses on linux. But, there is no theoretical reason that a virus couldn't be WRITTEN for linux, sometime in the future.

To have confidence in your safety is good (without it, you'd probably become paranoid). To have so much confidence that you ignore everything is dangerous.

New2Linux2 · 07-16-2007, 06:58 PM

Article published on 5/22/2000 (a bit out of date, but applicable to the subject at hand) by Gene Spafford has this to say:

Quote:

Analyze statistics from anti-virus researchers, companies, and on-line documents. You will find that there are currently about 60,000 recognized computer viruses (not worms, such as Melissa or ILOVEYOU, but traditional viruses). Of these (as of this week):

* slightly less than 52,000 are viruses for DOS/Window/NT platforms
o about 6000 of these are Word macro viruses
o about 150-200 of these are known to be widespread "in the wild"
o in 1999, approximately 650 new viruses were reported each month (more than 20 a day)
* 680 are for the Amiga
* A few hundred are for Javascript, Hypercard, Perl, and other scripting languages. Few of these can spread beyond a few machines without active support of the users
* 150 are for the Atari
* 31 are native to the Macintosh, and only two of them are known to exist anymore
* 2 or 3 are viruses native to OS/2
* About 5 are for Linux/Unix/etc, but none have been found in quantity "in the wild", nor would they be likely to spread very far if they were "loose"
* None are for BeOS, ErOS, or other small-population systems.

So, over 85% of all the known viruses are for Microsoft platforms (nearly all the self-propagating worms are as well). The rate of new reports -- especially for macro viruses -- means that pattern-based virus detectors can never be up-to-date and provide 100% protection. (Note: I'm not trying to draw grand conclusions here about the reasons for this skew, but simply point out where the overwhelming threat is.) Fast-spreading, self-propagating worms using Outlook move so quickly that they are likely to be upon us before an anti-virus vendor can even get a copy to analyze.

So 7 years ago, the odds of you getting a virus in linux were only one in twelve thousand and none of them were capable of doing any serious damage unless the user was logged in as root when the system was infected. I have not yet seen an updated set of numbers on this subject.

St.Jimmy · 07-16-2007, 08:59 PM

http://en.wikipedia.org/wiki/List_of...uses_and_worms

The fact that the article is marked as a stub should give you ease.

jakykong · 07-16-2007, 10:54 PM

Quote:

Originally Posted by St.Jimmy

http://en.wikipedia.org/wiki/List_of...uses_and_worms

The fact that the article is marked as a stub should give you ease.

I don't know about you, but if I were still new to linux and I were worried about viruses, my post being a 'stub' would worry me: nobody's paying attention to my problem

Quote:

Originally Posted by New2Linux2

So, 7 years ago, the odds of you getting a virus in linux were only one in twelve thousand and none of thm were capable of doing any serious damage unless the user was logged in as root when the system was infected. I have not yet seen an updated set of numbers on this subject.

I haven't seen any updated statistics either. It does seem to fit that very few trojan horse or script-based viruses would get spread around: most people use a distribution like debian or mandrake, where all the packages come from a central repository. Since that repository is typically 90% or more open-source, trojan horses wouldn't likely be posted.

However, other viruses seem reasonable. For example, I would say most web servers today are run with Apache or Tomcat (I don't hear about windows servers much any more, but I don't have statistics to back me), if someone were to write a virus that attacked the apache web server, it could do some significant damage.
Likely, a patch would be out in no time to solve the problem. However, it doesn't usually take very long for a well-written virus to do it's job. That is, however, exactly why a virus scanner for linux wouldn't be very effective (that doesn't mean don't get one. This is my opinion, not a professional statement or fact). There aren't enough 'stable' bugs to exploit. So, a virus has to do it's job quickly before a patch gets out to fix the bug it exploits.

I find the discussion interesting. I'd like to hear some more different opinions about viruses in linux.

mcmillan · 07-17-2007, 05:25 PM

I agree with what people have been saying, but this statement bugged me for it's wrongness of statistics

Quote:

So 7 years ago, the odds of you getting a virus in linux were only one in twelve thousand

That's not the correct way to figure out the chances of getting a virus. That's the chance that a randomly chosen virus would be able to infect a linux system. I'm having trouble seeing a good way to actually quantitatively define the probability of getting a virus, but it would be more like seeing how much time is spent with a linux system uninfected versus an infected system. Whatever that probability is, it's probably even less than the 1 in 12 figure you gave.

jakykong · 07-17-2007, 05:48 PM

Quote:

Originally Posted by mcmillan

I agree with what people have been saying, but this statement bugged me for it's wrongness of statistics

That's not the correct way to figure out the chances of getting a virus. That's the chance that a randomly chosen virus would be able to infect a linux system. I'm having trouble seeing a good way to actually quantitatively define the probability of getting a virus, but it would be more like seeing how much time is spent with a linux system uninfected versus an infected system. Whatever that probability is, it's probably even less than the 1 in 12 figure you gave.

Better stated, if you come in contact with a virus, there is a 1 in 12,000 chance that that virus is capable of infecting your system (assuming you run linux)