LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-28-2007, 03:02 PM   #1
I'm a newb
LQ Newbie
 
Registered: Jun 2007
Posts: 2

Rep: Reputation: 0
GNU/Linux Antivirus Megathread


MODERATOR EDIT: The welcome message for this megathread is HERE.



im extremely new to linux so bare with me here. i have a feeling that this is going to be a stupid question but im gonna ask anyway. do i need to install any type of anti-virus software? what about software to handle spyware, malware and the like? any suggestions would be appreciated. thanks.

Last edited by win32sux; 10-06-2007 at 09:46 AM. Reason: Added link to welcome message.
 
Old 06-28-2007, 03:16 PM   #2
coolb
Member
 
Registered: Apr 2006
Location: Cape Town, South Africa
Distribution: Gentoo 2006.1(2.6.17-gentoo-r7)
Posts: 222

Rep: Reputation: 30
I wouldn't worry
 
Old 06-28-2007, 03:48 PM   #3
Basslord1124
Member
 
Registered: Jun 2004
Location: Ashland, KY
Distribution: Debian, Mint, Puppy
Posts: 375

Rep: Reputation: 35
There are viruses for Linux but they are kept to lab confinements and are not released in the wild. Overall you should be fine to not run any antivirus/spyware/malware software. One thing you need to understand is that Linux and Windows are 2 entirely different systems so code that was specifically written for Windows will not execute on Linux. Granted there are ways you can make Windows app run on Linux (usually through something called an emulator...WINE is a popular one for Linux) and maybe in that sense you might need that software. But other than that, nope.

Oh, you also don't even need to defrag your hard drive either...Linux plays very nice with hard drives and puts things back where they're supposed to be.
 
1 members found this post helpful.
Old 06-28-2007, 07:39 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Overall you should be fine to not run any antivirus/spyware/malware software.
Anyone whose unsecured and unaudited box got 0wn3d running misconfigured, unmaintained, outdated or otherwise vulnerable software wanna chip in here?..
 
Old 06-28-2007, 07:45 PM   #5
pljvaldez
LQ Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Wheezy (x86)
Posts: 6,094

Rep: Reputation: 272Reputation: 272Reputation: 272
If the machine is ever be in contact with a Windows machine, I would run an anti-virus. Not for your safety, but for theirs since you could be a carrier. You could potentially share a file (via samba, ftp, apache, etc) or email a file that had a windows virus in it. You obviously wouldn't get it, but they would then be infected.

Note: I don't always follow this rule of thumb, but I'm pretty careful about what I send out to my friends and family...

Edit: Oh yeah, if you're on broadband, you should also try to have a hardware firewall/router (like a Linksys WRT54G, etc) between you and the broadband connection. It helps cut down attacks on your actual machine since the firewall is what is exposed to the net.

Last edited by pljvaldez; 06-28-2007 at 07:47 PM.
 
1 members found this post helpful.
Old 06-28-2007, 08:32 PM   #6
dive
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Slackware
Posts: 3,391

Rep: Reputation: Disabled
Also check which services you have running that you don't use/need - e.g. sshd, httpd etc. And I second the firewall.
 
1 members found this post helpful.
Old 06-28-2007, 08:33 PM   #7
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177
Let me see if I can dispel some of the profitable-myths about "viruses."

The very word, virus, is a marvelous invention of a marketing department. It implies that these vermin, which I choose to call rogue programs, are somehow "biological." They are not.

There is nothing that we humans can do about the viruses that are on this planet, except to maintain strong immuould not have called for it.ne-systems. An entire industry has developed around the very-appealing notion that the same "prudent" reasoning ought to apply to computers. But this argument is false.

Here's what you need to bear in mind....

You cannot keep a "rogue program" from attempting to attack your system... There are simply too many ways for a program to find itself "executing on your machine." That's unrealistic, more or less, depending on what you do.

...But you can keep such a "rogue" from being able to do anything harmful! The things that a "rogue" wants to do are not things that "ordinary mortals" on a well-run computer would ever be able to do. Rogues need to find themselves running as all-powerful users on the machine. And, unfortunately, better than 95% of the Windows machines on the Internet are used by all-powerful Administrator users who have no passwords; no protection at all.

On Unix and OS/X systems, the default user is not "all-powerful", and the much-advertised "virus resistance" of those systems basically derives entirely from this. Yet it is a very powerful protective spell: if a program tries to do something, and it is told by the operating system, "the answer is 'no', and oh by the way, you are now dead..." well, that's that. Game over.

On all types of systems, Windows certainly included, you should do everything that you do from a "perfectly ordinary, absolutely un-privileged, Joe Blow account." It should have access to your files, and nothing more.

You've got a backup system ... use it! Well, Linux does not necessarily have one by default, but they're very easy to come by. A backup-system can copy your recently-modified files to a separate location that you cannot directly get to. (Hence, a "rogue" that would attack those files cannot do so either.)

Get rid of the anti-virus software. It can be extremely hard to do, but it can be done. AV software is unfortunately highly privileged, highly pervasive, and therefore usually the most frequent successful target, above all, to a successful virus-attack.
 
2 members found this post helpful.
Old 06-29-2007, 12:17 PM   #8
coolb
Member
 
Registered: Apr 2006
Location: Cape Town, South Africa
Distribution: Gentoo 2006.1(2.6.17-gentoo-r7)
Posts: 222

Rep: Reputation: 30
Quote:
Originally Posted by unSpawn
Anyone whose unsecured and unaudited box got 0wn3d running misconfigured, unmaintained, outdated or otherwise vulnerable software wanna chip in here?..
keeping software updated/maintained/correctly configured is not the job of any anti-virus software. You should know that, heh
 
Old 06-29-2007, 03:59 PM   #9
Basslord1124
Member
 
Registered: Jun 2004
Location: Ashland, KY
Distribution: Debian, Mint, Puppy
Posts: 375

Rep: Reputation: 35
Quote:
Originally Posted by coolb
keeping software updated/maintained/correctly configured is not the job of any anti-virus software. You should know that, heh
Agreed. Only if you have a Linux server serving Windows clients OR happen to be running Wine would I recommend some sort AV/spyware protection software. And as long as this person is behind a router they shouldn't need an additional software firewall. They could install one though for extra protection if they wanted...which honestly extra protection never hurts.
 
Old 06-30-2007, 03:17 AM   #10
I'm a newb
LQ Newbie
 
Registered: Jun 2007
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks for the input, guys. And thanks to sundialsvcs. Everyone keeps telling me that viruses aren't a problem with Linux, but I could'nt figure out why until I read your post. I'm just getting familiar with the whole User/Superuser enviroment, but I can see now why it's such an issue with Windows. Let me fill you in on something though, just as an fyi. I'm in the medical field, so I can tell you that real world viruses act very much like computer viruses. They simply attach themselves to a host cell, wait for that cell to become active, and then replicate and spread! Pretty nasty, huh? Anyway, computer viruses do the same thing, at least as far as I understand. I thought thats why they named them viruses. To bad theres no superdrug that would give us humans the equivalent protection that Linux provides for computers. Now that would be a hell of a contrast.
 
Old 06-30-2007, 04:17 AM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by coolb
keeping software updated/maintained/correctly configured is not the job of any anti-virus software. You should know that, heh
What I'm saying is what I've been saying for the past years: don't narrow your scope to solely AV and "viruses": thinking about viruses is related to other platforms. GNU/Linux has it's own set of troublemakers we should educate users about those. The part you chose to quote is all about that. The chance a fresh GNU/Linux user gets bitten by any of those is unfortunately a realistic one.
 
Old 09-15-2007, 07:54 AM   #12
kstan
Member
 
Registered: Sep 2004
Location: Malaysia, Johor
Distribution: Dual boot MacOS X/Ubuntu 9.10
Posts: 851

Rep: Reputation: 31
What happend if somebody want to write virus for Linux

Hi all,

Since Linux become more popular (for server and client), it is possible some hacker want to write virus to Linux/*nix OSes. So I would like to propose a topic what threat can be done to write a Linux viruses/worms.

1st of all, we review some current treats(Which already have counter measures).

1. Modify some common application source code (like ls or apache2), let people download the rpm/deb file. When user want to install it, the virus/back door can plant into their system.


2. Phishing, email some program to users, inside the email show step-by-step to install the particular virus into users computer.

Both attack can be avoid via some good IT practices, however it can compromise Linux/Unix system as well if particular administrator don't aware it.

What else others people opinion?

Regards,
Ks
 
Old 09-15-2007, 07:58 AM   #13
oskar
Senior Member
 
Registered: Feb 2006
Location: Austria
Distribution: Ubuntu 12.10
Posts: 1,142

Rep: Reputation: 49
You can always sneak a trojan in. For example in games like Nexuiz. I downloaded it because the version in the repos was already a couple of months old. I didn't test it. I think things will get considerably harder once app-armor becomes the standard for desktop linux pc's
 
Old 09-15-2007, 10:08 AM   #14
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
I'm not sure what you are asking. There's no technical reason why someone wouldn't be able to write a GNU/Linux virus (or one for any other generic OS). We've actually seen some already in the past. It's not something surprising or anything like that IMHO. There have been some misguided GNU/Linux fanboys that believe (and spread the misconception) that GNU/Linux is virus-proof.

Personally, I use a virus scanner (ClamAV) on almost anything I download, and I do my best to only install/execute programs from trusted sources (preferably digitally signed). Pretty basic techniques, but very effective. If you get yourself in the habit of taking similar precautions, your chances of avoiding a virus infection will be high, both now and in the future. Of course, nothing is foolproof, and no malware scanner is a replacement for common sense.

On servers I'd worry much more about worms than viruses, as there really isn't any reason why one should be downloading and executing rubbish on a server like most people do on desktops. Really, you've got much bigger problems to worry about than viruses (rootkits, trojans, remote exploits, worms, DoS, etc.).

Last edited by win32sux; 09-15-2007 at 10:23 AM.
 
1 members found this post helpful.
Old 09-15-2007, 09:12 PM   #15
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430

Rep: Reputation: 67
Quote:
Originally Posted by oskar View Post
You can always sneak a trojan in. For example in games like Nexuiz. I downloaded it because the version in the repos was already a couple of months old. I didn't test it. I think things will get considerably harder once app-armor becomes the standard for desktop linux pc's
App-armor is a SUSE thing... most systems are starting to implement SELinux policies to secure the system. SELinux will do a alot better job then App-armor. App-armor is a basic implementation of ALSR plus a few other security systems. To run a more secure linux distro look into hardened gentoo using SELinux or GrSecurity and feature like PIC PIE and SSP.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: GNU/Linux and freedom: non-free software hidden in your GNU/Linux distribution LXer Syndicated Linux News 0 04-03-2010 12:21 AM
Antivirus survey: Do you run an antivirus program on linux? atom Linux - General 29 09-03-2009 04:22 PM
2008 US General Election Megathread XavierP General 205 11-07-2008 01:37 PM
Ubuntu - ALL FINE NOW! - Megathread FreeDoughnut Ubuntu 41 07-24-2006 09:53 AM
Antivirus for Lunix similar Norton Antivirus for Windows Chivozertsev Linux - Software 1 03-31-2005 08:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration