LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-21-2016, 01:42 PM   #16
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,898

Rep: Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506

Quote:
Originally Posted by vincix View Post
Do you mean to say "relying"?

@jpollard
If antiviruses can detect what is already known, that is already A LOT. It doesn't make them useless. I wouldn't see you fighting off KNOWN viruses 'bare-handedly' only because they're known. It's silly, really. Antiviruses are important, whether you like to acknowledge it or not. By that I don't mean to say they're sufficient, obviously.
Actually, useless.

The proper way to fix a system is to fix the vulnerability. After that, the anti-virus is useless.

Using an anti-virus product is admitting you can't fix the vulnerability, AND admitting that your OS vendor can't fix the vulnerability either.

And that starts making one wonder if the vulnerabilities are deliberately put in JUST so more money can be sucked out of your pocket.

Windows has been the ONLY operating system that seems to MANDATE the use of an anti-virus product...
 
Old 10-21-2016, 03:28 PM   #17
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,181

Rep: Reputation: 90
Quote:
Originally Posted by jpollard View Post
And that starts making one wonder if the vulnerabilities are deliberately put in JUST so more money can be sucked out of your pocket.
If that were true, and it might as well be, that doesn't make antiviruses useless. On the contrary.
We still don't know the context where the OP's server is deployed. But if you're using file sharing or an e-mail server, not using an antivirus is ridiculous. It's just arrogant to state otherwise, given that most end users will use Windows, whether you like it or not.
 
Old 10-21-2016, 03:40 PM   #18
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,898

Rep: Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506
Quote:
Originally Posted by vincix View Post
If that were true, and it might as well be, that doesn't make antiviruses useless. On the contrary.
We still don't know the context where the OP's server is deployed. But if you're using file sharing or an e-mail server, not using an antivirus is ridiculous. It's just arrogant to state otherwise, given that most end users will use Windows, whether you like it or not.
For properly supported operating systems, antivirus is useless.

All it does is raise the cost using vulnerable operating system, and if you have to depend on OTHER operating system to protect that one, you are still expecting things that are useless.

If you are file sharing to Windows, Windows has to check the files before it loads it. How can Windows trust ANYTHING coming into it? Thus again, anti-virus on systems that don't need it is still just wasted effort.

The malware that is unknown to the anti-virus will STILL get through, no matter where the anti-virus product is run.
 
1 members found this post helpful.
Old 10-21-2016, 03:49 PM   #19
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_12{.0|.1}
Posts: 5,584
Blog Entries: 11

Rep: Reputation: 3606Reputation: 3606Reputation: 3606Reputation: 3606Reputation: 3606Reputation: 3606Reputation: 3606Reputation: 3606Reputation: 3606Reputation: 3606Reputation: 3606
Quote:
Originally Posted by jpollard View Post
For properly supported operating systems, antivirus is useless.

All it does is raise the cost using vulnerable operating system, and if you have to depend on OTHER operating system to protect that one, you are still expecting things that are useless.

If you are file sharing to Windows, Windows has to check the files before it loads it. How can Windows trust ANYTHING coming into it? Thus again, anti-virus on systems that don't need it is still just wasted effort.

The malware that is unknown to the anti-virus will STILL get through, no matter where the anti-virus product is run.
Well said!

IMO, anti-virus and many associated terms are a conditioned psychological addicition, not a useful technology.
 
Old 10-21-2016, 04:10 PM   #20
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,181

Rep: Reputation: 90
Quote:
Originally Posted by jpollard View Post
and if you have to depend on OTHER operating system to protect that one, you are still expecting things that are useless.
You're using a lot of fallacious arguments, which is rather common, I'd say. The point is that one should use an antivirus both on the server side, and on the client side. It's not about depending on other operating systems, as you put it, it is about securing the server in order to limit exposing the workstations. If some malware does eventually reach the workstations, then, as a last resort, their own antiviruses will protect them. But normally that shouldn't be the case - if you're maintaining your server properly. And yes, you're not protecting so much the server itself, if it's linux-based, but the workstations (which are most probably windows based). It's not as if I enjoy having to use antiviruses and so on (I don't use one myself, but I guess that's also because I'm using a mac), I'm just being realistic.

A linux server might easily host viruses that don't affect the server itself, but will affect the computers which make use of that server. It's really rather basic.

And you don't need to repeat for a third time your argument that antiviruses can't protect you against new viruses. I think I've already understood that. It's good taking it into consideration, but it doesn't follow that there's an implicit protection against known viruses that can be offered by other mechanisms than antiviruses. If an antivirus can protect me against ALL KNOWN viruses, then god damn it, that's a useful antivirus.

Last edited by vincix; 10-21-2016 at 04:12 PM.
 
Old 10-21-2016, 04:54 PM   #21
linux4evr5581
Member
 
Registered: Sep 2016
Location: USA
Posts: 275

Rep: Reputation: Disabled
I think it is possible for anti-virus to be compromised on client-side since it runs on elevated permissions. But I came up with an interesting idea (I think). It's to use a VM with Clamav as a reverse proxy (to act as a filter), and then another VM of OpenBSD between the host and the proxy, that will contain Damn Vulnerable Linux aswell as Malwarebytes in a sandboxed environment, where possible malware will pass through for a second integrity check. The whole point of DVL is to test possible reaction of malware by analyzing heuristics.. I chose DVL because I'll be behind a Linux box, I guess you can use XP if your behind a Windows..

Last edited by linux4evr5581; 10-21-2016 at 05:07 PM.
 
Old 10-21-2016, 05:13 PM   #22
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,898

Rep: Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506Reputation: 1506
Quote:
Originally Posted by vincix View Post
You're using a lot of fallacious arguments, which is rather common, I'd say. The point is that one should use an antivirus both on the server side, and on the client side. It's not about depending on other operating systems, as you put it, it is about securing the server in order to limit exposing the workstations. If some malware does eventually reach the workstations, then, as a last resort, their own antiviruses will protect them. But normally that shouldn't be the case - if you're maintaining your server properly. And yes, you're not protecting so much the server itself, if it's linux-based, but the workstations (which are most probably windows based). It's not as if I enjoy having to use antiviruses and so on (I don't use one myself, but I guess that's also because I'm using a mac), I'm just being realistic.
It is still just wasting time.
Quote:

A linux server might easily host viruses that don't affect the server itself, but will affect the computers which make use of that server. It's really rather basic.
But still useless as the "computer which make use of that server" must still recheck everything.
Quote:

And you don't need to repeat for a third time your argument that antiviruses can't protect you against new viruses. I think I've already understood that.
Oh good. Since you now acknowledge it is useless.
Quote:
It's good taking it into consideration, but it doesn't follow that there's an implicit protection against known viruses that can be offered by other mechanisms than antiviruses. If an antivirus can protect me against ALL KNOWN viruses, then god damn it, that's a useful antivirus.
It just means your operating system is so poor that it really shouldn't be used. Wasting time looking for viruses (is it up to a million by now?) is a never ending task. It just takes longer and longer...

The only protection against ALL KNOWN viruses is to FIX THE VULNERABILITY. Nothing else.

One last thing: Once the vulnerability is fixed, there is no need to look for viruses using it... Which is why anti-virus products are worthless. All they do is promote NOT FIXING the vulnerability in the first place.

BTW: IBM went through the problem in the 60s. Adding patches to fix the unlerlying OS worked... until the effort of adding a patch to fix one problem uncovered a different one or indroduced a new vulnerability.

When IBM realized this, they then turned their effort of OS370. And relegated OS360 to only running in a VM. Most patching stopped on OS360.

Microsoft COULD have done the same when XP was brought out. Unfortunately, they instead merged all the bugs and insecurity from Window 98 into XP. And STILL had the most insecure system ever.

And did it again with 2000... never fixing the problems. Just adding the past problems to the next release.

Is it any wonder that Windows costs the industry several billion every year?

Last edited by jpollard; 10-21-2016 at 06:06 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Implementing SeLinux on Debian 5 (Lenny) -- can't install "selinux-basics" bashFUL Linux - Security 3 10-17-2011 01:16 AM
SELinux errors, SELinux and wine ziphem Linux - Security 10 01-27-2011 04:15 PM
Selinux-how do i find out what domains have permissions on what type?(selinux policy) vishyc88 Linux - Security 2 11-22-2010 04:27 AM
Antivirus survey: Do you run an antivirus program on linux? atom Linux - General 29 09-03-2009 03:22 PM
Antivirus for Lunix similar Norton Antivirus for Windows Chivozertsev Linux - Software 1 03-31-2005 07:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration