[PLUG] Dealing with security

Wil Cooley wcooley at nakedape.cc
Mon Feb 3 14:18:01 UTC 2003


On Mon, 2003-02-03 at 12:19, Ed Sawicki wrote:
> I was asked by two people recently about Linux virus
> scanning. One asked why there doesn't seem to be many
> or any virus scanning software for Linux that a business
> can use. The other wondered why Linux was less susceptible
> than Windows.

For one thing, there are almost as many virus-scanners for Linux as
there are for Windows.  All of the "store brands" have Linux versions of
their scanners:  McAfee, Symantec, etc., as do most of the more focused
brands like Sophos, F-PROT, etc.

He's also right that in many ways, a Linux workstation is as susceptible
as a Windows workstation.  Sure, we do have privileges, chroot jails and
whatnot--but a user-level virus (say, from downloading a binary or
trojaned source) which did nasty things would be equally as devastating
from a user's standpoint--it could delete all your (user-owned) data
files and/or send porn web sites to your entire addressbook, including
your grandmother and customers.  It would no doubt be less effective
because of the heterogeneity of our systems and lack of standardization
and sharing among applications.  (E.g., every mail application has its
own addressbook.)

And let's face it, there's a lot of crappy code out there, particularly
in user-level applications.  And with StarOffice being so compatible
with MS Office, it wouldn't surprise if some of the same Word macro
viruses would work.

We like to think we're safer, but the fact is once we've become
comfortable with that and cease vigilance--we too will fall prey.

The arguments about popularity hold some water, but like most
unqualified generalisations, are not necessarily true.  Using a
rarely-used distro, OS, application means most of the time the
proof-of-concept or skript-kiddie exploits won't work.  It doesn't mean
you're not vulnerable to the flaw in general, but there may not be
active exploits on the net for it.

Wil
-- 
Wil Cooley                                 wcooley at nakedape.cc
Naked Ape Consulting                        http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *
QCSNet                                     http://www.qcsn.com
* * * * T1, Frame Relay, DSL, Dial-up, and Web Hosting * * * *

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20030203/70c63b44/attachment.asc>


More information about the PLUG mailing list