[PLUG] Dealing with security

Ed Sawicki ed at alcpress.com
Mon Feb 3 15:20:02 UTC 2003


In this case, the discussion was about Linux servers.



On Mon, 2003-02-03 at 14:17, Wil Cooley wrote:
> On Mon, 2003-02-03 at 12:19, Ed Sawicki wrote:
> > I was asked by two people recently about Linux virus
> > scanning. One asked why there doesn't seem to be many
> > or any virus scanning software for Linux that a business
> > can use. The other wondered why Linux was less susceptible
> > than Windows.
> 
> For one thing, there are almost as many virus-scanners for Linux as
> there are for Windows.  All of the "store brands" have Linux versions of
> their scanners:  McAfee, Symantec, etc., as do most of the more focused
> brands like Sophos, F-PROT, etc.
> 
> He's also right that in many ways, a Linux workstation is as susceptible
> as a Windows workstation.  Sure, we do have privileges, chroot jails and
> whatnot--but a user-level virus (say, from downloading a binary or
> trojaned source) which did nasty things would be equally as devastating
> from a user's standpoint--it could delete all your (user-owned) data
> files and/or send porn web sites to your entire addressbook, including
> your grandmother and customers.  It would no doubt be less effective
> because of the heterogeneity of our systems and lack of standardization
> and sharing among applications.  (E.g., every mail application has its
> own addressbook.)
> 
> And let's face it, there's a lot of crappy code out there, particularly
> in user-level applications.  And with StarOffice being so compatible
> with MS Office, it wouldn't surprise if some of the same Word macro
> viruses would work.
> 
> We like to think we're safer, but the fact is once we've become
> comfortable with that and cease vigilance--we too will fall prey.
> 
> The arguments about popularity hold some water, but like most
> unqualified generalisations, are not necessarily true.  Using a
> rarely-used distro, OS, application means most of the time the
> proof-of-concept or skript-kiddie exploits won't work.  It doesn't mean
> you're not vulnerable to the flaw in general, but there may not be
> active exploits on the net for it.
> 
> Wil
-- 
Ed Sawicki <ed at alcpress.com>
ALC





More information about the PLUG mailing list