l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2001 Dec 30 17:06

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] What anti-virus tools available that run onLinux?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] What anti-virus tools available that run onLinux?



Thanks, most informative. My Linux will be inside a firewall as well.
Strange, can't believe that there haven't been any crackers going after
Linux.
You should have a 900 number.
Don Dunn

>>> Micah Cowan <micah@cowanbox.com> 06/27 4:16 PM >>>
On Wed, Jun 27, 2001 at 02:59:54PM -0700, Donald Dunn wrote:
> What anti-virus tools available that run on Linux?
> Please name your favorites.
> 
> Don Dunn

There are two ways to interpret this this, and I'll address each of
them.

1. You mean tools to protect against viruses (yes, that's the correct
   term.  Virii isn't a word.  Viri would be correct also.) that are
   harmful to Linux systems.

There aren't any viruses for Linux, so no useful virus protection
software can exist.  There have been many recent news articles
contradicting this, but they didn't have their facts straight.  In
particular, the so-called "cross-platform" virus is not a virus at
all, at least not on the Linux side.  It requires you to download an
attachment and physically run it, as root, manually.  This is very
clearly a trojan, which is extremely different from a virus.  This
sort of attack has always been possible, and the very easy protection
against it is:  *never* download and run unknown executables as root
(duh!).

In the past, there have been a couple of UNIX-based worms.  One of the
first famous ones involved simple login attempts based only on
entering the user's name as the password!  That's it!

This is not a virus, either, it is a brute-force worm, and the simple
solution against that is:  use better passwords.

The other 'virus' I am aware of is the one that was affecting RedHat
machines with a (I think it was) vulnerability in BIND (yet *again*).
This may qualify as a virus, but I think it's more of a worm (Pete
will correct me if I'm wrong).  It exploits a buffer-overflow in BIND
and the fact that it runs as root.

The last one is a more serious threat, but should not affect home
users.  The only people who ought to be running BIND are sysadmins.
This, too, could be avoided with a small amount of intelligence.

Linux can be completely protected from viruses by following a few
simple rules:

1) Use difficult-to-crack passwords - no dictionary words or names;
   use a combination of letters, numbers and punctuation and make it
   at least 8 characters long.  Use alternative authentication
   methods to passwords if you can.

2) Never run anything as root unless you are sure of its functionality
   and origins.

3) Even if you are sure of its functionality and origins, never run
   anything as root unless you *absolutely* have to.  If you must,
   then take reasonable precautions: chrooting is always a good idea
   (and would make the BIND worm problem above go away).  If it's
   something as simple as needing root for something such as a
   privileged port, discard your root privileges as soon as possible
   after you've obtained the necessary resources.  It drives me crazy
   that network services still exist in common use that run as root -
   the whole thing.  The frequent security problems in Sendmail and
   BIND would not have happened if people had been a little more
   cautious in their treatment of god-mode.

4) Use strcpy, strcat, sprintf very cautiously, if you're a C
   programmer.  Use gets() absolutely *never* at all (use fgets()
   instead).


2. You mean software that runs on Linux that protects *other* systems
   from viruses.

There exists software for this, but I am very unfamiliar with it -
largely because it's fairly trivial to write scripts for the mail
system which will automatically reject mail attachments with certain
MIME-types or filename extensions.  If you scrap all .vbs, .js,
etc. scripts, and redirecting html messages, you'd have no problems.

HTH,
Micah


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.