1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is AV software really needed on Linux

Discussion in 'Linux / Unix Discussion' started by ChrisH, Aug 25, 2006.

  1. ChrisH

    ChrisH Nibble Poster

    50
    1
    12
    Question as title.

    I'm in the process of downloading Kubuntu and was wondering if I should be looking at Antivirus, Firewall and Spyware/Adware software? I've noticed that most major AV developers now have Linux variants of their software available but I'm not sue if its just a marketing and money-making thing.
     
    WIP: A+
  2. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    I'd imagine that the vast majority of potential virus infections in Linux come from two things: Mail clients and Browsers.

    Since there are far, far more users of Windows than there are *nux or *nix its only common sense that virus writers will choose to infect a platform that has a much wider userbase and, as ghas been proven time and time again, is inherently insecure.

    Personally, if you're comfortable with Linux and aren't stupid enough to do the usual things that the majority of users who get infected with spyware/viruses etc do (browse to pr0n sites repeatedly, open emails called 'cute screensaver etc) then I'd think you were pretty safe without an AV client

    However, thats not to say the situation won't change in the future, and, if you're responsible for administering Linux systems at work it would be folly NOT to have an AV client for them.

    Just my tuppen'orth!
     
    Certifications: A few
    WIP: None - f*** 'em
  3. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    I am no Linux guru but if I was I would be aware of IPtables
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  4. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I have been running Linux for more than 2 years now on pretty much an everyday basis. It's been my main OS for more than a year and I do not run any AV or malware software. I have never had any malware or virus problems.

    When I first started running Linux I just couldn't grasp the fact I didn't need it as I had such a Windows mindset. So, I installed ClamAV and ran it for about a month or two. However, every time I looked at the virus definitions they were always for windows virsues, worms, trojans, etc.... I never did find a virus definition for anything aimed at Linux. My next experiment was to leave a default desktop installation of Debian hooked to the internet on a broadband connection for 30 straight days, without a firewall. Once again there wasn't a problem.

    I do run my computers behind a router/firewall though. And, I would run a lightweight firewall if I was to expose one of my computers to the internet for really extended periods of time. The only firewall I have run on my Linux boxes is a bash script called fiaif. It uses very few resources and will give you a pretty comprehsensive log. It will also allow you to use NAT as it does masquerading so you could use the box as a gateway if you use a couple of NIC's. It's all text based but is pretty easy to learn. You just need a basic knowledge of ports, and to read the documentation.

    Every once in a while I will deliberately go where I shouldn't on the web just to see if I can compromise a box by running with both Java and Javascript enabled in Firefox. Nothing has ever happened. That doesn't mean nothing ever could at some time in the future because I'm deliberatly trying to compromise the box, but if a user practices even somewhat safe browsing habits your chances of getting some type of malware are pretty slim. I have deliberately opened emails that are known to contain viruses. Nothing happens because a windows program just won't run on a Linux box without a whole lot of work.

    In Linux just never run as root, don't have /home world writable, use some common sense, and even if your user account happens to get compromised through some weird happenstance, you're not going to compromise your entire system. For all practical purposes the only way that is going to happen is you don't patch, run as root, or have a server connected the internet with a daemon running with root privileges and there happens to an unpatched buffer overflow vulnerability in that application and someone hits your box, or the entire box is just completely misconfigured such as allowing anonymous write and execute permissions in the ftp directories.

    Also, you cannot run any executable on a Linux box without first giving that file execute permissions and having a valid user account. And then, even if that hurdle is passed, if a regular user account runs the executable that account does not have the necessary permissions to mess with the system or system executables. So, getting a virus by email? That's basically impossible. Even if you got a malicious program by email that was aimed at Linux you would have to give it execute permissions first, and then use su or sudo to run it as root to really cause your system harm. Even then there are no email clients that have hooks into the system like MS email clients have.

    There are a whole lot of hurdles for an attacker to jump if he is going to compromise a Linux machine. His best chance is social engineering with someone he can talk into running an executable as root for him.

    Once you begin to understand how the Linux file system is set up and how-and-what permissions are given on directories other than /home directories you'll understand why Linux is so much more secure than Windows. It's more secure by design....

    All that plus, the open source community patches vulnerabilities far faster than MS has ever dreamed of doing. It's usually no more than a day or two from exploit announced to vulnerability patched, and sometimes it's even the same day.

    Linux just isn't Windows. That's the first thing anyone moving from Windows to Linux needs to learn. Forget what you knew about Windows logic. When you're running Linux, you're not in Kansas anymore.... :biggrin
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  5. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    great explanation Freddie, thanks.

    Si
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  6. ChrisH

    ChrisH Nibble Poster

    50
    1
    12
    Thanks for the advice.

    I've decided on Slackware as neither Mandriva or Kubuntu would start successfully from their live cd's let alone actually installed. Also it appears from reading reviews that Slackware will not try to hide to much of whats going on behind the scenes and anything I learn can be taken to other linux systems.
    I'm still trying to get my head round the filesystem its all foreign to me at the moment and actually seems more confusing than it needs to be, I've read a guide to what all the directories are for but none of it has sunk in.
    I'm at no risk from virus's at the moment as I can't even get my wireless to work lol. Is it strange that I enjoy making computers work rather than actually using them?
     
    WIP: A+
  7. Sandy

    Sandy Ex-Member

    1,091
    2
    65
    I run several Linix servers that run National (UK) systems and yes we run AV software and lots of other things as well. If it is on the Web with a public IP address you bet you run all the protection you can.
     
  8. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Sandy,

    What public facing daemons do you run?

    You're the first guy I've ever heard of who runs AV on Linux. I have never heard of anyone else running anything like it.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  9. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    That's exactly like me. I would much rather work on them, administer them, etc... than I would use an application to do "work".

    Btw, Debian is very good at allowing you to see everything. It also has the best package management software around.

    What wireless chip are you using, or should I say, trying to use?

    If it's an internal device you can find it typing "lspci", small case L, and hitting enter at the bash prompt.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1

Share This Page

Loading...