Page 1 of 5 123 ... LastLast
Results 1 to 10 of 46

Thread: AV? or NO AV? that is the question.

  1. #1
    Join Date
    Mar 2014
    Beans
    8

    AV? or NO AV? that is the question.

    Right, a stupidity which I find often on forums and articles online is that Linux is a virus free OS...and the subsequent distros following with the same claim.
    Due to this people often get confused whether they need an AV or not, and the reasons for having an AV, although quite valid, still leave much unanswered.
    So let me clarify a couple myths about any linux distro, Ubuntu included.

    1. Yes, it is possible for a virus to infect a Linux machine. And Linux virii do exist.Now, the problem here is that it is virtually UNLIKELY that YOU will get infected.
    Reasons being that most viruses are meant to exploit windows faults, therefore there are very few virii which actually work on linux.
    Also linux is very distro specific, each distro has its own packaging method, e.g. deb, rpm, ipk etc...
    This creates another problem for the virus, it would have to be created to target a specific distro, or group of distros, thus limiting itself, windows doesn't have this problem.
    Constant updates help minimize the chances that a well supported distro will be infected.
    And last but not least a common Linux user is generally more experienced than a common windows user, therefore the Linux user would be able to suspect and avoid infected files with greater ease.

    2. No, AV software do NOT only scan for windows virii.
    They scan for any virus whose signature is in its database, and those which do heuristic scanning can scan even more, this doesn't matter what OS the virus is targetting.

    3. No, you do not ONLY need an AV if you share files with windows machines. You need an AV on any machine which accesses the internet, independently of the OS.
    Although it is true that if you catch a windows virus it will not affect you, but whoever you share it with, it is not the ONLY reason as to why you need an AV software.
    The real-time scanning feature may be unnecessary, but a powerful AV should be installed in case of emergencies, and occasional scanning.
    The scan will clean both the widows virii and any Linux virii which you might have picked up.

    Conclusion:
    AV software are a must in any OS. But on Linux distros you will be using them less frequently. You do not need real-time protection, but carry out regular scans, e.g. Once a month. Both to make sure your box is clean and to keep your windows friends virus free.

  2. #2
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: AV? or NO AV? that is the question.

    Quote Originally Posted by gabriel13 View Post
    So let me clarify a couple myths about any linux distro, Ubuntu included.
    Ah, deities be thanked, we're saved!..
    Quote Originally Posted by gabriel13 View Post
    virii
    Since you're clarifying it's good to know only VXers use "virii" (which isn't even proper Latin): the plural is "viruses".
    Quote Originally Posted by gabriel13 View Post
    viruses are meant to exploit windows faults
    No, exploits make use of flaws: viruses infect.
    Quote Originally Posted by gabriel13 View Post
    Also linux is very distro specific, each distro has its own packaging method, e.g. deb, rpm, ipk etc...
    No, that's distro-specific modifications to software, a packaging method would in no way hamper or benefit a virus.
    Quote Originally Posted by gabriel13 View Post
    Constant updates help minimize the chances that a well supported distro will be infected.
    No, it wont: sane practices (like browsing habits) could have an effect.
    Quote Originally Posted by gabriel13 View Post
    And last but not least a common Linux user is generally more experienced than a common windows user, therefore the Linux user would be able to suspect and avoid infected files with greater ease.
    No, they're simply not: most are just users half of which aren't even remotely aware they run Linux these days.
    Quote Originally Posted by gabriel13 View Post
    No, AV software do NOT only scan for windows virii. They scan for any virus whose signature is in its database, and those which do heuristic scanning can scan even more, this doesn't matter what OS the virus is targetting.
    No, the OS does matter, that's simply a money thing ;-p
    Quote Originally Posted by gabriel13 View Post
    The real-time scanning feature may be unnecessary, but a powerful AV should be installed in case of emergencies, and occasional scanning.
    No, realtime scanning (in whatever way) actually is helpful.
    Quote Originally Posted by gabriel13 View Post
    The scan will clean both the widows virii and any Linux virii which you might have picked up.
    Is that a fact?.. Can you show us a sample of a Linux ELF infection and a perfect cleanup?..
    Quote Originally Posted by gabriel13 View Post
    AV software are a must in any OS. But on Linux distros you will be using them less frequently. You do not need real-time protection, but carry out regular scans, e.g. Once a month. Both to make sure your box is clean and to keep your windows friends virus free.
    While it certainly is worth something protecting lesser OSes, focusing on AV and viruses is (IMHO and with all due respect) Windows-centric thinking: with Linux you need to: - keep your OS up to date, - have sane browsing and software habits, - secure, harden and regularly audit your machine(s) as the threats we face are different from what users of "the other OS" experience. Please focus on that instead.

  3. #3
    Join Date
    Mar 2007
    Beans
    776

    Re: AV? or NO AV? that is the question.

    Is it possible that the OP is confusing viruses with other forms of malware? Too often all malware is lumped into the category of virus. On a windows system I've seen viruses that then download other forms of malware. And your 'anti-virus' product is capable of cleaning up executable application based and java based types malware. Both of those things help blurr the lines of what exactly a true virus is. But I completely disagree. I've never run any "anti-virus" product on my linux workstations. My browsing habits are not the safest and I've never gotten a "virus". I have gotten this pop up once which showed my C:\ drive getting scanned and finding multiple malware hits. I thought that pretty funny since I don't have a C:\. I suppose that pop up could be considered malware.

    EDIT:
    Here is a good read http://en.wikipedia.org/wiki/Computer_virus Check out the section titled "Vulnerability of different operating systems to viruses" where the author says
    In 1997, researchers created and released a virus for Linux—known as "Bliss".[23] Bliss, however, requires that the user run it explicitly, and it can only infect programs that the user has the access to modify. Unlike Windows users, most Unix users do not log in as an administrator user except to install or configure software; as a result, even if a user ran the virus, it could not harm their operating system. The Bliss virus never became widespread, and remains chiefly a research curiosity. Its creator later posted the source code to Usenet, allowing researchers to see how it worked.[24]
    Last edited by ant2ne; March 31st, 2014 at 06:34 PM.
    Registered Linux User: 450747 Registered Ubuntu User: 16269

  4. #4
    Join Date
    Jun 2007
    Location
    Porirua, New Zealand
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: AV? or NO AV? that is the question.

    Quote Originally Posted by ant2ne View Post
    Is it possible that the OP is confusing viruses with other forms of malware? Too often all malware is lumped into the category of virus
    Sounds a bit like some of my workmates, some of whom like to use their browser's default page's search box to get to Facebook. No doubt we could, if we chose, spend some time discussing bloopers of this type.
    I have gotten this pop up once which showed my C:\ drive getting scanned and finding multiple malware hits. I thought that pretty funny since I don't have a C:\. I suppose that pop up could be considered malware.
    And then there's the ones which claim that your PC is slow, with a similar offers of software to download.
    Forum DOs and DON'Ts
    Never assume that information you find using a search engine is up-to-date.

  5. #5
    Join Date
    Mar 2007
    Beans
    776

    Re: AV? or NO AV? that is the question.

    And then there's the ones which claim that your PC is slow, with a similar offers of software to download.
    Right, and a registry cleaner.
    Registered Linux User: 450747 Registered Ubuntu User: 16269

  6. #6
    Join Date
    Nov 2006
    Location
    Vienna, Austria
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: AV? or NO AV? that is the question.

    Well you might disagree with this, but I clean the registry in Ubuntu at least once a month. I find the machine runs faster afterwards.

  7. #7
    Join Date
    Mar 2007
    Beans
    776

    Re: AV? or NO AV? that is the question.

    ^^ this guy
    Registered Linux User: 450747 Registered Ubuntu User: 16269

  8. #8
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,819
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: AV? or NO AV? that is the question.

    My only encounter with malware was an attempt to get me to buy Antivirus 2010, and this came from the New York Times's website! When I closed a tab that contained the infected article, a window that looked very much like Windows Explorer appeared on my screen and began rattling off the number of infected DLL files it "found" on my machine. After I finished laughing, I tracked it down to a Javascript that was delivered alone with the article I was reading. Times readers like me were not happy to see the Grey Lady distributing malware, but the source was some third-party advertising channel, not the paper itself. They have since become more restrictive about third-parties, and I have not seen a repeat of the problem.

    Note that this type of malware relies on the browser and user stupidity. The operating system had nothing to do with it.
    Last edited by SeijiSensei; April 1st, 2014 at 04:18 PM.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  9. #9
    Join Date
    Mar 2007
    Beans
    776

    Re: AV? or NO AV? that is the question.

    Are you sure it came from the Times? I mean, if I were to write something like that it would have a timer delay on it so sometime after you navigated away the thing would pop up thus making it harder to track what page attacked you. Then you wouldn't know who to contact about it. The webmaster remains unaware that it has been exploited. Leaving the vulnerability up longer to get more victims.
    Registered Linux User: 450747 Registered Ubuntu User: 16269

  10. #10
    Join Date
    Mar 2014
    Location
    /
    Beans
    15
    Distro
    Ubuntu

    Re: AV? or NO AV? that is the question.

    Quote Originally Posted by PartisanEntity View Post
    Well you might disagree with this, but I clean the registry in Ubuntu at least once a month. I find the machine runs faster afterwards.
    This put the biggest smile on my face.


    But back on topic:
    Quote Originally Posted by unspawn View Post
    While it certainly is worth something protecting lesser OSes, focusing on AV and viruses is (IMHO and with all due respect) Windows-centric thinking: with Linux you need to: - keep your OS up to date, - have sane browsing and software habits, - secure, harden and regularly audit your machine(s) as the threats we face are different from what users of "the other OS" experience. Please focus on that instead.
    I could not agree more to this statement. Trained browsing/software habits go a long way. I personally don't run any anti-virus on my Windows machine, but I do have Malwarebytes for on-demand scanning and malicious website blocking. Haven't had a single infection yet, but please keep in mind I wouldn't advise this to anyone unless you have well trained browsing/software habits.

    All the anti-virus ruckus is really a Windows-centric approach and quite dated (in my opinion), these days it is easier to exploit weaknesses in third-party software be it click-jacking or drive-by attacks, let alone this usually allows you to attack multiple operating systems at once. Less work, more pay.

Page 1 of 5 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •