Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 46

Thread: AV? or NO AV? that is the question.

  1. #11
    Join Date
    Mar 2014
    Beans
    8

    Re: AV? or NO AV? that is the question.

    Great got a conversation going Purpose of creating thread successful. *happy*

    Well...now correcting bad terminology, I am sorry but yes ant2ne you are right, I meant general malware, not specifically viruses. That is my mistake for using the wrong word.

    But to unspawn well...you sure picked my argument apart XD I will try to address every issue you have stated so far to the best of my understanding.

    Quote Originally Posted by unspawn View Post
    Ah, deities be thanked, we're saved!..
    Applause on the sarcasm, well placed.

    Quote Originally Posted by unspawn View Post
    Since you're clarifying it's good to know only VXers use "virii" (which isn't even proper Latin): the plural is "viruses".
    Well...then again bad terminology from my part, I am sorry, but I am sure you understood what I meant there so no harm done.

    Quote Originally Posted by unspawn View Post
    No, exploits make use of flaws: viruses infect.
    Malware must always find a way into your machine, this can only be achieve either if you are extremely stupid and have bad browsing practices or if there is a fault on your machine which allows the virus to enter the machine, install where it shouldn't have, do what it shouldn't be allowed to do etc...
    The reason I specify this is because generally this is blamed on faulty programming which allows the malware to exploit the fault and do what it is meant to. An example could be a machine whose root permissions are accessible by a malware even though the OS tried to limit root access.

    Exploits and shellcode are code, just like malware is code, if a malware is coded to take advantage of an fault it will, doesn't matter if it is an exploit or a malware it depends on what the code was written to do, this is generally called the payload.

    Quote Originally Posted by unspawn View Post
    No, that's distro-specific modifications to software, a packaging method would in no way hamper or benefit a virus.
    Yes again bad terminology, linux has many distros and each has its own specific modifications. I am sorry for the misunderstandings.

    But the packaging method does actually make it more dificult for a malware to spread within the Linux community. The reason is the same as why programmers need to package their software with different packaging methods depending on which linux distro they want to install their program. If I download an rpm package on Ubuntu it won't work, because it uses a deb packaging method. While windows generally uses the exe packaging method. Even the shell commands used in different distros are different, therefore even malware written in shell script won't fully work on all distros. The distro has to decode the package to manage to read the clear binary, therefore if the malware is packaged with a certain method it cannot infect, or install, itself on distros which use a different packaging method than itself.

    Quote Originally Posted by unspawn View Post
    No, it wont: sane practices (like browsing habits) could have an effect.
    Well...you obviously did not understand nor read properly my original point. Notice the word "minimize", a distro with constant security updates with patches to its faults, and a constantly improving code will make it considerably harder for the machine to be infected. While sane practices DEFINITELY have, as opposed to could have, an effect it is not the only way to keep your box secure.

    Quote Originally Posted by unspawn View Post
    No, they're simply not: most are just users half of which aren't even remotely aware they run Linux these days.
    Ok...just fyi servers do not count, neither phones nor any other firmware, I am talking stricly PCs.
    All commercial PCs come with windows, most PC users won't have even heard of linux. In my IT course there were people who had no idea what linux was until we had to study it. During my CCNA course the lecturer had to take a whole lesson to explain to almost half the students what the apache server was and how linux played an important part with servers.
    Considering all of this most people would rather have a member of family, or a friend, or a usual technician on who they always call to service their PCs, not even understanding how it works.
    Then assuming there is another percentage of PC users which are more aware of their choices of OS, they would rather not switch because they wouldn't know where to start with linux, they can barely take care of their windows machine, and are also still learning. They may find that using terminal often is not for them. And/Or they may just not want the change.

    But to those who actually do the change and install a linux distro on their own machine must have researched the pros and cons, must have understood the technical jargon used to describe their differences. They are making a change knowingly thus must have some adequate knowledge of IT to keep their machine relatively clean, compared to a grandma who is just learning to send emails to her grandchildren.

    If you disagree with this please explain how.

    Quote Originally Posted by unspawn View Post
    No, the OS does matter, that's simply a money thing ;-p
    Do you even know what I meant by what I said?
    I will break it down again....it simply means that which ever OS the malware is targeting if the signature is within the AV database, or through heuristic scanning the malware WILL be detected. The OS matters to the purpose of the malware, yes, but it doesn't affect its detectability by an AV. This is what I meant if you didn't understand it initially.

    Quote Originally Posted by unspawn View Post
    No, realtime scanning (in whatever way) actually is helpful.
    I never said it wasn't helpful, I said it MAY be unnecessary. There is a difference between MAY be and IS. And there is also a difference between NECESSARY and HELPFUL.
    Since Linux distros are so good at keeping malware out, and if it doesnt come in, it is also good at keeping the malware from running with root permission, it is highly unlikely that a malware will manage to damage your box anytime soon. Therefore realtime scanning can be unnecessary in terms that you CAN wait until a scheduled or manual scan if you so wish. Obviously any extra such as realtime and a good firewall etc... would be helpful, but maybe not necessary.

    Quote Originally Posted by unspawn View Post
    Is that a fact?.. Can you show us a sample of a Linux ELF infection and a perfect cleanup?..
    When I made this statement I had assumed that both malware were detected before infection, after which would be a problem. The trick is always detecting the malware before it has a chance to run and install itself on the target machine and even possibly deal any damage. ELF infections in themselves are pretty rare and again they are distro and kernel specific, therefore they won't spread as fast. Therefore AVs haven't had much testing ground with these.

    Quote Originally Posted by unspawn View Post
    While it certainly is worth something protecting lesser OSes, focusing on AV and viruses is (IMHO and with all due respect) Windows-centric thinking: with Linux you need to: - keep your OS up to date, - have sane browsing and software habits, - secure, harden and regularly audit your machine(s) as the threats we face are different from what users of "the other OS" experience. Please focus on that instead.
    You are mostly right. The malware hype is very windows-centric thinking, but my point is that the threat of malware infecting a linux box is still very real. It is unlikely but real. And personally from what I have seen through other posts is that people completely ignore this and count as if it was impossible, but it is not. Unlikely doesn't mean impossible, but simply that it is rare. The truth is that there is always the possibility for your box to be infected with malware, and with Linux becoming everyday more popular and technology improving then this possibility is also increasing. Linux malware is becoming more common, and eventually will be a problem.

    You are also right that we need to keep the OS updated and have sane browsing and software habits, but to me an AV is part of "securing and hardening" my box.
    And also IMHO we shouldn't focus on any particular aspect, but we should see the security of our PCs as a whole. I made this thread with this focus simply because I was tired of people claiming Linux is impossible to get infected, when most of them don't even know how it works.

    I hope you understand.

    Quote Originally Posted by Xentime View Post
    All the anti-virus ruckus is really a Windows-centric approach and quite dated (in my opinion), these days it is easier to exploit weaknesses in third-party software be it click-jacking or drive-by attacks, let alone this usually allows you to attack multiple operating systems at once. Less work, more pay.
    While to you Xentime all I have to say is that for an exploit to really work it needs a payload, e.g. a way to connect back to the exploited system. This is generally in the form of a trojan, or worm with a backdoor connection allowing the hacker back into your machine after exploiting these weakenesses you mentioned. But malware is still a big part of this. Most hacks now days use faults in third-party software or an irreplaceble aspect of the network, e.g. java, javascript injection, MITM attacks etc...
    But in all exploits there will always be a payload, which is generally (not always) in the form of a malware which could be blocked by an AV.

    As I said to unspawn my aim is not about the AV ruckus, but more towards the full security of the system, AV included.

  2. #12
    Join Date
    Mar 2014
    Location
    /
    Beans
    15
    Distro
    Ubuntu

    Re: AV? or NO AV? that is the question.

    Quote Originally Posted by gabriel13 View Post
    While to you Xentime all I have to say is that for an exploit to really work it needs a payload, e.g. a way to connect back to the exploited system. This is generally in the form of a trojan, or worm with a backdoor connection allowing the hacker back into your machine after exploiting these weakenesses you mentioned. But malware is still a big part of this. Most hacks now days use faults in third-party software or an irreplaceble aspect of the network, e.g. java, javascript injection, MITM attacks etc...
    But in all exploits there will always be a payload, which is generally (not always) in the form of a malware which could be blocked by an AV.
    I'm very aware that exploits do need payload. As you had mentioned, payloads won't always come in the form of malware. It is those kinds of payloads I'm most concerned about. Having on-demand scanning and a machine dedicated for packet analysis is more then enough to take care of either for me. I wasn't very clear on my stance and the reasoning for it, which I apologise for the extreme vagueness of my argument (just read it over). Oi. xD

    But as stated before in my previous post, I do not advise anyone to run without anti-virus software.

  3. #13
    Join Date
    Nov 2006
    Location
    Vienna, Austria
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: AV? or NO AV? that is the question.

    Which AV do you all use on your Linux machines? I have never used AV software on any of my Linux computers so far, but have been contemplating it recently. ClamAV is often mentioned, but lately I saw that previous Windows-centric applications like Avast, Comodo, AVG, etc. are now available for Linux, are they worth it? ( https://help.ubuntu.com/community/Antivirus )

  4. #14
    Join Date
    Mar 2007
    Beans
    781

    Re: AV? or NO AV? that is the question.

    During my CCNA course the lecturer had to take a whole lesson to explain to almost half the students what the apache server was and how linux played an important part with servers. Considering all of this most people would rather have a member of family, or a friend, or a usual technician on who they always call to service their PCs, not even understanding how it works.
    Point and click admin's rarely make it past the help desk in their careers. I remember being in class and looking around and knowing probably 3/4 of these students will finish their degree in IT, and probably less than 1/4 will actually land a job in the IT field.

    I've used avast on a bootable USB drive to clean a in infected windows machine. I've run avast on my linux box, just cause, and got a false positive. I've also played around with comodo and avira on my linux box, just cause. I've used clamav on my proxy server(s). For awhile I was using an AV product on my linux workstation because I didn't want to be responsible for accidentally spreading something to the windows machines. But then I figured 'screw em'. If I get infected it is because of them anyway LOL.

    gabriel13, if you want to run some AV product on your linux machine go ahead. If it makes you feel safer then by all means. There is nothing wrong with one more layer to the onion that is security. But that layer isn't going to be the most important layer of that onion.
    Registered Linux User: 450747 Registered Ubuntu User: 16269

  5. #15
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,941
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: AV? or NO AV? that is the question.

    Quote Originally Posted by ant2ne View Post
    Are you sure it came from the Times?
    I take it you did not follow this link in my post: http://www.nytimes.com/2009/09/15/te...et/15adco.html. A third-party advertising channel bought space to advertise for Vonage. It provided legitimate Vonage ads for three or four days, then started distributing Antivirus 2010 on the following Saturday.

    As a Javascript exploit, it could only run when the browser is open. The supposed Windows Explorer page was actually just an web page that appeared in a new window on Firefox; the script opened the page in response to a window.close() event.

    I think you give ordinary users too much credence if you think you have to resort to delays and the like to get them to infect themselves. Just the other day I corresponded with a college classmate who had to get her computer revisioned after she fell for the phony telephone support scam. This is a very smart woman, too. I got one of these calls myself, but I was too busy at the time to play along with the guy and try to find my "Start" button.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  6. #16
    Join Date
    Mar 2007
    Beans
    781

    Re: AV? or NO AV? that is the question.

    I take it you did not follow this link in my post
    Nah, I don't go around clicking every link I come accross.

    resort to delays and the like to get them to infect themselves
    Not at all what I was saying. The delay would be so the person infected wouldn't know where it came form. Any idiot on the web closes their browser or moves to another page and then gets a pop up they ware going to say to themselves "I just left www.mypage.com and then this happend. It must have been caused by www.mypage.com!" But if there was a delay, then they would have moved on to www.someotherpage.com before the pop up and then they'd blame www.someotherpage.com. Thus they'd contact www.someotherpage.com and not www.mypage.com. www.mypage.com never gets word that their site has been compromised and the exploit may persist longer.
    Registered Linux User: 450747 Registered Ubuntu User: 16269

  7. #17
    Join Date
    Mar 2014
    Beans
    8

    Re: AV? or NO AV? that is the question.

    Quote Originally Posted by Xentime View Post
    I'm very aware that exploits do need payload. As you had mentioned, payloads won't always come in the form of malware. It is those kinds of payloads I'm most concerned about. Having on-demand scanning and a machine dedicated for packet analysis is more then enough to take care of either for me. I wasn't very clear on my stance and the reasoning for it, which I apologise for the extreme vagueness of my argument (just read it over). Oi. xD

    But as stated before in my previous post, I do not advise anyone to run without anti-virus software.
    Yeah, ur point is very valid...since linux is so good at keeping viruses out most hackers focus heavily on other exploits. Being well protected from those kind of exploits is a tricky job, people should definitely talk more about it.


    Quote Originally Posted by PartisanEntity View Post
    Which AV do you all use on your Linux machines? I have never used AV software on any of my Linux computers so far, but have been contemplating it recently. ClamAV is often mentioned, but lately I saw that previous Windows-centric applications like Avast, Comodo, AVG, etc. are now available for Linux, are they worth it? ( https://help.ubuntu.com/community/Antivirus )
    Partisan, well clamAV is metioned more because it is an open source software than becouse of its ability as an AV...which is a shame. It has potential, it just hasn't reached it yet.
    Bitdefender has the best scanning and detection engine, but its linux software has had no support in at least 4 years. It even has the same bugs as it had 2010, therefore would not recommend it.
    Never been a big fan of AVG neither in windows nor on the phone, my personal experience with it is that it slows down your system too much, and has too many false positives and misses a 0 day infections.
    In the rankings Avast is quite high and I would definitely recommend it, but as a comodo windows customer I have had good experiences with it. Plus comodo AV for linux has the best GUI for a linux AV (personal opinion) thus it is the one I chose.

    So overall I would recommend either Avast or Comodo. There is also another one with a good reputation, but I believe it is paid if I am not wrong....ESET. Worth having a look.

    Quote Originally Posted by ant2ne View Post
    Point and click admin's rarely make it past the help desk in their careers. I remember being in class and looking around and knowing probably 3/4 of these students will finish their degree in IT, and probably less than 1/4 will actually land a job in the IT field.

    I've used avast on a bootable USB drive to clean a in infected windows machine. I've run avast on my linux box, just cause, and got a false positive. I've also played around with comodo and avira on my linux box, just cause. I've used clamav on my proxy server(s). For awhile I was using an AV product on my linux workstation because I didn't want to be responsible for accidentally spreading something to the windows machines. But then I figured 'screw em'. If I get infected it is because of them anyway LOL.

    gabriel13, if you want to run some AV product on your linux machine go ahead. If it makes you feel safer then by all means. There is nothing wrong with one more layer to the onion that is security. But that layer isn't going to be the most important layer of that onion.
    You're right...I have been in the same situation. And the IT industry is really volatile, technology moving on so fast it is hard to keep up.

    And the Avast you had on the USB drive...could it possibly have been on a sandisk U3 drive?? I had one like that, with Avast on it XD

    And yeah I agree...security is never covered in just one layer, or one application etc... It is many layers of security, and AV is definitely not the most important, but I personally think that it is an essential part of any box's security.

    Quote Originally Posted by SeijiSensei View Post
    Just the other day I corresponded with a college classmate who had to get her computer revisioned after she fell for the phony telephone support scam. This is a very smart woman, too. I got one of these calls myself, but I was too busy at the time to play along with the guy and try to find my "Start" button.
    I hate those scams!! They are so annoying!
    I once told the guy that they could give me any info about the attacks on my computer and I would deal with them since I am a "microsoft certified security technician", notice this is not a real qualification, the guy hanged up straight away. I had never laughed so hard in my life XD

  8. #18
    Join Date
    Nov 2006
    Location
    Vienna, Austria
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: AV? or NO AV? that is the question.

    Thanks for the tips on Avast or Comodo, I will look in to them a little more.

  9. #19
    Join Date
    Jul 2008
    Location
    Canada
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: AV? or NO AV? that is the question.

    Bitdefender has been good to me and has found items in FF over the years. Yes it's free.
    UsingTheTerminal and PopularPages

    Smile today, cry tomorrow!
    ( Read this everyday )

  10. #20
    Join Date
    Jun 2007
    Location
    Porirua, New Zealand
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: AV? or NO AV? that is the question.

    My one and only experience with comodo was on a Windows machine a few years ago. It wasn't pleasent, because it didn't find something which subsequently did something nasty to my system...... Things might have changed in the meantime.
    Forum DOs and DON'Ts
    Never assume that information you find using a search engine is up-to-date.

Page 2 of 5 FirstFirst 1234 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •