Page 3 of 3 FirstFirst 123
Results 21 to 24 of 24

Thread: The Issue of Anti-Virus Scanners

  1. #21
    Join Date
    Aug 2013

    Exclamation Re: The Issue of Anti-Virus Scanners

    What is FUD is the fact that people think that Linux is some how.. "immune" to Viruses or Malware. the fact people think that its all about bad habits carried over from Windows is most often wrong.

    Linux may have a different file system, but it runs on the same hardware as Windows. With a few exceptions to the kernel, windows is fairly monolithic, just like Linux. apart from the API, code is easily ported between systems. there is not "magic" that makes linux any more secure. strong passwords and encryption will do nothing to stop exploits and vulnerabilties in software. not a damn thing.

    and COMODO is right! To be honest, I really do not like COMODO, and I do agree that this is a marketing tact... but it doesn't mean they are wrong.

    if you think you have never been infected while running Linux... it's likely you just havent realized it yet!

    as somebody who has managed a plethora of machines, for both local area personal networks, local and wide area corporate networks, personal ventures, web hosting businesses, and client and server computing systems in factories (which operate million dollar manufacturing and die cast machinery).. I can tell you that there is certainly a need for antivirus. espeically on Linux.. and it's a shame that there isn't a realistic solution available to users these days. this is just an unforunate consequence of the fragmented market and the way open source works.

    the assumption that anti-virus just compares hashes? sorry! this is just not true. this is what the clamscan backend does, and thats because its a scanning backend, not an anti-virus and security suite. and it was never intended to be used as one. check out any antivirus suite today... they do FAR more than scan files: and there is a reason!

    that reason is because the attack landscape has dramatically changed over the years. you do NOT need to install, or run a file, to be infected.

    Quote Originally Posted by jimmy-frydkaer
    At the end of the day, when the talk is about security, it all comes down to the users being to lazy to develop their own skills and knowledge to keep themselves safe on the Internet. Pure bad habit from their days on Windows.
    Sorry, this is not entirely true, and is another false asumption that only Ubuntu users seem to carry. Virus and Malware writers can be very savvy. while sometimes, they gain access to systems because the users bad habits.. this is only a very small part of the puzzle, and most often it's much more complicated that how you have put it.

    Why do you think that apt-get uses keyrings and compares packages against hashes? because its a very real threat that the upstream repository can become infected with a trojan or malware. PPAs can have even more risk, and this gets ever Riskier when installing from source!

    and this is Not because we cannot trust the publisher. of course installing source from an untrusted mirror is a bad idea, but the bigger problem is rather, because there are often Vulnerabilities and Zero Day Exploits in many ubuntu or linux services, and application code. some of which go unnoticed for long periods of time (Heartbleed?). these can potentially allow an attacker to gain access to a server, and insert his trojan in to the repository.

    and if this can happen to a server, or a repository.. you can be certain that it can happen to any desktop machine. plus the chance is actually exponentially greater! this is due to the fact that there is many more pieces of software installed, some of which are much more complex and technically diverse. in the end, they depend on exponentially more binaries and shared libaries... all of which end up increasing your chance to get exploited!

    and what about securing small to medium sized businesses? there is a legitimate need for a real antivirus solution on Linux..

    lets say you start a business, you have 15 computers, a file server, and some terminals. are you going to spend valuable time and money securing every single system the old fashioned way, using highley fragmented tools from the open source repository?... are you gonna hire a few different IT guys, full time, to constantly manage these machines? train every user how to respect the highly fragmented security policy you had to implement? or would this be another excuse to install windows on all these machines... ? wait.. how much will THAT cost?

    Most people I talk with are clear on the fact that the attack landscape is constantly evolving. the Stigma surrounding security and Linux... it needs to Vanish. or it will be a long road ahead for great operating systems like Debian and Ubuntu Linux.
    Last edited by steve26; June 29th, 2014 at 04:41 AM.

  2. #22
    Join Date
    Aug 2013

    Re: The Issue of Anti-Virus Scanners

    What antivirus on Linux currently looks like:

    with alot of time and effort, a serious security professional will build his own anti-virus and security solution... typically out of many existing open source solutions and projects.

    like I said, antivirus these days does not just scan files and compare hashes! using host based, and network based intrusion detection systems, kernel level security solutions like SELinux or AppArmor, packet filtering applictions or scripts, kernel patches (like GRSecurity), rebuilding out of date or PPA/Source software (using hardened compiler security parameters), checking for security updates, performing log file analysis, etc... an adept security analyst will cobble together the different cogs that which make up an antivirus solution by 2014's standards. piece of peice.

    they will also sometimes need to build elements from scratch using custom code (targeted at the desired platform and his or her particular environment). using "inotify" or inotifytools, for example, you can call the virus scanner whenever there are changes to volatile aspects of the filesystem.

    until we get a realistic open source solution like this, comparable to any modern antivirus solution.. we do have some options (in the meantime). if you have money to spend: Symantec, ESET, Kapersky and Avast have released paid solutions, which are becoming nearly as useful as their windows counterparts, day by day. however, from the open source perspective, beyond everything i talked about above.. there are many third party databases that can be used with clamscan to help find common threats for linux. it may even be useful along side a Paid Solution.

    Linux Malware Detection by RFXN provides a nice set of linux malware databases. if you do not want to install LMD, just download their database files, and use them with ClamScan. do the same with Sansecurity. there is an ubuntu package called clamav-unofficial-sigs which provides a number of third party signature databases to help within this regard... and besides things like this, you should be wary of rootkits too. rkhunter has a database of known rootkits. and there is also chkrootkit. or ossec. note: there is a plugin you can use to scan all files which are downloaded by firefox as well (Fireclam?)

    AppArmor is fairly important in most any scenario... especially with FireFox or Chromium on Ubuntu... not to mention most other main stream applications on Ubuntu today! perfrom a general security audit on your system, find out what is most potentially vulnerable, and make sure you set AppArmor to Enforce rules for these applications. if you are more comfortable with SELinux, maybe you should start here.

    you can use "unhide" to detect hidden processes. this is also available for windows, so this just goes to show that it does not matter what system you are running. likewise, "unhide-tcp" can find hidden network services. you can use "ninja" to whitelist setuid applications. you can use "checksecurity" to detect some other critical changes. security audits can be performed with applications like "Lynis" (or "Tiger" which is more in depth). Check apps against the CVE Reports (see "debsecan"). and so on, and so forth.

    What linux needs from an antivirus, just like any other Operating System:|

    anti-virus needs to keep a realistic and corrugated mapping of what a typical attack pattern looks like. it needs to be able to identify potentially new forms of emerging illicit code. it needs to use heuristics. it needs to be able to hook the kernel and monitor access to the file system in realtime. it needs to monitor direct memory access. protect devices, and drivers. it needs to understand high risk sectors of the operating system, and be able to detect new or llicit changes. it needs to be able to analyze the system for vulnerabilities on the fly. monitor installed packages and compare them against the ubuntu vulnerability database.

    most importantly, it needs to be able to do these things without constant user intervention.

    the malware writers ARE targetting mainstream linux distributions more and more, and the problem is that there is nothing for the typical desktop user to even detect the intrusion! they are driving blind! companies like Symantec, ESET, Kapersky and Avast have released solutions for Linux environment, and they cover a majority of the things I have touched on in this post. and If you think they wasted all the venture capital by dumping resources into something that isn't needed, you are dreaming..

    if you think that somebody who got infected with a a trojan or malware on Ubuntu is lazy.... you are just making an excuse. why? because WE are the ones who are responsible for what you see in Ubuntu. if there is no open source all-in-one security solution, it's because the community hasn't the resources to complete such a task, or because people have idea that it simply isn't required. and this is wrong. this idea is stifling the growth of our operating system.

    in the coming years, there will be another breakthrough when it comes to Operating Systems. and my bet is on the team that can realize the future, its potential, and brace for impact if need be. Operating Systems in the linux world have died off before, and if people are going to be in denial about the usefulness of security, especially in the age of the credit card and online transaction... they are digging Ubuntu's grave.

    the fact of the matter is that just because you are running Linux, does not mean that your system is secure. just because you get a virus, does not mean you are a noob. and there are plenty of trojans floating around that people on linux might not even know they have.

  3. #23
    Join Date
    Jul 2009
    New York, NY
    Ubuntu 16.04 Xenial Xerus

    Re: The Issue of Anti-Virus Scanners

    Been running linux since ubuntu 8.04 (that's 2008) right to the present...never got a single one of any of those things...comodo is are just paranoid about these things...what can i say...
    A jealous windows troll, perhaps...

  4. #24
    Join Date
    May 2014
    King's Lynn, UK
    Xubuntu 14.04 Trusty Tahr

    Re: The Issue of Anti-Virus Scanners

    I would agree with chayak.

    I migrated from Windows XP back in March. I haven't bothered trying to locate or install AV software, due to having friends who've been using Linux for some years, and who have all, without exception, told me that you simply do not need AV software in Linux because of the way it is structured, and the way that root permissions are assigned.

    For sure, toward the end in XP (the last 2 years or so anyway), as I became more 'tech-savvy', I'd quit running in Admin mode all the time, having set up a limited user account. That, together with running Comodo's Firewall (not having much faith in the built-in offering), and Malwarebytes, kept me cleaner than I had been for many years previously.

    I agree that the AV vendors are trying to scare people into believing that they NEED AV software on Linux.....because with the growing popularity of distros like Ubuntu and Mint, etc., it is now being perceived as a growing market. And since the vast majority of migrants ARE coming from Windows, it's automatic for such people to straight away look for an AV solution (having become so used to the need for it running Microsoft products.)

    There again, I feel it's probably true that folk who have taken the time to research, find, download & install a Linux distro, of whichever flavour, ARE going to be a cut above the average intelligence when it comes to using Linux, and understanding why it works in the way that it does!


    Compaq Presario SR1619UK, running Xubuntu & Puppies 'X-Slacko' & 'Slacko'
    Dell Inspiron 1100, running Xubuntu & Puppies 'TahrPup' & 'Precise'

    the advice given has helped you, PLEASE have the courtesy to post back and say 'Thank you'..!

Page 3 of 3 FirstFirst 123


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts