The Issue of Anti-Virus Scanners

[steve26]

What is FUD is the fact that people think that Linux is some how.. "immune" to Viruses or Malware. the fact people think that its all about bad habits carried over from Windows is most often wrong.

Linux may have a different file system, but it runs on the same hardware as Windows. With a few exceptions to the kernel, windows is fairly monolithic, just like Linux. apart from the API, code is easily ported between systems. there is not "magic" that makes linux any more secure. strong passwords and encryption will do nothing to stop exploits and vulnerabilties in software. not a damn thing.

and COMODO is right! To be honest, I really do not like COMODO, and I do agree that this is a marketing tact... but it doesn't mean they are wrong.

if you think you have never been infected while running Linux... it's likely you just havent realized it yet!

as somebody who has managed a plethora of machines, for both local area personal networks, local and wide area corporate networks, personal ventures, web hosting businesses, and client and server computing systems in factories (which operate million dollar manufacturing and die cast machinery).. I can tell you that there is certainly a need for antivirus. espeically on Linux.. and it's a shame that there isn't a realistic solution available to users these days. this is just an unforunate consequence of the fragmented market and the way open source works.

the assumption that anti-virus just compares hashes? sorry! this is just not true. this is what the clamscan backend does, and thats because its a scanning backend, not an anti-virus and security suite. and it was never intended to be used as one. check out any antivirus suite today... they do FAR more than scan files: and there is a reason!

that reason is because the attack landscape has dramatically changed over the years. you do NOT need to install, or run a file, to be infected.

At the end of the day, when the talk is about security, it all comes down to the users being to lazy to develop their own skills and knowledge to keep themselves safe on the Internet. Pure bad habit from their days on Windows.

Sorry, this is not entirely true, and is another false asumption that only Ubuntu users seem to carry. Virus and Malware writers can be very savvy. while sometimes, they gain access to systems because the users bad habits.. this is only a very small part of the puzzle, and most often it's much more complicated that how you have put it.

Why do you think that apt-get uses keyrings and compares packages against hashes? because its a very real threat that the upstream repository can become infected with a trojan or malware. PPAs can have even more risk, and this gets ever Riskier when installing from source!

and this is Not because we cannot trust the publisher. of course installing source from an untrusted mirror is a bad idea, but the bigger problem is rather, because there are often Vulnerabilities and Zero Day Exploits in many ubuntu or linux services, and application code. some of which go unnoticed for long periods of time (Heartbleed?). these can potentially allow an attacker to gain access to a server, and insert his trojan in to the repository.

and if this can happen to a server, or a repository.. you can be certain that it can happen to any desktop machine. plus the chance is actually exponentially greater! this is due to the fact that there is many more pieces of software installed, some of which are much more complex and technically diverse. in the end, they depend on exponentially more binaries and shared libaries... all of which end up increasing your chance to get exploited!

and what about securing small to medium sized businesses? there is a legitimate need for a real antivirus solution on Linux..

lets say you start a business, you have 15 computers, a file server, and some terminals. are you going to spend valuable time and money securing every single system the old fashioned way, using highley fragmented tools from the open source repository?... are you gonna hire a few different IT guys, full time, to constantly manage these machines? train every user how to respect the highly fragmented security policy you had to implement? or would this be another excuse to install windows on all these machines... ? wait.. how much will THAT cost?

Most people I talk with are clear on the fact that the attack landscape is constantly evolving. the Stigma surrounding security and Linux... it needs to Vanish. or it will be a long road ahead for great operating systems like Debian and Ubuntu Linux.