|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Begs a question: AV in Linux
From: Wilson Mosquera (wmosquera
tecnoav.com.ec)
Date: Thu Feb 02 2006 - 10:30:54 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Too Sophos has AV+Antispams+Antispyware for linux email an file Server. It's
excellent AV.
Wilson Mosquera
TECNOAV
-----Mensaje original-----
De: Isaac Perez [mailto:suscripcionstsolucio.com]
Enviado el: Wednesday, February 01, 2006 3:00 PM
Para: focus-linuxsecurityfocus.com
Asunto: Re: Begs a question: AV in Linux
Nod32 has AV for linux email an file servers.
We use it for windows clients and is from far better than the other I've
even tried: that are
norton, AVG, symantec and panda.
It detects very good the general malware (adware,spyware,etc..) not all,
but the most important.
En/na jcartermindmerge.net ha escrit:
> A good cross-platform AV that we licensed and use at work is AVG,
> www.grisoft.com
>
> If you have not stumpled upon them yet they also give away a free
> version for 'home' users. Just google for "free avg" and grab it.
> Licensing is good for 2 years unlike other win32 AV apps.... and it is
> much more affordable and gives you MORE seats for less.
>
> They have larger apps as well if you like a full suite of produce....
> ;-)
>
> I can't speak for others but I can tell you it has been an essential
> tool for us at work. We run primarily Slackware Linux desktops with a
> smattering of win32 clients here and there... mostly for the marketing
> folks...
>
> On a multi-user system I think that AV is essential, on individual win32
> boxes it is of paramount importance. Your personal Linux desktop....
> well it all depends on what sites you are visiting and what you tend to
> do when the unknown or unexpected occurs. Do you have a host based
> firewall? Do you have a network edge firewall? Do you log your system?
> Do you log outbound traffic through your firewall(s).... Plenty of cool
> tools out there... Would not be too hard to determine if you 'need' AV
> on your box.
>
> BTW I have enjoyed this thread very much... interesting approaches and
> thoughts from all.
>
> l8r,
> James Carter
> jcartermindmerge.net
> http://www.mindmerge.net
>
> -Quote-
> The right of the citizens to keep and bear arms has justly been
> considered as the palladium of the liberties of a republic; since it
> offers a strong moral check against usurpation and arbitrary power of
> rulers; and will generally, even if these are successful in the first
> instance, enable the people to resist and triumph over them."
> -- Supreme Court Justice Joseph Story of the John Marshall Court
> -End Quote-
>
>
>
>> -------- Original Message --------
>> Subject: Re: Begs a question: AV in Linux
>> From: Eric Rostetter <rostettermail.utexas.edu>
>> Date: Fri, January 27, 2006 9:18 am
>> To: focus-linuxsecurityfocus.com
>>
>> Quoting Moderator <mod-linuxsecurityfocus.com>:
>>
>>
>>> The following message was submitted to the list by Alexander Klimov.
>>>
>> [...]
>>
>>> Since there are quite a few replies let me elaborate. There are two
>>> types of viruses: those that exploit software vulnerabilities and
>>> those that exploit wetware (that is a PEBKAC).
>>>
>> And there are _many_ kinds of linux systems and users.
>>
>>
>>> the virus is released. Unlike some other OSes, with any good Linux
>>> distribution it is quite easy to live most of the time without known
>>> vulnerabilities in your system.
>>>
>> If you run wine, zen, mach, vmware, or anything that runs or can run
>> windows (or another vulnerable OS), than you should run AV in at least
>> the virtual machine, and preferably in both linux and virtual machine.
>>
>> If you run openoffice, you are open to macro viruses and all the same
>> things that hit MS Office apps, and you should run an AV if you don't
>> want to be a hit by them, or spread them to others.
>>
>>
>>> Now if you have a system with no
>>> vulnerabilities exploitable by known viruses none of them can
>>> compromise your system -- you cannot get better results from an AV
>>> (AFAIK `unknown virus detection' is more marketing than reality).
>>>
>> True. But you can help spread them. Of course there is the obvious
>> examples of linux machines which are file servers and mail servers and
>> the like. Why would you want these spreading viruses? But even regular
>> office user linux machines can spread around viruses via file transfers
>> (forwarding e-mail, swaping floppies or usb devices, burning cd-roms,
etc).
>> Maybe not a big deal if you only deal with other linux machines, but if
>> you interact with people using other OS's do you really want to be the
>> one who passed a virus on to them?
>>
>>
>>> root to solve it: wget ...'. I am not sure I understand how sharing
>>> files with Windows can be dangerous but probably it is in this
>>> category as well
>>>
>> It is dangerous for other windows users you give the file to, or
dangerous
>> to you if you run windows in a VM environment in linux, or run OpenOffice
>> or other windows-software emulation software.
>>
>>
>>> BTW do not get me wrong: if I say that AV is useless (or, worse, it
>>> can have its own vulnerabilities) it does not mean that you should not
>>> use a firewall in both directions or check integrity of system files.
>>>
>> AV software _may_ be useless depending on your environment. I run it
>> on my linux mail server, and it is not worthless to me or my users, since
>> half my users run Windows and Mac machines. They thank me for not
exposing
>> them to the viruses via their e-mail. You could make the same type of
>> arguments for file servers, etc.
>>
>> Yes, you _may_ not need a AV product on your linux machine. Then again,
>> you _may_ need one. It depends on how you use the machine, what you run
>> on the machine, and how you and that machine interact with others.
>>
>> The real-world example is how it is illegal most places to knowingly
infect
>> other people with a human virus that you know you carry. It does not
matter
>> if you are immune to it or not, the law reflects the fact that others are
not
>> and that you should not knowingly spread it to them as you know it can
cause
>> them harm.
>>
>> Use a similar principle in computers and networks. If you know your
>> computer has or is likely to spread viruses to others and could cause
harm
>> to them, then the _responsible_ thing to do is to run AV software on your
>> machine to try to prevent that. If you know your computer is
>> _highly unlikely_ to spread viruses to others, and should not pose any
>> virus risk to others, then there is no need to run AV software if you
>> don't want to (and may be very good reasons not to, in fact).
>>
>>
>>> --
>>> Regards,
>>> ASK
>>>
>> --
>> Eric Rostetter
>> The Department of Physics
>> The University of Texas at Austin
>>
>> Go Longhorns!
>>
>
> __________ Información de NOD32, revisión 1.1388 (20060130) __________
>
> Este mensaje ha sido analizado con NOD32 antivirus system
> http://www.nod32.com
>
>
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]