On Sat, May 10, 2008 at 3:35 PM, 7v5w7go9ub0o <[EMAIL PROTECTED]> wrote:
> Alan McKinnon wrote: > >> On Saturday 10 May 2008, 7v5w7go9ub0o wrote: >> >>> But I sure acknowledge the majority opinion - almost ALL Linux users, >>> and many Windows users as well, choose not to run real-time >>> AntiMalware scanners. >>> >> >> I do this, and I do it for a perfectly obvious reason: >> >> Your suggestion "protects" me from a problem that does not exist. >> >> I can't for the life of me imagine why I would ever do such a thing. >> >> > > > Geezzzzee.... I'm suddenly besieged!!! :-) > > What is missing in this conversation is specific context; i.e. what are the > various "threat models" which are the basis for why/what we do in > security-oriented things. Clearly you've analyzed your situation and > determined that you don't need it. > > - I happen to mostly use a laptop on public wifi; using "non-OS-specific" > tools such as: Firefox browser and thunderbird mail client (each with lots > of "extensions" - third-party, unregulated, tools that enhance the operation > of the browser/mail client. These extensions have been found to contain > Trojans in the past. > > - I often install software directly from the author - or what I presume is > the author's webpage; from what I hope is an uncompromised library. > > - I stream both via the browser and directly, a full range of media > content. > > Seems to me that each of these areas represent a small possibility for > mischief, especially in the case of "extensions"; e.g. everytime I invoke > "check for updated plugins", I run the risk of something I don't want (e.g. > password sniffer) from a compromised distribution, or spoofed location. An > updated heuristic or signature may review that one of the extensions I > installed last week came with what is now a recognized bug. > > You've indicated that the problem doesn't exist - true 'nuff for you. But > IMHO -a- problem/potential for trouble does exist for me, and I've - perhaps > unnecessarily - assumed the overhead and complexity of scanning what I > perceive as the "problem" areas in the way I use this box. > > I don't run anti-malware on all activity within the box; just on the > browser, lftp, media, and mail client jails, the download and work areas for > portage (and where I compile non-portage software), and the /home/TaxAct > area where I run WINE (using a dedicated, unprivileged taxact:taxact > user:group). > > Reviewing my original response, it may seem that I was promoting real-time > Anti-Malware for the masses. No - I definitely do not. Though I do think > that people should, as a rule, review and create a "threat model" for their > setup andhow they do business; and after doing so, consider AntiVir/Dazuko a > potentially useful, possibly cost-effective addition. > > But we can certainly agree to disagree on the potential usefulness of this > tool in my situation. :-) > > Tony was not determining "if", but rather, "which" anti-malware. What > really happened is that I'm trying to express the basis for my enthusiasm > about this particular, versatile Windows-and-Linux anti-malware product to > Tony - in response to his original question: "best" Anti Virus. > > > > > -- > gentoo-user@lists.gentoo.org mailing list > > I thank everyone for their input. Guess I'll stick with clamav since it seems to be one of the best and is open source. Think I'll also leave a note withe the Thunderbird folks suggesting anti-virus integration. Tony -- Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin