Re: Thanks Mart -- Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

[Brian]

On Tue 12 Mar 2019 at 19:20:34 -0400, deb wrote:

> Fortunately Brian has blocked me,

Eh? You'll have to explain.

-- 
Brian.

Thanks Mart -- Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

[deb]

On 3/11/19 5:08 PM, Mart van de Wege wrote:

And yeah, Debian is an upstream distribution, so you will have a lot of
people who are being overly purist about Linux solutions, because they
have the luxury of working in homogenous environments. Unfortunately a
lot of them are lousy communicators.



I'll say...

:-)


Fortunately Brian has blocked me, so that will enhance the noise::answer 
ratio :-)


What a tin-foil wearing curmudgeon that one is.


At least others want to help as bit.

Thank you Mart !

David -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

[deb]

On 3/12/19 11:05 AM, David Wright wrote:

On Tue 12 Mar 2019 at 15:01:32 (+0100), Mart van de Wege wrote:

Stefan Monnier  writes:


OP has a point though. The real world happens to have a huge amount of
heterogeneous networks, and asking for tools to keep those systems safe
is legitimate.

I did not perceive the OP's request to be about the case where you
administer lots of machines and you want to use a Debian machine as
a virus-filter for all those other machines running Windows or whatnot.

So I assumed he meant "I do want to run A/V" to mean that he wants to
run an A/V just like all random Windows users feel the need to run some
A/V software on their machine to feel safer.


I tend to make assumptions that the asker of a question knows what they
are talking about. In this case that meant assuming OP had a
heterogeneous environment they wanted to secure.

Sure, this is not always true, but assuming 'just a random Windows user'
is a tad...uncharitable, to say the least. Again proving OP's
disappointment to be correct, alas.

I thought just the opposite, ie that the OP ran a linux system in a
Windows dominated culture. (Isn't the OP posting from a linux system?)
I spent seven years working with linux in an almost totally Windows
(administration)/Mac (proselytising academics) institution, being eyed
suspiciously whenever their fragile systems misbehaved.



This is exactly my situation.




And in more recent years, I've signed up to many systems that carry
warnings like this:

"If you use […], your computer, modem and mobile phone must meet
 any reasonable requirements we may set; you must carry out your
 own regular virus checks; […] "

A lot of peer pressure (if not T&C) to be always virus-scanning things …

Cheers,
David.



Thank you David

ps

Clamscan caught a trojan and a browser miner in downloaded web pages today.

I feel completely justified in ignoring all the 
They-don't-really-understand-with-Just-away-from-Windows-with-a-10-foot-pole 
responses.

Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools

[deloptes]

Curt wrote:

> I don't follow how this follows from your erroneous attribution.

try harder ;-)

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

[David Wright]

On Tue 12 Mar 2019 at 15:01:32 (+0100), Mart van de Wege wrote:
> Stefan Monnier  writes:
> 
> >> OP has a point though. The real world happens to have a huge amount of
> >> heterogeneous networks, and asking for tools to keep those systems safe
> >> is legitimate.
> >
> > I did not perceive the OP's request to be about the case where you
> > administer lots of machines and you want to use a Debian machine as
> > a virus-filter for all those other machines running Windows or whatnot.
> >
> > So I assumed he meant "I do want to run A/V" to mean that he wants to
> > run an A/V just like all random Windows users feel the need to run some
> > A/V software on their machine to feel safer.
> >
> I tend to make assumptions that the asker of a question knows what they
> are talking about. In this case that meant assuming OP had a
> heterogeneous environment they wanted to secure.
> 
> Sure, this is not always true, but assuming 'just a random Windows user'
> is a tad...uncharitable, to say the least. Again proving OP's
> disappointment to be correct, alas.

I thought just the opposite, ie that the OP ran a linux system in a
Windows dominated culture. (Isn't the OP posting from a linux system?)
I spent seven years working with linux in an almost totally Windows
(administration)/Mac (proselytising academics) institution, being eyed
suspiciously whenever their fragile systems misbehaved.

And in more recent years, I've signed up to many systems that carry
warnings like this:

   "If you use […], your computer, modem and mobile phone must meet
any reasonable requirements we may set; you must carry out your
own regular virus checks; […] "

A lot of peer pressure (if not T&C) to be always virus-scanning things …

Cheers,
David.

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

[Mart van de Wege]

Stefan Monnier  writes:

>> OP has a point though. The real world happens to have a huge amount of
>> heterogeneous networks, and asking for tools to keep those systems safe
>> is legitimate.
>
> I did not perceive the OP's request to be about the case where you
> administer lots of machines and you want to use a Debian machine as
> a virus-filter for all those other machines running Windows or whatnot.
>
> So I assumed he meant "I do want to run A/V" to mean that he wants to
> run an A/V just like all random Windows users feel the need to run some
> A/V software on their machine to feel safer.
>
I tend to make assumptions that the asker of a question knows what they
are talking about. In this case that meant assuming OP had a
heterogeneous environment they wanted to secure.

Sure, this is not always true, but assuming 'just a random Windows user'
is a tad...uncharitable, to say the least. Again proving OP's
disappointment to be correct, alas.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Group thoughts on: Anti-virus tools

[Alessandro Vesely]

On Tue 12/Mar/2019 09:39:53 +0100 didier gaumet wrote:

> Wikipedia makes a comparison of Linux antivirus:
>  https://en.wikipedia.org/wiki/Comparison_of_antivirus_software#Linux


It's astonishing that there is an "Email Security" column, with random yes/no 
contents.  I wrote a note on that:
https://en.wikipedia.org/wiki/Talk:Comparison_of_antivirus_software#Email_Security


An interesting column is the "License", where there is only one.


Best
Ale
-- 

Re: Group thoughts on: Anti-virus tools

[mick crane]

On 2019-03-10 14:58, deb wrote:

Starting assumption: I do want to run A/V.

 * I get that it may actually INCREASE attack surface.

 * But I have Windows & Mac stuff going back and forth to Debian 9.8
and just want to check.

 * (Clamscan already caught 4 things)



I'm of the opinion that windows itself is a virus but just live with it 
and don't keep anything on it I don't mind losing.

mick

--
Key ID4BFEBB31

Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools

[Curt]

On 2019-03-11, deloptes  wrote:
> Curt wrote:
>
>> I don't believe he did, actually. I believe that's what Reco wrote.
>
> but there is no secure OS, as soon as you get connected to the network, and
> if you have a server with multiple users ... well. We used to put sensitive
> servers in DMZ aside of the user network - for a good reason.

I don't follow how this follows from your erroneous attribution. But if
you're saying that no OS is immune from some form of insecurity, you're
wasting your breath because that man is made of straw.

On the other hand, some operating systems are more secure than others
(*for whatever reasons*). I think that statement is statistically
verifiable. (I was going to invent one of those strained, if handy, car
analogies but thought better of it.)


> regards
>
>


-- 
“Let us again pretend that life is a solid substance, shaped like a globe,
which we turn about in our fingers. Let us pretend that we can make out a plain
and logical story, so that when one matter is despatched--love for instance--
we go on, in an orderly manner, to the next.” - Virginia Woolf, The Waves

Re: Group thoughts on: Anti-virus tools

[didier gaumet]

Wikipedia makes a comparison of Linux antivirus:
 https://en.wikipedia.org/wiki/Comparison_of_antivirus_software#Linux

Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools

[Ric Moore]

On 3/10/19 3:53 PM, Brian wrote:

On Sun 10 Mar 2019 at 13:18:54 -0400, deb wrote:



Crumogeon tip: It is no longer 1972.   If you have nothing nice or at least
helpful to say on a  USER list, say nothing at all.


All the responses were helpful. You just have to fit them into your
World View and accomodate them



Thanks Brian for introducing some sanity to the issue. Ric

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

[Stefan Monnier]

> OP has a point though. The real world happens to have a huge amount of
> heterogeneous networks, and asking for tools to keep those systems safe
> is legitimate.

I did not perceive the OP's request to be about the case where you
administer lots of machines and you want to use a Debian machine as
a virus-filter for all those other machines running Windows or whatnot.

So I assumed he meant "I do want to run A/V" to mean that he wants to
run an A/V just like all random Windows users feel the need to run some
A/V software on their machine to feel safer.


Stefan

Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools

[deloptes]

Curt wrote:

> I don't believe he did, actually. I believe that's what Reco wrote.

but there is no secure OS, as soon as you get connected to the network, and
if you have a server with multiple users ... well. We used to put sensitive
servers in DMZ aside of the user network - for a good reason.

regards

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

[Mart van de Wege]

Stefan Monnier  writes:

>> re: apt solving all? I understand it recently had a long-time vulnerability
>> itself...
>> Linux will get hit more as it gets more popular.
>
> My point is not that APT and/or Debian is bullet-proof (I live under no
> delusion in this respect).  Just that instead of keeping your A/V
> up-to-date, the GNU/Linux approach to protecting oneself from attacks is
> to keep your OS up-to-date.
>
>
> Stefan
>
>
> PS: I guess that means I should have pointed to `unattended-upgrades`
> rather than to `apt` as the solution that corresponds to an anti-virus.

OP has a point though. The real world happens to have a huge amount of
heterogeneous networks, and asking for tools to keep those systems safe
is legitimate. Acting like purity ponies and basically going "Here's a
nickel kid, buy yourself a real OS" is immature at best.

I share OP's disappointment in the level of the replies they got.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

[Stefan Monnier]

> There is a spectrum of Windows software than runs between evil malware
> and legitimate programs, it isn't just black and white, and many

Agreed, but I doubt A/V software will know where to draw the line.


Stefan

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

[Joe]

On Mon, 11 Mar 2019 13:53:39 -0400
Stefan Monnier  wrote:

> > re: apt solving all? I understand it recently had a long-time
> > vulnerability itself...
> > Linux will get hit more as it gets more popular.  
> 
> My point is not that APT and/or Debian is bullet-proof (I live under
> no delusion in this respect).  Just that instead of keeping your A/V
> up-to-date, the GNU/Linux approach to protecting oneself from attacks
> is to keep your OS up-to-date.
> 

Yes, but malware (that does not necessarily exploit a bug) can be
installed on a completely secure (and imaginary!) OS by an incautious
user running as root. 

There is a spectrum of Windows software than runs between evil malware
and legitimate programs, it isn't just black and white, and many
legitimate programs are supplied free but with grey semi-malware
(adware, spyware) bundled in to provide revenue. A laptop manufacturer
who shall be nameless once (allegedly unknowingly) bundled an
https-breaker among the pre-installed junk. It doesn't have to be about
exploiting unfixed bugs. A lot of it is in the whole ethos of the OS
and its hardware and software vendors. That's where free-as-in-beer
makes a huge difference.

-- 
Joe

Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools

[Joe]

On Mon, 11 Mar 2019 11:45:28 -0400
Stefan Monnier  wrote:

> > I think the premises of your syllogism might lead some to another
> > conclusion---that the livelihood of the AV software houses depends
> > upon the innate insecurity of the Windows OS.  
> 
> Hmm... they don't actually need that: they only need people to
> think that they're vulnerable (regardless if their Windows is actually
> secure or not, and regardless is Windows is more or less secure than
> other OSes).
> 
> But yes, this is made easier if Windows is actually insecure.
> 

To a large extent, it is Windows users who are insecure. Even today (or
at least, three months ago) the first-time user of Windows 10 is set up
as an administrator, and no advice is offered about changing this. 

I used to help out on Windows Small Business Server newsgroup, where
many administrators/installers admitted to making all their users
administrators to reduce service calls... it was actually *necessary*
for the user of MS Office to be an administrator for the first run of
each of the components (not just the installation), or else various
files and permissions didn't get written correctly.

-- 
Joe

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

[Stefan Monnier]

> re: apt solving all? I understand it recently had a long-time vulnerability
> itself...
> Linux will get hit more as it gets more popular.

My point is not that APT and/or Debian is bullet-proof (I live under no
delusion in this respect).  Just that instead of keeping your A/V
up-to-date, the GNU/Linux approach to protecting oneself from attacks is
to keep your OS up-to-date.


Stefan


PS: I guess that means I should have pointed to `unattended-upgrades`
rather than to `apt` as the solution that corresponds to an anti-virus.

Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

[deb]

On 3/10/19 1:33 PM, Mart van de Wege wrote:

deb  writes:


Starting assumption: I do want to run A/V.

  * I get that it may actually INCREASE attack surface.

  * But I have Windows & Mac stuff going back and forth to Debian 9.8
and just want to check.

When you say going back and forth, do you mean over the network?

On Linux the best solution right now is clamav, which is not 100%. Is it
an option for you to run a network based solution, like an IDS?

Mart



Yes Mart.

Over the network.

4 files were found being passed by just one Windows machine, which was 
running a paid A/'V (actually 3 different A/Vs!). 2 were in emails.


I will push along the ClamAV path.

It has worked.

I have to figure out if it really does real-time detection [it says it 
does].


That would allow it to beat out Malwarebytes.


 * I will be using ClamAV.

   It *seems* little shaky, but it worked.

 * I will ask elsewhere if there are better options.

  * Companies I push #debian into will be doing at least ClamAV [ [IF]

   they have or will have networked Windows/Mac machines, or receive 
email.


   (and probably anyway).

 * I'm not interested in cloud-based solutions,

    where "suspect" files are sent to the "cloud".

    That, to me, seems the worst answer.


I'm not interested in listening to noise from Brian (defines curmudgeon),

trying to guess what evil agenda I am backing; and all of that other 
posturing


about just compile your own code; review every line first, and all all 
is well.



People pass crap around on mixed networks.

They do.

I *ALREADY* caught it.


re: apt solving all? I understand it recently had a long-time 
vulnerability itself...


Linux will get hit more as it gets more popular.

I want to be ahead of that however possible.



So thank you for a real answer Mart.


What a pile of chest-thumping on this.


Sheesh.

Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools

[Stefan Monnier]

> I think the premises of your syllogism might lead some to another
> conclusion---that the livelihood of the AV software houses depends upon
> the innate insecurity of the Windows OS.

Hmm... they don't actually need that: they only need people to
think that they're vulnerable (regardless if their Windows is actually
secure or not, and regardless is Windows is more or less secure than
other OSes).

But yes, this is made easier if Windows is actually insecure.


Stefan

Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools

[Curt]

On 2019-03-11, Stefan Monnier  wrote:
>> Not that I'm aware of.  The thing is - instead of taking an insecure OS
>> and building assorted kludges (in the form of anti-virus) around it,
>> it's considered wise here to use a secure OS from the beginning.
>
> This is misleading: all OSes are somewhat insecure, in practice.
> The question is what to do when a security hole is found: plug the hole
> right away, or try to recognize potential attacks via some anti-virus
> software?
>
> Of course, AV software houses can't really plug security holes in
> Windows (only Microsoft can), so their livelihood depends on making
> people believe that an AV is a good supplement.
>

I think the premises of your syllogism might lead some to another
conclusion---that the livelihood of the AV software houses depends upon
the innate insecurity of the Windows OS.  This kind of gentleman's
agreement seems to be one of the fundamental cogs in the great Wheel of
capitalism to which most of us are tied.

Having said that, the Windows 10 on my hubby's laptop has native virus-
detection software and the OS is patched frequently via the net (at
times to inadvertent ill effect, though not here, at least not yet).

> Stefan
>
>


-- 
“Let us again pretend that life is a solid substance, shaped like a globe,
which we turn about in our fingers. Let us pretend that we can make out a plain
and logical story, so that when one matter is despatched--love for instance--
we go on, in an orderly manner, to the next.” - Virginia Woolf, The Waves

RE: Group thoughts on: Anti-virus tools

[Michael Grant]

I use clamav along with clamav-unofficial-sigs, Sanesecurity and Securiteinfo 
(which I pay for)

Secondly, I use “Bitdefender Security for Mail Servers – Linux”, again which I 
pay for.

I use clamav-milter and the bdmilterd to scan mail using clamav and Bit 
Defender.

I must say that it was pretty difficult to convince someone to actually sell me 
Bit Defender for Linux!  It’s like a totally hidden product of theirs, but it 
does work and is effective.

Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools

[Stefan Monnier]

> Not that I'm aware of.  The thing is - instead of taking an insecure OS
> and building assorted kludges (in the form of anti-virus) around it,
> it's considered wise here to use a secure OS from the beginning.

This is misleading: all OSes are somewhat insecure, in practice.
The question is what to do when a security hole is found: plug the hole
right away, or try to recognize potential attacks via some anti-virus
software?

Of course, AV software houses can't really plug security holes in
Windows (only Microsoft can), so their livelihood depends on making
people believe that an AV is a good supplement.


Stefan

Re: Group thoughts on: Anti-virus tools

[Curt]

On 2019-03-11, Paul Sutton  wrote:
>
> On 10/03/2019 15:04, Sven Hartge wrote:
>> deb  wrote:
>>
>>> a. What does the group suggest running on debian beyond
>>>     - chkrootkit
>> Useless.
>>
>>>     - rkhunter
>> Crap, unmaintained.
>>
>> Both tools produce more false positives than finding anything, just
>> creating a false sense of security while providing no security benefit
>> whatsoever.
>>
>> Grüße,
>> Sven.
>>
>
> Not just a false sense of security, but for anyone who is new or
> inexperienced a false positive creates extra worry as you are unsure if
> it real or otherwise.  

They actually create a false sense of insecurity, which is the basis of many
neuroses.

> Paul
>


-- 
“Let us again pretend that life is a solid substance, shaped like a globe,
which we turn about in our fingers. Let us pretend that we can make out a plain
and logical story, so that when one matter is despatched--love for instance--
we go on, in an orderly manner, to the next.” - Virginia Woolf, The Waves

Re: Group thoughts on: Anti-virus tools

[Paul Sutton]

On 10/03/2019 15:04, Sven Hartge wrote:
> deb  wrote:
>
>> a. What does the group suggest running on debian beyond
>>     - chkrootkit
> Useless.
>
>>     - rkhunter
> Crap, unmaintained.
>
> Both tools produce more false positives than finding anything, just
> creating a false sense of security while providing no security benefit
> whatsoever.
>
> Grüße,
> Sven.
>

Not just a false sense of security, but for anyone who is new or
inexperienced a false positive creates extra worry as you are unsure if
it real or otherwise.  

Paul

-- 

Paul Sutton
http://www.zleap.net
https://www.linkedin.com/in/zleap/
gnupg : 7D6D B682 F351 8D08 1893  1E16 F086 5537 D066 302D

Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools

[Curt]

On 2019-03-11, deloptes  wrote:
> deb wrote:

I don't believe he did, actually. I believe that's what Reco wrote.

>> Not that I'm aware of. The thing is - instead of taking an insecure OS
>> and building assorted kludges (in the form of anti-virus) around it,
>> it's considered wise here to use a secure OS from the beginning.
>
> If you have windows users in your network, the best is to pay for a server
> license for linux and integrate it into clamav. I think most of the popular
> anti virus software companies have their products running on linux and able
> to integrate in clamav. You have to pay but it pays off, if you have
> employes or simply people using windows in your network.
>
> The security of course is not only the antivirus, but also the firewall, VPN
> and similar - 1. reduce the risk of intrusion and 2. increase the chance of
> detection. Anti virus software is only part of it all.
>
> regards
>
>


-- 
“Let us again pretend that life is a solid substance, shaped like a globe,
which we turn about in our fingers. Let us pretend that we can make out a plain
and logical story, so that when one matter is despatched--love for instance--
we go on, in an orderly manner, to the next.” - Virginia Woolf, The Waves

Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools

[deloptes]

deb wrote:

> Not that I'm aware of. The thing is - instead of taking an insecure OS
> and building assorted kludges (in the form of anti-virus) around it,
> it's considered wise here to use a secure OS from the beginning.

If you have windows users in your network, the best is to pay for a server
license for linux and integrate it into clamav. I think most of the popular
anti virus software companies have their products running on linux and able
to integrate in clamav. You have to pay but it pays off, if you have
employes or simply people using windows in your network.

The security of course is not only the antivirus, but also the firewall, VPN
and similar - 1. reduce the risk of intrusion and 2. increase the chance of
detection. Anti virus software is only part of it all.

regards

Re: Group thoughts on: Anti-virus tools

[deloptes]

deb wrote:

> ClamAV

I recall 15y ago we integrated kasperky into ClamAV. Easy to integrate and
easy to use. Worked great. I left this company couple of years later, but
it will not surprise me if they are still using the same setup.

Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools

[Brian]

On Sun 10 Mar 2019 at 13:18:54 -0400, deb wrote:

> I posted a question A/Vs and got negative waves like the below.

It only looks "negative" because you have an agenda. I myself thought
the responses were reasonable and balanced.

> Several people ASS-UMED I was trying to kludge Windows into Linux,
> (see Canonical if you want to find Linux-folk sucking up to Windows)
> instead of working to bring Linux into Windows strongholds (and
> be aware of the problems there.)

Knocking Canonical (who produce a premier Linux distribution) doesn't
advance your argument; it is unclear what that is.
 
> Some just crushed my starting points, without alternatives.
> 
> 
> N.I.C.E.

Your argument (for what it was) was demolished. Explicit alternatives to
it are unnecessary when it hasn't a leg to stand on.

> It is little wonder that Linux can not beat Windows on the desktop (as it
> should),

Is that part of the agenda?

> if this is how people are helped who are trying to Bring In Linux.

Or is this the nub? The Lone Ranger syndrome.

> Crumogeon tip: It is no longer 1972.   If you have nothing nice or at least
> helpful to say on a  USER list, say nothing at all.

All the responses were helpful. You just have to fit them into your
World View and accomodate them

-- 
Brian.

Re: Group thoughts on: Anti-virus tools

[Joe]

On Sun, 10 Mar 2019 19:46:42 +
mick crane  wrote:

> On 2019-03-10 17:13, Joe wrote:
> > On Sun, 10 Mar 2019 19:35:18 +0300
> > Reco  wrote:
> >   
> >>Hi.
> >> 
> >> On Sun, Mar 10, 2019 at 04:32:42PM -, Curt wrote:
> >>   
> >> >
> >> > I thought he was saying the surest approach is not touching
> >> > Windows with a ten foot pole,  
> >> 
> >> You're aiming too low. Not touching any non-free OS with a ten foot
> >> pole would be much more like it.
> >> 
> >>   
> > While bearing in mind that 'free' doesn't mean 'problem-free'.
> > 
> > Remember how many people audited the Heartbleed code before it was
> > released?  
> 
> didn't I read openSSL just had the one full time guy for thousands of 
> lines of code ?

I believe only one person other than the writer audited the code, and
this was a piece of core open-source security code. While "given enough
eyeballs, all bugs are shallow", it is clear that code being open
source does not automatically deliver the eyeballs.

-- 
Joe

Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools

[Felmon Davis]

On Sun, 10 Mar 2019, deb wrote:



I posted a question A/Vs and got negative waves like the below.


Several people ASS-UMED I was trying to kludge Windows into Linux,
(see Canonical if you want to find Linux-folk sucking up to Windows)
instead of working to bring Linux into Windows strongholds (and
be aware of the problems there.)

Some just crushed my starting points, without alternatives.


N.I.C.E.


It is little wonder that Linux can not beat Windows on the desktop (as it 
should),


if this is how people are helped who are trying to Bring In Linux.


Crumogeon tip: It is no longer 1972.   If you have nothing nice or at least 
helpful to say on a  USER list, say nothing at all.


I haven't been able to follow the core of the discussion, partly 
because I don't know the technical issues and partly because I didn't 
quite understand your question but for a different perspective on 
'nice' I actually thought the responses you received were trying to be 
helpful; they were warning you against a certain approach to your 
issue (especially about using Windows or thinking AV is needed on 
Linux).


I think curmudgeons can put people off but I didn't think people were 
being curmudgeonly to you (or didn't intend to be) but instead 
critical of Windows or Windows-like approaches.


they were pressing the case one doesn't need AV on Linux as such, at 
least not if properly configured. this seems helpful.




But you will anyways...


"assorted help"


Not that I'm aware of. The thing is - instead of taking an insecure OS
and building assorted kludges (in the form of anti-virus) around it,
it's considered wise here to use a secure OS from the beginning.


I thought he was saying the surest approach is not touching Windows with
a ten foot pole, for which I doubt there's a list to read.


this seems to support my interpretation.

f.

--
Felmon Davis

Re: Group thoughts on: Anti-virus tools

[Reco]

Hi.

On Sun, Mar 10, 2019 at 05:13:35PM +, Joe wrote:
> On Sun, 10 Mar 2019 19:35:18 +0300
> Reco  wrote:
> > On Sun, Mar 10, 2019 at 04:32:42PM -, Curt wrote:
> >
> > > 
> > > I thought he was saying the surest approach is not touching Windows
> > > with a ten foot pole,  
> > 
> > You're aiming too low. Not touching any non-free OS with a ten foot
> > pole would be much more like it.
> > 
> > 
> While bearing in mind that 'free' doesn't mean 'problem-free'. 
> 
> Remember how many people audited the Heartbleed code before it was
> released?

And that's why security is a process, not a state.
CVE-2014-0160 was fixed upstream days after the discovery, but it took
certain software vendors almost a year to fix openssl 'bundled' with
their 'software products'.

Reco

Re: Group thoughts on: Anti-virus tools

[mick crane]

On 2019-03-10 17:13, Joe wrote:

On Sun, 10 Mar 2019 19:35:18 +0300
Reco  wrote:


Hi.

On Sun, Mar 10, 2019 at 04:32:42PM -, Curt wrote:

>
> I thought he was saying the surest approach is not touching Windows
> with a ten foot pole,

You're aiming too low. Not touching any non-free OS with a ten foot
pole would be much more like it.



While bearing in mind that 'free' doesn't mean 'problem-free'.

Remember how many people audited the Heartbleed code before it was
released?


didn't I read openSSL just had the one full time guy for thousands of 
lines of code ?


mick
--
Key ID4BFEBB31

Re: Group thoughts on: Anti-virus tools

[Stefan Monnier]

> While bearing in mind that 'free' doesn't mean 'problem-free'.
> Remember how many people audited the Heartbleed code before it was
> released?

Indeed.  But it doesn't take more time to update openssl than to update
a virus scanner.


Stefan

Re: Group thoughts on: Anti-virus tools

[Stefan Monnier]

> Starting assumption: I do want to run A/V.

You have it: it's called `apt` (i.e. in the world of Debian, the
response to "viruses" is to plug the hole they try to exploit, instead
of leaving those holes gaping while wasting resources trying to look for
known attacks).

>  * (Clamscan already caught 4 things)

I'll bet that none of those 4 "things" exploit a hole to which you
are vulnerable.  Hence catching those attacks has not made you more
secure: it just wasted resources.

My SSHd daemon has probably rejected more attempts to log into my system
while writing this email.  So what?  None of those attempts are real
threats, anyway, just like those 4 "things" that Clamscan says
it caught.


Stefan

Re: Group thoughts on: Anti-virus tools

[Mart van de Wege]

deb  writes:

> Starting assumption: I do want to run A/V.
>
>  * I get that it may actually INCREASE attack surface.
>
>  * But I have Windows & Mac stuff going back and forth to Debian 9.8
> and just want to check.

When you say going back and forth, do you mean over the network?

On Linux the best solution right now is clamav, which is not 100%. Is it
an option for you to run a network based solution, like an IDS?

Mart
-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

And now, from the Nice people? Re: Group thoughts on: Anti-virus tools

[deb]

I posted a question A/Vs and got negative waves like the below.


Several people ASS-UMED I was trying to kludge Windows into Linux,
(see Canonical if you want to find Linux-folk sucking up to Windows)
instead of working to bring Linux into Windows strongholds (and
be aware of the problems there.)

Some just crushed my starting points, without alternatives.


N.I.C.E.


It is little wonder that Linux can not beat Windows on the desktop (as 
it should),


if this is how people are helped who are trying to Bring In Linux.


Crumogeon tip: It is no longer 1972.   If you have nothing nice or at 
least helpful to say on a  USER list, say nothing at all.


But you will anyways...


"assorted help"


Not that I'm aware of. The thing is - instead of taking an insecure OS
and building assorted kludges (in the form of anti-virus) around it,
it's considered wise here to use a secure OS from the beginning.


I thought he was saying the surest approach is not touching Windows with
a ten foot pole, for which I doubt there's a list to read.

Re: Group thoughts on: Anti-virus tools

[Joe]

On Sun, 10 Mar 2019 19:35:18 +0300
Reco  wrote:

>   Hi.
> 
> On Sun, Mar 10, 2019 at 04:32:42PM -, Curt wrote:
>
> > 
> > I thought he was saying the surest approach is not touching Windows
> > with a ten foot pole,  
> 
> You're aiming too low. Not touching any non-free OS with a ten foot
> pole would be much more like it.
> 
> 
While bearing in mind that 'free' doesn't mean 'problem-free'. 

Remember how many people audited the Heartbleed code before it was
released?

-- 
Joe

Re: Group thoughts on: Anti-virus tools

[Reco]

Hi.

On Sun, Mar 10, 2019 at 04:32:42PM -, Curt wrote:
> On 2019-03-10, Richard Owlett  wrote:
> > On 03/10/2019 10:20 AM, Reco wrote:
> >>Hi.
> >> 
> >> On Sun, Mar 10, 2019 at 10:58:12AM -0400, deb wrote:
> >>> Starting assumption: I do want to run A/V.
> >>>  [*SNIP*]
> >> 
> >>> b. Does the list keep a ~ "pinned" answer for these kinds of questions?
> >> 
> >> Not that I'm aware of. The thing is - instead of taking an insecure OS
> >> and building assorted kludges (in the form of anti-virus) around it,
> >> it's considered wise here to use a secure OS from the beginning.
> >> 
> >
> > Recommended reading list applicable to Debian?
> >
> 
> I thought he was saying the surest approach is not touching Windows with
> a ten foot pole,

You're aiming too low. Not touching any non-free OS with a ten foot pole
would be much more like it.


> for which I doubt there's a list to read.

True.

Reco

Re: Group thoughts on: Anti-virus tools

[Curt]

On 2019-03-10, Richard Owlett  wrote:
> On 03/10/2019 10:20 AM, Reco wrote:
>>  Hi.
>> 
>> On Sun, Mar 10, 2019 at 10:58:12AM -0400, deb wrote:
>>> Starting assumption: I do want to run A/V.
>>>  [*SNIP*]
>> 
>>> b. Does the list keep a ~ "pinned" answer for these kinds of questions?
>> 
>> Not that I'm aware of. The thing is - instead of taking an insecure OS
>> and building assorted kludges (in the form of anti-virus) around it,
>> it's considered wise here to use a secure OS from the beginning.
>> 
>
> Recommended reading list applicable to Debian?
>

I thought he was saying the surest approach is not touching Windows with
a ten foot pole, for which I doubt there's a list to read.



-- 
“Let us again pretend that life is a solid substance, shaped like a globe,
which we turn about in our fingers. Let us pretend that we can make out a plain
and logical story, so that when one matter is despatched--love for instance--
we go on, in an orderly manner, to the next.” - Virginia Woolf, The Waves

Re: Group thoughts on: Anti-virus tools

[Gene Heskett]

On Sunday 10 March 2019 10:58:12 deb wrote:

> Starting assumption: I do want to run A/V.
>
>   * I get that it may actually INCREASE attack surface.
>
>   * But I have Windows & Mac stuff going back and forth to Debian 9.8
> and just want to check.
>
>   * (Clamscan already caught 4 things)
>
>
> a. What does the group suggest running on debian beyond
>
>      - chkrootkit
>
>      - rkhunter
>
>      - ClamAV
>
> b. Does the list keep a ~ "pinned" answer for these kinds of
> questions?
>
The trouble with a pinned list is that it can't keep up with the latest 
attack methods. Clamav has silently stripped about half a megabyte of 
stuff since about the first of October last, last hit Feb 12 here.
However while I'm checking, I note that a pastebin installation 
(pnopaste) has generated about 20 megabytes of squawks, so its gone now. 
I installed it so's I'd have a local pastebin. We get too soon auld, and 
too late schmardt. Has pnopaste acted up for others?

>
> Thank you!


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Group thoughts on: Anti-virus tools

[Richard Owlett]

On 03/10/2019 10:20 AM, Reco wrote:

Hi.

On Sun, Mar 10, 2019 at 10:58:12AM -0400, deb wrote:

Starting assumption: I do want to run A/V.
 [*SNIP*]



b. Does the list keep a ~ "pinned" answer for these kinds of questions?


Not that I'm aware of. The thing is - instead of taking an insecure OS
and building assorted kludges (in the form of anti-virus) around it,
it's considered wise here to use a secure OS from the beginning.



Recommended reading list applicable to Debian?

Re: Group thoughts on: Anti-virus tools

[Reco]

Hi.

On Sun, Mar 10, 2019 at 10:58:12AM -0400, deb wrote:
> Starting assumption: I do want to run A/V.
>  * I get that it may actually INCREASE attack surface.
>  * But I have Windows & Mac stuff going back and forth to Debian 9.8 and just 
> want to check.
>  * (Clamscan already caught 4 things)

Ok. If it's the poison you want - we'll pour you a cup.


> a. What does the group suggest running on debian beyond
>     - chkrootkit

Thing was good like 15 years ago. The thing is - the world has moved,
chrootkit stayed the same.
Save yourself CPU cycles and do not install the thing.


>     - rkhunter

It's primary purpose - i.e. rootkit detection is severely lacking.
The thing has its uses as IDS and 'best practices auditor toolkit', but
that's it.

But if it's the IDS you need - there are tripwire and debsums.


>     - ClamAV

Can catch a Windoze virus or two. The intended purpose of clamav is to
sit on e-mail relay and scan the mail, which is does fulfill.


> b. Does the list keep a ~ "pinned" answer for these kinds of questions?

Not that I'm aware of. The thing is - instead of taking an insecure OS
and building assorted kludges (in the form of anti-virus) around it,
it's considered wise here to use a secure OS from the beginning.

Reco

Re: Group thoughts on: Anti-virus tools

[Sven Hartge]

deb  wrote:

> a. What does the group suggest running on debian beyond

>     - chkrootkit

Useless.

>     - rkhunter

Crap, unmaintained.

Both tools produce more false positives than finding anything, just
creating a false sense of security while providing no security benefit
whatsoever.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Group thoughts on: Anti-virus tools

[deb]

Starting assumption: I do want to run A/V.

 * I get that it may actually INCREASE attack surface.

 * But I have Windows & Mac stuff going back and forth to Debian 9.8 
and just want to check.


 * (Clamscan already caught 4 things)


a. What does the group suggest running on debian beyond

    - chkrootkit

    - rkhunter

    - ClamAV

b. Does the list keep a ~ "pinned" answer for these kinds of questions?


Thank you!