Re: [gentoo-user] Re: Which desktop antivirus?
On Saturday 22 Oct 2011 21:31:32 Neil Bothwick wrote: On Sat, 22 Oct 2011 20:03:44 +0300, Nikos Chantziaras wrote: ClamVM has poor detection rates. You might want to look into AVG Free for Linux. Do you have any documentation for this? I'm not saying you're wrong, rather that I'd like to know more. This is not current, but if it is to be believed (and without details on the methodology I'd be reluctant to believe it) clamav came 2nd after Karspersky: http://www.builderau.com.au/blogs/byteclub/viewblogpost.htm?p=339270831 This on the other hand is both current and more meaningful, because it includes zero day attacks: http://www.shadowserver.org/wiki/pmwiki.php/AV/VirusDailyStats ClamAV on linux comes 3rd for zero day attacks and 16th on retries. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Re: Which desktop antivirus?
On Saturday 22 Oct 2011 22:30:45 Volker Armin Hemmann wrote: Am Samstag 22 Oktober 2011, 18:14:32 schrieb Nikos Chantziaras: On 10/22/2011 05:07 PM, Adam Carter wrote: there aren't any Linux viruses, Except for the ones listed on the page below, which is probably incomplete. http://en.wikipedia.org/wiki/Linux_malware But yeah, on a linux desktop (especially a Gentoo one) you don't need a virus scanner. Yet. There are literally *millions* of Windows viruses. The Wikipedia page just proves Linux has virtually no viruses, and those listed don't even work anymore (exploits have been patched long ago.) Most existing Linux malware targets servers (like PHP software exploits in forums, wikis, etc) and desktop users don't need to worry. Furthermore, even if there were enough Linux viruses to worry about, there isn't a good way of getting infected. On Windows, you download random executables from the net. On Gentoo, you install your stuff through portage. It's nearly impossible to get infected. except when someone puts up or takes over a rsync server and starts providing malicious ebuilds. Hilarious. Isn't that what happened back in 2003/04? I can't recall exactly but there was some discussion where it was suggested that clients should rsync against two different mirrors and diff the portage contents (or hashes thereof?), before accepting the sync result. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Re: Which desktop antivirus?
Am 23.10.2011 09:49, schrieb Mick: On Saturday 22 Oct 2011 22:30:45 Volker Armin Hemmann wrote: Am Samstag 22 Oktober 2011, 18:14:32 schrieb Nikos Chantziaras: On 10/22/2011 05:07 PM, Adam Carter wrote: there aren't any Linux viruses, Except for the ones listed on the page below, which is probably incomplete. http://en.wikipedia.org/wiki/Linux_malware But yeah, on a linux desktop (especially a Gentoo one) you don't need a virus scanner. Yet. There are literally *millions* of Windows viruses. The Wikipedia page just proves Linux has virtually no viruses, and those listed don't even work anymore (exploits have been patched long ago.) Most existing Linux malware targets servers (like PHP software exploits in forums, wikis, etc) and desktop users don't need to worry. Furthermore, even if there were enough Linux viruses to worry about, there isn't a good way of getting infected. On Windows, you download random executables from the net. On Gentoo, you install your stuff through portage. It's nearly impossible to get infected. except when someone puts up or takes over a rsync server and starts providing malicious ebuilds. Hilarious. Isn't that what happened back in 2003/04? I can't recall exactly but there was some discussion where it was suggested that clients should rsync against two different mirrors and diff the portage contents (or hashes thereof?), before accepting the sync result. That still doesn't protect you against man-in-the-middle attacks or an attack against the CVS tree (like the recent kernel.org disaster). Signing the manifest files is really the only reasonable solution. Good thing there seems to be some progress in that direction: https://bugs.gentoo.org/show_bug.cgi?id=360363 Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
[gentoo-user] Re: Which desktop antivirus?
On 10/22/2011 02:27 PM, Mick wrote: Hi All, I'm asked for a desktop antivirus (the box is running KDE) but I have never used an antivirus on Linux. This page that I googled up shows a number of them: http://www.makeuseof.com/tag/free-linux-antivirus-programs/ Meanwhile, portage only lists clamav under app-antivirus/. The machine in question is running kmail to receive/send messages from ISP mail servers and ssmtp to send log messages for relaying via said ISP. What have you tried and what would you recommend for such a desktop setup? You don't need one. Linux anti-virus programs are there to protect Windows installations (Windows executables passing through a Linux box). Since you said Desktop, I assume you meant protect against Linux viruses. Since there aren't any Linus viruses, there's no need for something like that.
Re: [gentoo-user] Re: Which desktop antivirus?
there aren't any Linux viruses, Except for the ones listed on the page below, which is probably incomplete. http://en.wikipedia.org/wiki/Linux_malware But yeah, on a linux desktop (especially a Gentoo one) you don't need a virus scanner. Yet.
Re: [gentoo-user] Re: Which desktop antivirus?
On Oct 22, 2011 9:10 PM, Adam Carter adamcart...@gmail.com wrote: there aren't any Linux viruses, Except for the ones listed on the page below, which is probably incomplete. http://en.wikipedia.org/wiki/Linux_malware But yeah, on a linux desktop (especially a Gentoo one) you don't need a virus scanner. Yet. That IMO is one aspect where Gentoo is 'naturally hardened' even when compared to other Linux distros: malware writers can't be sure that the vectors they need exist in a target box. Rgds,
[gentoo-user] Re: Which desktop antivirus?
On 10/22/2011 05:07 PM, Adam Carter wrote: there aren't any Linux viruses, Except for the ones listed on the page below, which is probably incomplete. http://en.wikipedia.org/wiki/Linux_malware But yeah, on a linux desktop (especially a Gentoo one) you don't need a virus scanner. Yet. There are literally *millions* of Windows viruses. The Wikipedia page just proves Linux has virtually no viruses, and those listed don't even work anymore (exploits have been patched long ago.) Most existing Linux malware targets servers (like PHP software exploits in forums, wikis, etc) and desktop users don't need to worry. Furthermore, even if there were enough Linux viruses to worry about, there isn't a good way of getting infected. On Windows, you download random executables from the net. On Gentoo, you install your stuff through portage. It's nearly impossible to get infected.
[gentoo-user] Re: Which desktop antivirus?
On 10/22/2011 06:40 PM, Mick wrote: [...] Anyway, the use case in point is to protect other MSWindows OS' when sending/forwarding office and pdf documents. So the user would like to be able to scan emails as they come in/sent out. Will clamav do this with KDE4? ClamVM has poor detection rates. You might want to look into AVG Free for Linux.
Re: [gentoo-user] Re: Which desktop antivirus?
On Sat, Oct 22, 2011 at 8:14 AM, Nikos Chantziaras rea...@arcor.de wrote: There are literally *millions* of Windows viruses. I use Kaspersky in my Windows VMs. 6,028,900 virus signatures as of an update run 1 hour ago... 6,029,804 now... Go figure... - Mark
Re: [gentoo-user] Re: Which desktop antivirus?
On Sat, 22 Oct 2011 20:03:44 +0300, Nikos Chantziaras wrote: ClamVM has poor detection rates. You might want to look into AVG Free for Linux. Do you have any documentation for this? I'm not saying you're wrong, rather that I'd like to know more. -- Neil Bothwick Assembler: (n.) a minor program of interest only to obsessed programmers. signature.asc Description: PGP signature
Re: [gentoo-user] Re: Which desktop antivirus?
Am 22.10.2011 17:14, schrieb Nikos Chantziaras: On 10/22/2011 05:07 PM, Adam Carter wrote: there aren't any Linux viruses, Except for the ones listed on the page below, which is probably incomplete. http://en.wikipedia.org/wiki/Linux_malware But yeah, on a linux desktop (especially a Gentoo one) you don't need a virus scanner. Yet. There are literally *millions* of Windows viruses. The Wikipedia page just proves Linux has virtually no viruses, and those listed don't even work anymore (exploits have been patched long ago.) Most existing Linux malware targets servers (like PHP software exploits in forums, wikis, etc) and desktop users don't need to worry. Furthermore, even if there were enough Linux viruses to worry about, there isn't a good way of getting infected. On Windows, you download random executables from the net. On Gentoo, you install your stuff through portage. It's nearly impossible to get infected. Unless you hijack one of the portage mirrors or stage a man-in-the-middle attack. Only a few manifest files in the official portage tree are signed with PGP and even there I don't think emerge checks the keys, only the normal hash keys. That is something that bugs me for ages. Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Re: Which desktop antivirus?
Am Samstag 22 Oktober 2011, 18:14:32 schrieb Nikos Chantziaras: On 10/22/2011 05:07 PM, Adam Carter wrote: there aren't any Linux viruses, Except for the ones listed on the page below, which is probably incomplete. http://en.wikipedia.org/wiki/Linux_malware But yeah, on a linux desktop (especially a Gentoo one) you don't need a virus scanner. Yet. There are literally *millions* of Windows viruses. The Wikipedia page just proves Linux has virtually no viruses, and those listed don't even work anymore (exploits have been patched long ago.) Most existing Linux malware targets servers (like PHP software exploits in forums, wikis, etc) and desktop users don't need to worry. Furthermore, even if there were enough Linux viruses to worry about, there isn't a good way of getting infected. On Windows, you download random executables from the net. On Gentoo, you install your stuff through portage. It's nearly impossible to get infected. except when someone puts up or takes over a rsync server and starts providing malicious ebuilds. Hilarious. -- #163933
Re: [gentoo-user] Re: Which desktop antivirus?
Furthermore, even if there were enough Linux viruses to worry about, there isn't a good way of getting infected. On Windows, you download random executables from the net. On Gentoo, you install your stuff through portage. It's nearly impossible to get infected. except when someone puts up or takes over a rsync server and starts providing malicious ebuilds. And most malware runs an exploit to install itself, it doesn't require the user to run an installation program. So typical attack vectors are: network services, documents/media files (.pdfs flash etc), and all the usual web stuff. As stated earlier buffer overflows against Gentoo would be a nightmare to write due to the system variabilityRHEL not so much.
