Just curious on other peoples opinion, what type of scanner would you recommend?

Not required. But if you must:
su
yum install clamav clamtk

Note that on-access scanning is unknown in Linux.

V

You can run Avast! and several others in Fedora, but it is not necessary unless you want to scan your Windows partition with it. Clamav is manly for scanning email.

Don't need one. A while ago, I a copy of the conficker worm on a usb key and laughed! I'm immune to that sort of thing.

Just curious on other peoples opinion, what type of scanner would you recommend?

As others said: you don't need one in Linux. In 10 years of using Linux I have never encountered a single instance of a virus.

In fact, one of the most effective (and very fast) means to get rid of some naughty Windows viruses is to boot into Linux and then either remove or rename the files they created.

The way that Linux works makes it somewhat insusceptible to the traditional MS virus problem. The primary reason for this is that users don't run dangerous things while holding administrative access rights.

All systems have security holes, and all systems can be compromised, nice thing about Linux is that a single security hole may only affect a small minority of systems that are configured in a way that makes them vulnerable.

What you DO tend to find in Linux are hacks and scripts. If someone lucks out and guesses a password for your SSH server, you may end up with a zombie serving pr0n or spam.

It is typically UP TO THE ADMINISTRATOR to track and maintain such problems.


Most of the use of AV on Linux is to keep the DATA safe for MS clients. Scan the mail, scan the samba share, scan the network for bad stuff. What makes Linux *particularly* great for this is that it is scanning for things that CAN'T AFFECT IT. Use an MS server to scan for MS viruses? How do you know that the thing isn't infected with a virus itself and letting them all through?


Unless you're providing services to MS clients, don't waste time on an AV.

I found it surprising that Symantec has taken an interest in Linux.

Check out SAVFL (Symantec Antivirus for Linux).

I found it surprising that Symantec has taken an interest in Linux.

Check out SAVFL (Symantec Antivirus for Linux).

Why be suprised? There are millions of people using Linux, many of them new and uninformed. Perfect customers.

yeap,you coollllll

You realize that you've given the same exact reply to two different threads?

http://forums.fedoraforum.org/showpost.php?p=1444570&postcount=8

You realize that you've given the same exact reply to two different threads?Spammer. Terminated with prejudice.

V

I'm not impressed with the "don't need one" argument, OTOH I don't use one.

Even if your scanner/anti-vir just prevents Windoze malware, that's still a net good for society.

I have a lot of problems with the whole 'scanner' concept. It can't detect a problem until it's on your system and matches some well-known signature. Far better to prevent the problem than to pretend you can clean-up afterward.

I'm not impressed with the "don't need one" argument, OTOH I don't use one.



One who is without Windows partitions and who doesn't email out .doc files doesn't really need anti-virus, won't you agree?

Just a newbie question!, is it safe to do bank transactions & online purchase from a linux sustem?

A bit off topic but imho they can make the communications as secure as they want but the bottom line is, I don't what in he11 the other guy does with that information. So cash is king and credit card purchases can be disputed.

Back on topic. I normally just run clamav to keep samba's files clean.

Just a newbie question!, is it safe to do bank transactions & online purchase from a linux sustem?

Safer than any other OS, with the possible exception of BSD, or Unix. None of the Windows malware will work on Linux. Just make sure you've got a secure http connection. The address will have a https in the url and the browser will have a padlock in the lower right hand corner.

Safer than any other OS, with the possible exception of BSD, or Unix. None of the Windows malware will work on Linux. Just make sure you've got a secure http connection. The address will have a https in the url and the browser will have a padlock in the lower right hand corner.

I really wouldn't go all that far. Remember that there is virtually NOTHING protecting the user account from web-born malware, and that your web browser is perfectly happy to run user-installed plugins and extensions.

You still need to be careful about running random crap you find on the internet.

I really wouldn't go all that far. Remember that there is virtually NOTHING protecting the user account from web-born malware, and that your web browser is perfectly happy to run user-installed plugins and extensions.

You still need to be careful about running random crap you find on the internet.

Sure, but I was comparing it to other OSs.

Sure, but I was comparing it to other OSs.

I absolutely agree that the degree of risk is much lower. FOR NOW.

As linux takes off, and it is REALLY taking off (Android is #1 smartphone platform globally, and smartphones outsell pc's), the instances of compatible malware are certain to grow as well.

At XX Cents per text or minute... don't be surprised if teleco writes them themselves. :(

Not required. But if you must:
su
yum install clamav clamtk

Note that on-access scanning is unknown in Linux.

V

Unless I misunderstand you, Dazuko enables on-access scanning with Klamav (and other AV software) in Linux. I've used it before, but it is a pain.

http://en.wikipedia.org/wiki/Dazuko

Here is my previous experience with Dazuko with Mandriva KDE.
http://forum.mandriva.com/en/viewtopic.php?f=7&t=92213

I absolutely agree that the degree of risk is much lower. FOR NOW.

As linux takes off, and it is REALLY taking off (Android is #1 smartphone platform globally, and smartphones outsell pc's), the instances of compatible malware are certain to grow as well.

I read (http://www.darkreading.com/insider-threat/167801100/security/vulnerabilities/229219534/newl) this last night. :(

One who is without Windows partitions and who doesn't email out .doc files doesn't really need anti-virus, won't you agree?

No - I don't agree at all. .doc files are only one vector among dozens of likely candidates, and there are some Linux virii and trojans ut there. For a lot of reasons Linux has nly a tiny fraction of the problems as Win - but we are not immune.

Just a newbie question!, is it safe to do bank transactions & online purchase from a linux sustem?

I agree it's MUCH safer than Windows. Still - it depends on your level of paranoia. If for example you use firefox or other mozilla products and install 3rd party add-ons or extensions - it's pretty certain that add-on/extension has not had a proper security review. I'm a shocked at how easy it is for a developers to get security related packages into the Fedora repositories without a proper review.

I have a friend who boots a Fedora live CD and uses firefox from there for banking. Since the media is read-only there is no chance of even cookies persisting - he has a known clean copy. You might do similar from a VM.

I absolutely agree that the degree of risk is much lower. FOR NOW.

As linux takes off, and it is REALLY taking off (Android is #1 smartphone platform globally, and smartphones outsell pc's), the instances of compatible malware are certain to grow as well.

Probably true, but I think we are working from a much more secure starting point than Win or others. Also the are a load of Linux servers that have a larger attack profile and aren't greatly bothered As far as I know Android doesn't implement SELinux or other MAC security. The userspace is largely replaced as I understand it, so this means lots of new bugs and therefore security holes - but these are unlikely to impact Linux userspace. Three real and serious kernel bugs come to mind in the past ~5 years - and if someone used some remaining kernel bug for an Android exploit it might impact Linux.

This guy says anti-virus software isn't even needed for Windows:

http://www.dedoimedo.com/computers/linux-av-cd.html

Thoughts?

This guy says anti-virus software isn't even needed for Windows:

http://www.dedoimedo.com/computers/linux-av-cd.html

Thoughts?
I skimmed that really quickly, but from what I see, he is basically advocating leaving it alone, waiting until IT IS infected, and then cleaning it using one of various livecds.

Simply put, wondoze does NOT need an antivirus, IF you do not ever connect it to a network and do not ever connect any type of data storage device to it that has been connected to other machines.

---------- Post added at 04:12 PM ---------- Previous post was at 04:05 PM ----------

Probably true, but I think we are working from a much more secure starting point than Win or others.
Of course.
Also the are a load of Linux servers that have a larger attack profile and aren't greatly bothered
True.
As far as I know Android doesn't implement SELinux or other MAC security.
Correct.
The userspace is largely replaced as I understand it, so this means lots of new bugs and therefore security holes - but these are unlikely to impact Linux userspace.
Android userspace is a lot smaller than desktop linux userspace. It is also segmented differently. Where a desktop linux user will run all software as the same user, Android runs each installed package as a separate user (with certain limited exceptions). From my perspective, this makes the kernel a greater target on Android than userspace, and kernel exploits, as you mention next, are also applicable to desktop linux.
Three real and serious kernel bugs come to mind in the past ~5 years - and if someone used some remaining kernel bug for an Android exploit it might impact Linux.
One of those three, which was a privilege escalation exploit, was actually used to achieve root access on some android phones.

Android userspace is a lot smaller than desktop linux userspace. It is also segmented differently. Where a desktop linux user will run all software as the same user, Android runs each installed package as a separate user (with certain limited exceptions). From my perspective, this makes the kernel a greater target on Android than userspace, and kernel exploits, as you mention next, are also applicable to desktop linux.


But they aren't using the glibc tho - correct ? And with separate user-processes it means you have to have more inter-user IPC methods in use - and that could be an attack vector.

One of those three, which was a privilege escalation exploit, was actually used to achieve root access on some android phones.

Also interesting - one used a glitch the the mmu or slab handling - and I suppose that is unlikely to be the same off an x86. Another more recent used the kernel socket mechanism to write over some kernel code and create an exploit. Can't remember the details of the 3rd at the moment.

thanks for the insight.

Yup - Android is a bit behind in kernel version updates.

Yup - Android is a bit behind in kernel version updates.

Really ? The android repositories show them working with 2.6.38-rc6, which is a couple days old on the 'kernel.org' stable' list.
http://android.git.kernel.org/?p=kernel/omap.git;a=blob;f=Makefile;h=26d7d824db51ce8b78ac0 35820935448f5be6b2c;hb=HEAD

It looks like a lot of users are on 2.6.27 through 2.6.29 - which isn't too bad. The git repo shows the 'common' kernel directory with 2.6.32, 2.6.37, and 2.6.38(various RCs)
It seems there Android patches were suspended from the kernel between 2.6.33-2.6.36.

I googled the exploit and the one I found was Motorola last Summer using a 2.6.17 unpatched to avoid the slab/mmap exploit (for the Arm). The patch was available but they missed it.

Android is not part of the Kernel development, so they have to constantly backport patches to the kernel. That alone makes them behind by a couple of months at a minimum.

In addition, there is the delay after the backporting effort to verify things work, then to get them passed on to the vendors for their patches (if any). The final delay is between the vendors and the customers.

Unless I misunderstand you, Dazuko enables on-access scanning with Klamav (and other AV software) in Linux. I've used it before, but it is a pain.

http://en.wikipedia.org/wiki/Dazuko

Here is my previous experience with Dazuko with Mandriva KDE.
http://forum.mandriva.com/en/viewtopic.php?f=7&t=92213You are correct: I should have written "... on-access scanning is virtually unknown in Linux." Or "... on-access scanning is unknown in Linux for all practical purposes." I have known about Dazuko, but this is the first time that I have _ever_ heard of it being successfully used (apparently?), and that on Mandrival, not Fedora. Personally, I never could get past this obstacle: http://dazuko.dnsalias.org/wiki/index.php/FAQ_(Dazuko_2.x)#What_are_the_known_issues_with_Fe dora_Core_Linux.3F. That's for Dazuko 2.x - I don't know if it still applies to Dazuko 3.x, but I suspect similar or worse issues await. As your own excursion into Dazuko clearly shows: far more trouble than it's worth, especially for someone new to Fedora/Linux.

V

Not to mention the performance penalty imposed by having a minimum of two context switches (plus any paging activity) per file open.