Antivirus on Linux
kplug at rebertia.com
Wed Mar 3 17:19:15 PST 2010
On Wed, Mar 3, 2010 at 1:22 PM, SJS <bofh at stremler.net> wrote:
> Ah.... peanut gallery time...
> begin quoting Tracy Reed as of Wed, Mar 03, 2010 at 12:47:31PM -0800:
>> On Wed, Mar 03, 2010 at 11:30:53AM -0800, James G. Sack (jim) spake thusly:
>> > I am a little confused, and perhaps I am misreading your messages; you
>> > seem to be advising someone against employing security measures, which I
>> > find surprising.
>> I am against employing security measures which are likely to be of so
>> little benefit which will cause so much hassle.
> All security should be viewed as a trade-off. Is the cost worth the
> benefit? If not, it probably isn't a good idea.
>> Enabling SE Linux on
>> the system is likely to be far more effective. Installing chkrootkit
>> which is months out of date (as in, last updated months ago) and only
>> does signature based scanning for a couple dozen different things is
>> pointless. One could say "But at least it scans for something and
>> that's better than nothing!" True. And the other rootkit scanner I
>> mentioned scans for a different set so why not install it too? Where
>> does it end?
> Install 'em all. And then tripwire, and quarantine the system when
> any unexpected change occurs.
>> The rules say the antimalware software must be "updated regularly" and
>> every interpretation of this rule I have read said this means
>> daily. Certainly not every few months.
> It's all about reducing one's exposure window.
>> It also mentioned producing an
>> audit log and various other things that the anti-malware software is
>> to do.
> Reading through logs is time-consuming, tedious, and boring. If only
> we had a machine that could do the tedious and boring tasks FOR us...
>> And the software is to be actively running. In the Windows
>> world that means able to detect a problem with a file as soon as you
>> download or open it.
> Isn't this a huge performance hit?
>> Not only once a night when the cron job goes off
>> (although the spec calls for this kind of scanning too). Everything
>> about this stinks of Windows.
> Don't forget the qualifier. The WIMP interface has nothing to do with
Seriously? I've /never/ seen capitalization used to indicate the
interface paradigm rather than the OS (except perhaps in an OOP class
Perhaps before I was born that could have been the case, but not this decade.
More information about the KPLUG-List