Ubuntu and virus protection

Tue Nov 3 09:26:51 GMT 2009

Barry Williams wrote:
> ...
> In my opinion Ubuntu and linux in general has little need for virus
> protection more information can be found here
> http://www.whylinuxisbetter.net/items/viruses/index.php?lang=
Ryan Ralph wrote:
> Hi Geoffrey,
> I'm a fairly simple user of ubuntu and use it mainly for browsing the
> internet and music playback. I don't see the need for antivirus on
> ubuntu as there are practically no viruses around that I've heard of.
> If you only download software from the repositories and don't run any
> suspect commands you shouldn't have a problem.
Lisa Milne wrote:
> ...
> Yeah, I tend to be of the same opinion. I don't use any antivirus (other
> than a check on my mail server so I don't pass anything on to windows
> users), and my main desktop is on a world resolvable IP address with no
> firewall other than Ubuntu's default iptables settings.

I must say that i feel that Barry, Ryan, and Lisa are giving bad
advice.  I see a lot of Mac users doing this too - they think that
because viruses generally aren't a problem for their platform (which is
quite true) that they don't need to take precautions (which is far from
true).  They also think that because they haven't heard of something,
it's not likely to happen to them.  The logic flaw in this should be
obvious: it requires infinite knowledge to have 100% confidence, and
there are new attacks being developed every day. [1]

The vast majority of attacks around today are related to organised
crime, often involving targeted spam/phishing attacks or so-called
"drive-by downloads", where users' data (especially passwords and
financial information) is sought. [2]  Most of these run in browsers and
are becoming increasingly cross-platform.  I read recently of an attack
on a vulnerability in the Adobe virtual machine (inside which Flash
runs) which required no platform-specific code in the injection vector
(only JavaScript and a specially-crafted Flash file).  It would be
simple for a malware developer to test which type of machine they were
running on and allow the exploit code to be cross-platform.

The "belt and braces approach" which "in the scrub" [3] wrote about is
not a nice to have - it's an essential.  There are still ways to be
unsafe online with Linux, and we should take precautions.  A great
resource for being informed about this is reading the SANS monthly
newsletter, "Ouch!". [4]  It has lots of good advice (although how much
applies to Linux users can vary) and offers a great way to stay informed
about how to help your Windows friends when they come to you with an
infected system asking for help!  ;-)

BTW, i forgot to mention earlier that there are also tools in Ubuntu to
help you keep an eye out for suspicious activity on your systems &
networks.  I use rkhunter, chkrootkit, and snort for this.

Paul

[1] See the explanation at http://en.wikipedia.org/wiki/Zero_day_attack
[2] See http://www.sans.org/top-cyber-security-risks/ for a nice summary
of current security issues.
[3]  BTW, "in the scrub", in the Ubuntu community, it's considered
polite to use your real name.
[4]  http://www.sans.org/newsletters/ouch/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-au/attachments/20091103/47edbc93/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: paul.vcf
Type: text/x-vcard
Size: 203 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/ubuntu-au/attachments/20091103/47edbc93/attachment-0001.vcf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4646 bytes
Desc: S/MIME Cryptographic Signature
Url : https://lists.ubuntu.com/archives/ubuntu-au/attachments/20091103/47edbc93/attachment-0001.bin 