[LUNI] Free anti virus for Linux...
larry at garfieldtech.com
Mon Nov 22 18:58:41 CST 2004
Peter Harkins wrote:
>>Here's the short version of the answer: No. If you simply never run
>>untrusted executables while logged in as the root user (or equivalent),
>>all the "virus checkers" in the world will be at best superfluous; at
>>worst, downright harmful. "Hostile" executables (including viruses) are
>>almost unfindable in the Linux world and no real threat to it because
>>they lack root-user authority...
> The problem with this article of faith is that it's blatantly false; a virus
> could be very, very successful without root privileges. It can replicate,
> slowly corrupt or quickly destroy a user's files, and make the machine into
> a jumping-off point for spammers and crackers; and a virus could escalate
> its privileges through root over time, especially if it the author provides
> a mechanism for the virus to obtain new exploit code.
> It is a fact that Linux virus scanners are now unneeded, but this will not
> always be true due to some inherent property of Linux's design or user
Actually, it is the case the the Unix architecture is more
virus-resistant (not virus-proof, virus-resistant) than the Windows
architecture. Most Windows users I know run their computers as an
administrator, because the computer is only marginally useful otherwise.
You can't install software, perform certain updates, or even run some
programs unless you are an administrator. That means any malware you
download are ALSO administrator, and can do all kinds of evil things.
In Unix, the multi-user architecture is much better designed so that no
one except Linspire users runs as root by default. That means that a
malware program, by default, is limited in the scope of what it can do.
Executables are not available to it. Trojans are a threat, but viral
infection is much much harder to contract. That will remain the case as
long as there is a clear split between normal and administrator users,
and users aren't always in admin-mode. There will come more viruses and
malware for Linux, but they will be much harder to write and, generally,
will be much more limited in the damage they can cause.
Which means we need to be extra-careful to educate people to NOT be
stupid and run as root all the time, which means keeping people away
from Linspire. :-)
Larry Garfield AIM: LOLG42
larry at garfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an
idea, which an individual may exclusively possess as long as he keeps it
to himself; but the moment it is divulged, it forces itself into the
possession of every one, and the receiver cannot dispossess himself of
it." -- Thomas Jefferson
More information about the luni