[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Antivirus? (and firewalls)

To: <independence-l@independence.seul.org>
Subject: Re: Antivirus? (and firewalls)
From: "Lee Sharp" <lee@insync.net>
Date: Wed, 11 Aug 1999 09:33:43 -0500
Reply-To: independence-l@independence.seul.org
Sender: owner-independence-l@independence.seul.org

>So native Linux viruses are not a real risk? I've heard that Bliss was less
>dangerous than first reported:

>http://www5.zdnet.com/anchordesk/talkback/talkback_7097.html

>but there was apparently another native Linux virus:

>http://www.avpve.com/viruses/unix/vit.html


   The second one is a virus, but the first one is more like a Trojan.  Both
can do damage and replicate, but both require real access to run.  The
danger here is running as root.  The best thing we can do is to educate
people about the dangers of running as root.
   One thing that would make running as a user easier is to set up a "Run
Controlpanel as root" for KDE like the "Open console as root" menu item.  It
will spawn root processes, so you have all the functionality of a root
desktop without the security aspects.

>Since posting my previous msg I turned up a couple of collections of
>antivirus programs for Linux, but what Lee said seems to apply to all of
them:

>>The McAfee products looks for Windows Viruses on a Linux fileserver.

>Thanks for jogging my memory -- that's what their NetShield for Netware
does.

>I'm concerned only about native Linux viruses. I run a Linux server and
>would like to test it for vulnerability to hacker attacks, before adding my
>development system to the local net and taking the whole thing online via
>dial-up. A software firewall might be a good idea, but that might be too
far
>off-topic for Inde?

   Not really.  IPchains is in it...  If we could make a GUI for IPchains,
and make it easy, it would be something that would get a lot of good
publicity for us.

>I'd like to run a program like SATAN/SAINT to check for security holes, but
>most of those programs want to run with root access. At least one version
of
>SATAN was reportedly hacked to become malicious, which brought up my
concern
>about protection from viruses / worms / trojans.

   Go to http://www.enteract.com/~lspitz/pubs.html and read the whitepapers.
He is very good, yet the papers are easy to read.  A very good starting
point...  He gives pointers to a lot of tools as well.

            Lee

Prev by Date: Re: Antivirus? (and firewalls)
Next by Date: Re: Antivirus? (and firewalls)
Prev by thread: Re: Antivirus? (and firewalls)
Next by thread: Re: Antivirus? (and firewalls)
Index(es):
- Date
- Thread