Virus paranoia

jaideep_jdof · 2007-10-01 08:58:40

I know this is a question which has a never ending answer but please tell me if keep my system uptodate then am i safe from viruses. And as the number of viruses for linux is increasing what protects linux from viruses is it the architecture or the large number of distros available and the minute differences in these distros.

hussam · 2007-10-01 09:50:34

Actually there aren't many viruses in the wild that affect Linux. But even if there were, you are unlikely to infect anything outside your home directory because you only run specific programs as root and you only install things via your package manager. This means your actual ArchLinux installation is unlikely to be affected.

If you are that worried, install clamav, run freshclam to update your virus definitions, then run 'clamscan --recursive --infected /home'. I do that every Sunday morning via a cron job.

Windows users get viruses because they run their default accounts with administrative privileges. This means a virus can infect the whole system including the windows installation. They also go around installing a lot of random programs they download from a lot of untrusted sources on the internet.

By design, Linux is a lot safer. It is unlikely that an open source program that you installed via pacman will kill your system.

Last edited by hussam (2007-10-01 09:54:12)

jaideep_jdof · 2007-10-01 12:47:19

Thanks, this puts my mind at ease. Please could you tell me the command to add this cron job. Any idea how to disable root login in KDM.

iphitus · 2007-10-01 13:54:36

Most of those linux virus scanners check for windows viruses. The idea is that they run on mailservers, or you can run them to make sure you're not silly enough to forward on viruses.

James

jaideep_jdof · 2007-10-01 15:16:19

Doesn't clamav scan for those few linux viruses which exists.

vacant · 2007-10-01 16:05:33

jaideep_jdof wrote:

Any idea how to disable root login in KDM.

In /opt/kde/share/config/kdm/kdmrc change AllowRootLogin:

AllowRootLogin=false

kensai · 2007-10-01 16:34:11

jaideep_jdof wrote:

Doesn't clamav scan for those few linux viruses which exists.

From what I've read on the net, I understand it does scan for those few Linux viruses, well, in fact is pretty logical to assume so. Read this to get basic understanding on Linux and viruses, well you should not be paranoid it is almost impossible to catch a virus in Linux and even more impossible that it will affect other directory than /home/youruser. Linux isn't that way cause not many people target it, is that ways cause it really is better and more securely constructed.

jaideep_jdof · 2007-10-01 18:10:15

Thanks that was helpful.

lumiwa · 2007-10-02 00:09:52

http://linuxmafia.com/~rick/faq/index.php?page=virus
http://stason.org/TULARC/os/linux.virus.html
http://www.theregister.co.uk/2003/10/06 … s_viruses/
http://digg.com/linux_unix/My_first_linux_virus

Some are old but...

ezzetabi · 2007-10-03 05:54:25

What about http://free.grisoft.com/doc/5390/us/frt/0?prd=afl ?
I used it when I was using Fedora, it works well I think.

lilsirecho · 2007-10-03 06:05:18

I run root and have done so for eight years with no problems.........

test1000 · 2007-10-03 07:42:10

haha! quote of the year. I'd definitely do that too if it weren't for sudo and the fact that some programs EXPECT you to run as user and act in weird ways if not run as user.

kensai · 2007-10-03 13:12:27

lilsirecho wrote:

I run root and have done so for eight years with no problems.........

Can you please send me your IP adress? I just want it for research purposes. I think you are so used to the way windows makes you Admin all the time.

Last edited by kensai (2007-10-03 13:13:17)

jaideep_jdof · 2007-10-04 20:15:21

I am using antivir i have installed dazuko module for on access scanning. But i have to rebuild the dazuko module against every new kernel. Is there any other alternative.

Acid7711 · 2007-10-04 21:09:17

lilsirecho wrote:

I run root and have done so for eight years with no problems.........

Yeah, Totally defeating the security benefits of using Linux imo. I have friends that do this and I always frown upon it. I don't understand why people are too lazy to type 'su'.

hussam · 2007-10-05 09:21:20

Even sudo isn't necessary in my opinion. I just do for example: su -c 'pacman -Syu'

Damnshock · 2007-10-05 09:29:54

jaideep_jdof wrote:

I am using antivir i have installed dazuko module for on access scanning. But i have to rebuild the dazuko module against every new kernel. Is there any other alternative.

Don't update the kernel

Gullible Jones · 2007-10-05 16:03:52

Well, you could try using ClamAV, that does on-access scanning in userland IIRC...

(Keep in mind that on-access scanning generally isn't necessary on Linux, unless you're scanning stuff on a server for Windows viruses. An on-access scanner can in fact be a security hazard, since it's another daemon that can potentially be subverted...)

hussam · 2007-10-06 04:00:38

Gullible Jones wrote:

Well, you could try using ClamAV, that does on-access scanning in userland IIRC...
(Keep in mind that on-access scanning generally isn't necessary on Linux, unless you're scanning stuff on a server for Windows viruses. An on-access scanner can in fact be a security hazard, since it's another daemon that can potentially be subverted...)

Clamd also uses dazuko. I've tried it and it slowed the system a bit too much.

jaideep_jdof · 2007-10-07 13:06:24

I am using antivir and the system does feel little slow but acceptable. Its better to be safe than sorry.

skottish · 2007-10-09 02:04:08

There are a few very important things to keep in mind here. First off, running virus scans and such on a Linux box is a good idea. Complacency in the Linux world is not a good thing. I personally don't run the anti-virus stuff on everything though. Usually just when I download something that doesn't come out of Arch or a very trusted sight. For instance, KMail checks everything with ClamAV on my system.

Second, virus writers don't usually write viruses for Linux; they write them on Linux.

Last edited by skottish (2007-10-09 02:04:56)

jaideep_jdof · 2007-10-09 14:46:57

skottish wrote:

Second, virus writers don't usually write viruses for Linux; they write them on Linux.

But no one knows when table get turned on linux.;)

kensai · 2007-10-09 15:03:39

jaideep_jdof wrote:

skottish wrote:
Second, virus writers don't usually write viruses for Linux; they write them on Linux.
But no one knows when table get turned on linux.;)

It won't be a thread neither, they will affect /home only, and will require huge amounts of dumminess [sic] by the end-user to get infected, still there will be people that get infected . People always care too much about this, well Linux on the desktop is solid right now, yet, how many security threads we have? well, there are lots, but how many have you got? None in my case. And is very, rare a Linux user gets a rootkit installed or a virus. Also, when the tables turn, be happy, Linux won over MS, so is time to switch to *BSD and make that your /home until it beats Linux afterward and then if in the next 10 years GNU/Hurd is released try that, well if Duke Nukem Forever has hopes of still being released soon, hurd has it too.

Last edited by kensai (2007-10-09 15:09:47)

zodmaner · 2007-10-09 15:24:23

kensai wrote:

Also, when the tables turn, be happy, Linux won over MS, so is time to switch to *BSD and make that your /home until it beats Linux afterward

lol. My thought exactly.

Anyway, I personally believe that all the anti-virus kits in the world won't help you if the end-user don't know what he/she is doing. So education and a dose of common sense is the best defense against virii we can give to user.

Last edited by zodmaner (2007-10-09 15:24:46)

theringmaster · 2007-10-09 15:27:25

hussam wrote:

Even sudo isn't necessary in my opinion. I just do for example: su -c 'pacman -Syu'

I was needing this command forever. I guess I should have read the man page. sudo is a pain in the butt to set up and use imho.

Last edited by theringmaster (2007-10-09 15:29:59)

Arch Linux

#1 2007-10-01 08:58:40

Virus paranoia

#2 2007-10-01 09:50:34

Re: Virus paranoia

#3 2007-10-01 12:47:19

Re: Virus paranoia

#4 2007-10-01 13:54:36

Re: Virus paranoia

#5 2007-10-01 15:16:19

Re: Virus paranoia

#6 2007-10-01 16:05:33

Re: Virus paranoia

#7 2007-10-01 16:34:11

Re: Virus paranoia

#8 2007-10-01 18:10:15

Re: Virus paranoia

#9 2007-10-02 00:09:52

Re: Virus paranoia

#10 2007-10-03 05:54:25

Re: Virus paranoia

#11 2007-10-03 06:05:18

Re: Virus paranoia

#12 2007-10-03 07:42:10

Re: Virus paranoia

#13 2007-10-03 13:12:27

Re: Virus paranoia

#14 2007-10-04 20:15:21

Re: Virus paranoia

#15 2007-10-04 21:09:17

Re: Virus paranoia

#16 2007-10-05 09:21:20

Re: Virus paranoia

#17 2007-10-05 09:29:54

Re: Virus paranoia

#18 2007-10-05 16:03:52

Re: Virus paranoia

#19 2007-10-06 04:00:38

Re: Virus paranoia

#20 2007-10-07 13:06:24

Re: Virus paranoia

#21 2007-10-09 02:04:08

Re: Virus paranoia

#22 2007-10-09 14:46:57

Re: Virus paranoia

#23 2007-10-09 15:03:39

Re: Virus paranoia

#24 2007-10-09 15:24:23

Re: Virus paranoia

#25 2007-10-09 15:27:25

Re: Virus paranoia

Board footer