Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux Servers and Antivirus

From: Louis APONTE <Louisaponte () WEBER EDU>
Date: Sat, 23 Jun 2012 09:05:03 -0600
Thank you Valdis for writing:

A/V software is a smoke alarm - it tells you something is on fire, and is a
last line of defense. But when it goes off, you're wishing that the combustion
hadn't started in the first place...
 
I like this analogy,  we also need to mention that "if" your Linux box is dealing in Windows file handling you will be 
a carrier.
This is certainly what we see with Mac's. I would urge this carrier aspect be seriously reviewed by anyone, if your box 
moves stores or handles Windows files.
 
la


On 6/22/2012 at 10:07 PM, in message <43718.1340424443 () turing-police cc vt edu>, Valdis Kletnieks 
<valdis.kletnieks () VT EDU> wrote:


On Fri, 22 Jun 2012 16:06:05 -0600, Louis APONTE said:

Kaiten , Rexob , Alaeda, Bad Bunny, Binom, Bliss, Brundle-Fly, The
Bukowski Project, Diesel, The Kagob Virus,  MetaPHOR,  Nuxbee, OSF.8759,
Podloso,  Rike,  RST,  Satyr, Staog,  VIT,  Winter, Lindose,  Wit,
ZipWorm,  Net-worm.linux.adm,  Adore, The Cheese Worm, Devnull,  Kork,
Lapper, The L10n Worm, The Mighty Worm, Millen, Ramen, The Slapper Worm,
SSH Bruteforce


That's all you can find?  After well over a *decade* of fairly heavy Linux use
in the server world?  Meanwhile, signature updates for Windows boxes run into
the dozens of megabytes...

Or you can look at the *actual* threat model against most Linux boxes, which
involves mostly hacking attacks rather than viruses, and all the
countermeasures for that - everything from iptables network filtering to
SELinux hardening to... lots of other stuff that's not antivirus.

And the funny thing is that those things *also* protect against viruses by
minimizing the attack surface, while AV software doesn't protect against much
of anything except viruses.

Or look at it differently - by the time the malware has gotten onto the box far
enough for A/V software to deal with it, it means your security has *already*
been breached.

A/V software is a smoke alarm - it tells you something is on fire, and is a
last line of defense.  But when it goes off, you're wishing that the combustion
hadn't started in the first place...
Previous By Date Next
Previous By Thread Next

Current thread: