Educause Security Discussion mailing list archives
Re: Linux Servers and Antivirus
From: Louis APONTE <Louisaponte () WEBER EDU>
Date: Sat, 23 Jun 2012 09:05:03 -0600
Thank you Valdis for writing: A/V software is a smoke alarm - it tells you something is on fire, and is a last line of defense. But when it goes off, you're wishing that the combustion hadn't started in the first place... I like this analogy, we also need to mention that "if" your Linux box is dealing in Windows file handling you will be a carrier. This is certainly what we see with Mac's. I would urge this carrier aspect be seriously reviewed by anyone, if your box moves stores or handles Windows files. la
On 6/22/2012 at 10:07 PM, in message <43718.1340424443 () turing-police cc vt edu>, Valdis Kletnieks <valdis.kletnieks () VT EDU> wrote:
On Fri, 22 Jun 2012 16:06:05 -0600, Louis APONTE said:
Kaiten , Rexob , Alaeda, Bad Bunny, Binom, Bliss, Brundle-Fly, The Bukowski Project, Diesel, The Kagob Virus, MetaPHOR, Nuxbee, OSF.8759, Podloso, Rike, RST, Satyr, Staog, VIT, Winter, Lindose, Wit, ZipWorm, Net-worm.linux.adm, Adore, The Cheese Worm, Devnull, Kork, Lapper, The L10n Worm, The Mighty Worm, Millen, Ramen, The Slapper Worm, SSH Bruteforce
That's all you can find? After well over a *decade* of fairly heavy Linux use in the server world? Meanwhile, signature updates for Windows boxes run into the dozens of megabytes... Or you can look at the *actual* threat model against most Linux boxes, which involves mostly hacking attacks rather than viruses, and all the countermeasures for that - everything from iptables network filtering to SELinux hardening to... lots of other stuff that's not antivirus. And the funny thing is that those things *also* protect against viruses by minimizing the attack surface, while AV software doesn't protect against much of anything except viruses. Or look at it differently - by the time the malware has gotten onto the box far enough for A/V software to deal with it, it means your security has *already* been breached. A/V software is a smoke alarm - it tells you something is on fire, and is a last line of defense. But when it goes off, you're wishing that the combustion hadn't started in the first place...
Current thread:
- Linux Servers and Antivirus Jim Furstenbrg (Jun 22)
- Re: Linux Servers and Antivirus Aaron Hockett (Jun 22)
- Re: Linux Servers and Antivirus Harry Hoffman (Jun 22)
- Re: Linux Servers and Antivirus Valdis Kletnieks (Jun 22)
- Re: Linux Servers and Antivirus Harry Hoffman (Jun 22)
- Re: Linux Servers and Antivirus Kerry Havens (Jun 22)
- Re: Linux Servers and Antivirus Blake Penn (Jun 25)
- Re: Linux Servers and Antivirus Valdis Kletnieks (Jun 22)
- Re: Linux Servers and Antivirus Brad Judy (Jun 22)
- Re: Linux Servers and Antivirus Louis APONTE (Jun 22)
- Re: Linux Servers and Antivirus Valdis Kletnieks (Jun 22)
- Re: Linux Servers and Antivirus Louis APONTE (Jun 23)
- Re: Linux Servers and Antivirus Valdis Kletnieks (Jun 22)