[Tfug] RH Linux virus software

Zack Williams zdwzdw at gmail.com
Thu Jul 30 11:13:42 MST 2009


> Any suggestions for anti-virus software for my Linux box?

Not generally needed (as is the case with most Unix variants).

> I'm also wondering if Linux doesn't get hit as often as Windows boxes with
> malware.  Is this the case?

It's a question of not running as a privileged user.  For example, on
a Windows machine, most consumers run with the equivalent of root
permissions and can change pretty much anything on the system,
including system files.   A browser or email hole can take over the
whole system.  To try to patch this, MS implemented user account
protection (UAP) aka, the annoying thing that pops up every time a
system level change is made.

Compare that to a traditional unix environment, where generally people
can't do much more than change the contents of their home directories.
   Thus, any security issue is relatively contained, barring an attack
which first takes over say the browser, then uses a local environment
hole to gain greater access, which would be much harder to engineer.

Macs are somewhere in the middle - they ship with the root user
disabled, and the first user created is an "admin" user, in the
equivalent of the BSD wheel group, so they can use sudo and install
programs after giving a password.  Ideally, you'd run as a non-admin
user similar to in Windows, as the admin group can modify the contents
of the /Applications folder by default.   OpenSolaris (and Solaris 11)
is similar, with a "pfexec" program standing in for sudo.

BTW, in most corporate settings on a domain, Windows users don't have
admin rights or are otherwise restricted from making system level
changes.    If you want to do the same on your personal Windows system
(which I would highly recommend), make a dedicated admin account, and
run as a non-admin user.    You can still right click and launch
programs with different privileges.

- Zack




More information about the tfug mailing list