[Sussex] Re: Sourcing list of hardware

Wed Oct 25 11:22:25 UTC 2006

On Wed, 2006-10-25 at 10:07 +0100, angelo.servini at claybrook.co.uk wrote:
---- %< ------
> Ps.  These days there seems to be a lot of talk about viruses/worms and
> such like.  Is it worth installing a linux anti-virus solution just in
> case?
> 
> Just thought I'd ask.

Well there's a can of worms.  It seems to be the hot topic for Linux
bashers at the moment.  The answer is as follows - not right now.
Linux is not Windows, and no matter how many times people argue
otherwise the following are true:

Currently there are no viruses in common circulation
----------------------------------------------------

This may of course change - Windows zealots often claim that the only
reason there aren't any at the moment is because nobody is using Linux.
This is, of course, false - Linux servers are in massive circulation and
the sort of client viruses that Windows suffers from are far less likely
to occur for reasons discussed below.  

Apache (as an example) has been targeted and patched many times.  The
key here is that even when such attacks have been successful they've not
caused further damage to Linux systems - indeed I can think of a
specific example where a weakness in Apache was used to target Windows
systems connecting to it, but not a general machine to machine
propagation of Linux damaging virus (others may be able to correct me on
that).

Linux has an inherently more robust approach to its security model
------------------------------------------------------------------
True (at least historically), but not something to be over excited about
(or confident in) - nobody seeks to make an insecure system, it is naive
to suggest that this as a general title is the answer to everything. 

However, in particular Linux users cannot under normal circumstances
effect the machines system files (or other users) doesn't seek to
execute code without prior user intervention.

Linux mail clients do not provide a scripting environment
---------------------------------------------------------
This is a special case of the above point.  No matter how much it is
patched, the fact that outlook seeks to run arbitrary script in received
content is a security flaw.  It's infinitely worse than doing so in the
browser because usually you're not given the choice about whether you
receive a mail or not (the POP protocol supports this, but it's rarely
used by GUI tools).

Microsoft have cottoned on to the fundamental stupidity of this model
and provided options to prevent automatic previews etc.  Even so the
functionality is still there, many people still utilise it, and I know
of at least one company that mandates that it is turned on to support
their internal workflow system.

Major open source projects benefit from peer review
---------------------------------------------------
Which means you can trust for most major projects malicious code hasn't
been added.  You, *should* be able to do the same with closed source
software, but there are plenty of cases where this hasn't been true.

Modern source control tools like Subversion, GNU Arch, bzr and git can
all be set-up to require signing of check-ins as well (and extra step to
securing the source).

Backing this up in production it's worth noting that major distributions
test their packages before distribution and MD5sums (or the like) are
used to check that no further changes have been made.

GCC 4.x and apparmour offer some protection from common software flaws
-----------------------------------------------------------------------
Self explanatory really, but modern Linux distros often (but not always)
make use of these technologies to put a stop to the sort of holes that
sneak into programs unintentionally.  

Given all these points, and so long as you sensible enough not to
download arbitrary pieces of software and invoke them as root, the
benefits of installing anti-virus software on a Linux box right now are
not worth the effort involved.

-- 
Geoff Teale
Software Engineering Team Leader

Cmed Group Ltd.
Holmwood
Broadlands Business Campus
Langhurstwood Road
Horsham RH12 4QP
United Kingdom

T +44 (0)1403 755071
F +44 (0)1403 755051
E gteale at cmedresearch.com
W www.cmedresearch.com
__________________________________________________________

Driven by technology. Guided by experience.
__________________________________________________________