[Wylug-discuss] Eeepc and virus protection

[Paul Brook]

> The eeepc is so impressive, we are thinking of giving them to our
> service engineers, which raises the question about virus protection.
> Before anyone comments, I know it runs Linux and consequently is much
> more robust than windows etc etc
>
> However,  this is a serious point if this bit of kit is to make the
> transition from school desk to work desk. Asus have now shipped 1
> million of these laptops so before too long someone is going to try and
> break one. Any suggestions/views anyone? It does have antivirus software
> pre- installed but I am not sure how effective it is.

Virus checkers only really check for known viruses signatures. Some claim to 
do "heuristic detection", but in practice these just catch minor variants of 
existing viruses.  Given there are approximately no linux viruses, /bin/true 
is a fairly effective virus checker :-)

The existing "linux virus checkers" are actually checking for windows viruses.

A rootkit generally needs to get its claws fairly deep into the OS. The linux 
kernel explicitly doesn't have a stable in-kernel binary ABI, so in practice 
rootkits need significant maintenance work for every new kernel release.

The most important thing is to make sure you keep your software properly 
updated. Annother poster implied that Asus aren't doing security updates for 
the eepc. I really hope this isn't true as unpatched linux machines aren't 
really much better than your average windows box. As a rule of thumb you 
should never let a machine into the wild unless it has an active 
support/security update mechanism.

The linux distro system also helps to avoid a lot of problems. A decent distro 
makes it fairly easy to have a policy of never installing third parts 
software, which significantly reduces the attach vectors.

If you're really paranoid you can (with a bit of work, and maybe not with 
Xandros) make your root FS readonly.

Paul