[Wylug-discuss] Eeepc and virus protection

ALLEN, David David.ALLEN at eur.crowncork.com
Tue Apr 15 15:31:18 BST 2008 

It is good to see this topic is raising some serious discussion rather
than "it's linux so it won't get viruses" head in the sand attitude!

One of the real neat features of the eeepc ( for me anyway) is how it
comes preinstalled with all the features most users need and requires
minimal config to get it working. If you have to resort to re-installing
the OS, you may as well put XP on it (perish the thought) and use SMS to
update it automatically. For a virus to run it obviously has to install
and be executeable, so a very aggessive lock down policy may be the
answer. What prompted me to start thinking about this was all the talk
about sudo, which, of course, whould bypass any such security!

David



-----Original Message-----
From: Paul Brook [mailto:paul at codesourcery.com] 
Sent: 15 April 2008 15:11
To: wylug-discuss at wylug.org.uk
Cc: ALLEN, David
Subject: Re: [Wylug-discuss] Eeepc and virus protection

> The eeepc is so impressive, we are thinking of giving them to our 
> service engineers, which raises the question about virus protection.
> Before anyone comments, I know it runs Linux and consequently is much 
> more robust than windows etc etc
>
> However,  this is a serious point if this bit of kit is to make the 
> transition from school desk to work desk. Asus have now shipped 1 
> million of these laptops so before too long someone is going to try 
> and break one. Any suggestions/views anyone? It does have antivirus 
> software
> pre- installed but I am not sure how effective it is.

Virus checkers only really check for known viruses signatures. Some
claim to do "heuristic detection", but in practice these just catch
minor variants of existing viruses.  Given there are approximately no
linux viruses, /bin/true is a fairly effective virus checker :-)

The existing "linux virus checkers" are actually checking for windows
viruses.

A rootkit generally needs to get its claws fairly deep into the OS. The
linux kernel explicitly doesn't have a stable in-kernel binary ABI, so
in practice rootkits need significant maintenance work for every new
kernel release.

The most important thing is to make sure you keep your software properly
updated. Annother poster implied that Asus aren't doing security updates
for the eepc. I really hope this isn't true as unpatched linux machines
aren't really much better than your average windows box. As a rule of
thumb you should never let a machine into the wild unless it has an
active support/security update mechanism.

The linux distro system also helps to avoid a lot of problems. A decent
distro makes it fairly easy to have a policy of never installing third
parts software, which significantly reduces the attach vectors.

If you're really paranoid you can (with a bit of work, and maybe not
with
Xandros) make your root FS readonly.

Paul

CONFIDENTIALITY NOTICE  The information contained in this
e-mail is intended only for the confidential use of the above
named recipient. If you are not the intended recipient or person
responsible for delivering it to the intended recipient, you have
received this communication in error and must not distribute or 
copy it. Please accept the sender's apologies, notify the sender 
immediately by return e-mail and delete this communication.
Thank you.

More information about the Wylug-discuss mailing list