Re: AntiVirus?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 20 Mar 2005 16:10:03 -0500, Gregory Maxwell wrote:
> I've used xdelta in the past on update rpms... they are small.. but
> with current practice of not backporting fixes, they might end up
> bigger.

Yeah, OK. It'd be nice to have them anyway, the sheer volume of updates
makes them a pain to install even on ADSL.
  
> It's useless to only attack viruses, spyware is by *far* the bigger
> problem on windows desktops these days, and antiviruses are usually
> ineffective at stopping worms (since the whole internet gets infected
> before someone can identify the spreading method).

Right. Actually I have a prototype SELinux "quarantine zone" policy file
open in emacs right now. I've been writing a packaging/installer system
for a while and the spyware question is common enough to be in the FAQ:

  http://www.autopackage.org/faq.html#4_3

Not saying it's the right solution, but it's something I (we) have been
thinking about a fair bit.

> It's not even an arms race.. Once someone has gotten root priv code to
> run on your system  it's terribly difficult to remove it.  There are
> quite a few linux rootkits today that are harder than a reinstall to
> remove, and even once you've done that you fundamentally can't be sure
> that the system is secure.

There are rootkits that can't be removed by a format/reinstall? How does
that work?

> ClamAV is a cross platform antivirus package that supports both server
> scanning techniques (such as operating as a milter) and desktop style
> virus scanner support (intercepting file IO).  It has definitions for
> the existing linux viruses and worms, in addition to all the windows
> cruft.  As I said, it's a solved problem.

Ah interesting, I eat my words then. I guess you are right, solved problem
(though it'd have to be installed by default I guess, with some GUI?)

> Write software code that tracks changes to packages and detects changes
> that might introduce security weaknesses.  It's also a difficult
> problem, but probably an easier problem than antivirus in the long
> run... It would be useful today (since as you pointed out, bugs are
> added, often unintentionally), and isn't quite as vulnerable to the
> antivirus arms race.

The new GCC mudflap system might help here. I don't know how badly it hits
performance but I seem to recall reading it was meant to be used during
development only, so I guess a fair bit ... 

I think it'd be more interesting to try developing some kind of
whitelist/trust system to counter spyware/malware. Still it's a good idea.

Thanks for correcting some of my misconceptions!

-mike


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux