[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (erielack) Re: Viruses - Any virus protection for Linux?

Subject: Re: (erielack) Re: Viruses - Any virus protection for Linux?
From: Joseph Ferris <josephmferris_@_yahoo.com>
Date: Tue, 14 May 2002 13:41:10 -0700 (PDT)
In-Reply-To: <20020514124519.4020.qmail_@_web14305.mail.yahoo.com>

Okay, I'll try to be brief.  I know that this isn't exactly on topic,
but I'd like to share what I know, not just in response to the
original post but also to the rest of the list.  I know there are
more than two of us out there running Linux... :)  It is an important
can of worms.  My experience draws from real life Admin experience
with Linux Servers.

First, true "viruses" on Linux are very, very rare.  Most of what is
going around are Trojans where a user will attempt to gain access to
your computer via a shell script.  This script will set up a TCP
Server and take access to a certain port.  Depending on how much
rights the script had when running (depending on who you are logged
in as when you receive the payload) will determine the amount of
control the person using the trojan can have.  Some trojans are used
to gain control of the system, some use the TCP connection to
propagate itself, etc.

There is "anti-virus" software for Linux, but it is largely not
needed.  Many in the *Nix community believe that AV software is a
crutch for a poor system admin.  ;)  The AV software generally looks
for abnormalities in port configurations, monitors data transfer and
looks for know file names and contents of malicious scripts.

The following practices are ones that I have always used, and were
also in place in the last shop I worked at:

1.  Thou Shalt Not Be Root.  

Never log in to your machine as root to do normal computing tasks. 
su when you need to make changes.  This means that a Trojan will
normally not have rights that exceed yours.  If you are logged on as
a user, the script will usually have your rights.

2.  Thou Shalt Not Participate in Unprotected Network Activities.  

Using a firewall never hurts, even through a dialup ISP.  There are
really two categories of firewalls.  The first is a physical hardware
device.  These are highly configurable, intelligent pieces of
hardware that is overkill for most home users.  A software firewall,
like IPChains that comes with most Linux builds, will adequately
protect against Trojans that might try to latch on to a Port.  Only
open ports that you need to operate your day to day functionality.

3.  Thou Shalt Not Run Unneeded Services.

If you don't need it, don't use it.  Make sure that you don't have
services running that you don't need.  Virus threats are minimal
compared to service exploits.  If you are using your machine to just
surf the net and use as a workstation, turn off things like HTTPD,
FTPD and other servers that might be running.  On other perk of
turning things off that you don't need is usually a performance
boost.

4.  Thou Shall Stay in the Loop.

Pay attention to a couple of security sites.  A vulnerability in
Linux usually doesn't get near the press one in Windows does, you'll
have to keep your eyes open.  My preference,
http://www.linuxsecurity.com/.

- --Joseph


__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com

------------------------------

References:
- (erielack) Re: Viruses - Any virus protection for Linux?
  - From: Bob Mitchell <nebula07869_@_yahoo.com>

Prev by Date: Re: (erielack) Where is Smiley?
Next by Date: Re: (erielack) Where is Smiley?
Index(es):
- Chronological
- Thread