Focus on Linux
Re: Re: Begs a question: AV in Linux (correction) Feb 05 2006 03:59AM
blahblah hotmail com (3 replies)
Re: Begs a question: AV in Linux (correction) Feb 06 2006 08:26PM
lucien Fransman (lucien fransman irc2 nl)
Re: Re: Begs a question: AV in Linux (correction) Feb 06 2006 07:00PM
Eric Rostetter (rostetter mail utexas edu) (1 replies)
Quoting blahblah (at) hotmail (dot) com [email concealed]:

> Although, you may want to run AV in linux for various reasons, some
> misleading points were made:

Yes.

> "If you run wine, zen, mach, vmware, or anything that runs or can run
> windows (or another vulnerable OS), than you should run AV in at least
> the virtual machine, and preferably in both linux and virtual machine."
>
> Is a little misleading:

As is your answer...

> wine - Just because a windows exploit exists in windows, does not
> mean it exists in wine. For example - if windows has a buffer
> exploit somewhere in its dlls, that does not mean it will exist in
> wine (and vice-versa). This is because the wine team is
> re-implementing the windows API without looking at the windows code,
> and the implementations will differ.

And as we just saw with the last big windows exploits, it _did_ exist
in wine as well as windows. So the fact is, wine will be vulnerable
to some of, but not all of, the same things as windows.

> zen, mach, vmware - just because the "can" run windows does not mean
> they "will" be running windows. If they aren't, don't bother.

As I pointed out, this isn't a windows problem. Viruses exists for
windows, Mac OS, windows products that run on other OS versions, etc.
So if you run any OS on there, or any product on there, that is
known to be virus friendly, then run an AV...

> "If you run openoffice, you are open to macro viruses and all the same
> things that hit MS Office apps, and you should run an AV if you don't
> want to be a hit by them, or spread them to others."
>
> Not correct in the least - openoffice can't run word macros
> (although you can chose to preserve them). Even if that capability
> exists at some point, this statement is still flat wrong - because
> the open office team would be re-implementing the code, and the
> vulnerabilities in the windows implementation would in all
> probability not exist in the open office implementation (see the
> wine argument). Most likely they would just have different
> vulnerabilities ;)

Can you prove this? I don't believe it is true. The one advantage of
OpenOffice is that it will not automatically run any macros like MS Office
did. So you have to manually run the macro to get infected. But since
most novice users will run anything sent to them, this is only of limited
value for a large number of novice users.

I know OpenOffice exluded some features of MS Office macros due to
security, but I don't think you can say they completely eliminated
macro virus usage in OpenOffice.

> "True. But you can help spread them."
> Bingo!
> And that's why ClamAV was made!
>
> Stu

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!

[ reply ]
Re: Begs a question: AV in Linux (correction) Feb 07 2006 11:21PM
Alan McKinnon (alan linuxholdings co za)
Re: Re: Begs a question: AV in Linux (correction) Feb 06 2006 06:11PM
Antoine Martin (antoine nagafix co uk)


 

Privacy Statement
Copyright 2010, SecurityFocus