Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Tasmanian Dept. of Education Wants Anti-Virus for Linux, OS X

timothy posted more than 3 years ago | from the belt-and-suspenders-and-pants-full-of-glue dept.

Australia 396

An anonymous reader writes "One of Australia's largest government technology buyers, the Tasmanian Department of Education, has gone to market for a security vendor to supply anti-virus software for its 40,000-odd desktop PCs and laptops, as well as servers. But the department's not just running Windows — it runs Mac OS X and Linux as well, and has requested that whatever solution it buys must be able to run on those platforms as well. But have we reached the stage were Mac OS X and Linux even need third-party security software? It seems like most Mac and Linux users don't run it."

Sorry! There are no comments related to the filter you selected.

no (3, Insightful)

Anonymous Coward | more than 3 years ago | (#35997920)

no.

Passing on Viruses (4, Insightful)

Anonymous Coward | more than 3 years ago | (#35997922)

A computer can still pass on a virus even if it cannot directly infect you. It might not be your responsibility but will a child know this? If he forwards an attachment unwittingly or something?

Linux users and Mac users could accidentally infect a Windows user.

Re:Passing on Viruses (0)

Anonymous Coward | more than 3 years ago | (#35997948)

so you have anti virus on the windows machines

although i did see a linux antivirus at one stage, dont recall who made it now but was for servers running as mail or file servers for windows users

Re:Passing on Viruses (2)

somersault (912633) | more than 3 years ago | (#35997974)

Or antivirus on the email server, pretty sure there are Linux solutions for that.

Re:Passing on Viruses (4, Insightful)

Ailure (853833) | more than 3 years ago | (#35998130)

You're probably thinking of ClamAV http://www.clamav.net/ [clamav.net]

Re:Passing on Viruses (1)

V for Vendetta (1204898) | more than 3 years ago | (#35998398)

Seems like Kaspersky [kaspersky.com] is also supporting Linux machines (WS + servers).

Re:Passing on Viruses (5, Informative)

Mouldy (1322581) | more than 3 years ago | (#35997966)

This is exactly why antivirus software for Linux already exists, they probably catch a couple of Linux viruses too, but the majority of their definitions are Windows viruses.

I've set up ClamAV on my Linux mail server to catch most dodgy stuff before it reaches my Windows PC. I also recently installed it onto my Linux Netbook to scan a friend's external hard drive for a Windows virus. I haven't been following the latest security news, so didn't particularly want to risk plugging it into my friend's or my Windows machine to scan it.

So I agree, there definitely is a use for Linux-based anti virus software...even if my own uses are mainly concerned with protecting Windows machines.

Re:Passing on Viruses (2)

Compaqt (1758360) | more than 3 years ago | (#35998038)

Do have it set up to receive mail from Postfix, and then pass it on to Dovecot for distribution?

Or does ClamAV get a crack at mail first before Postfix?

Is there a way to scan an email as you're receiving it, and then stop in the middle of the process, making it look like you have a bad SMTP server, which hopefully spammers won't bother with again?

Oh, and, are you running Amavis, and SpamAssasin, too?

Re:Passing on Viruses (1)

MattBD (1157291) | more than 3 years ago | (#35998322)

As far as I'm aware ClamAV would only get to the mail after Postfix in such a setup. However, it's possible that the sort of thing you're looking for could be achieved using Postfix's greylisting capability. If you're not familiar with it, I understand that with greylisting, when an email is received from an unknown mail server, it's automatically rejected with a "try again later" message. When it's received a second time, it's accepted. After a certain number of successful deliveries, the sending mail server is whitelisted. The idea is that most spammers use MTA's that aren't exactly RFC-compliant so they won't bother trying to resend it. You can also manually whitelist addresses if you want.

Re:Passing on Viruses (4, Informative)

memzer (2033838) | more than 3 years ago | (#35998380)

I'm guessing this was meant to be a troll but really things aren't as bad as you make them out to be these days...

If you're setting up a mail server there are packages available which integrate all of the things you mentioned above into easier to manage / maintain systems. For example one popular one is iRedMail http://www.iredmail.org/features.html [iredmail.org] which can be set up by an intermediate user in around 1 Minute [Video: http://www.youtube.com/watch?v=wi8CF3RKRm4%5D [youtube.com] .

If you are implying it's much more complicated for the end user then you're kidding yourself as well. These days there are guides for most popular distributions and usually it's not much more difficult than installing the software and/or configuring an addon. For example, the Ubuntu community guide has easy to follow instructions for configuring Thunderbird with ClamAV. The process is by no means difficut (install, set ports, install addon) and takes less than a minute to complete for a novice user capable of following some instructions.

There are of course users who would find following such a guide too difficult but really these users simply lack the experience, confidence, patience or time to do so anway. They're likely the same users who pay somebody else (or come to you, their friend / relative) to install the software for them ;)

Point I'm trying to make for people thinking of giving it a try is that it is a lot easier to do than the parent implies - even for novice-intermediate users.

Re:Passing on Viruses (4, Informative)

memzer (2033838) | more than 3 years ago | (#35998414)

Link to the Ubuntu Community Guide for scanning email using Thunderbird and ClamAV for those interested:

https://help.ubuntu.com/community/ScanningEmail [ubuntu.com]

Re:Passing on Viruses (1, Interesting)

willy_me (212994) | more than 3 years ago | (#35998090)

I have also used ClamAV - but it is horrible for finding most viruses. It is probably great for scanning email but it simply is not reliable enough for detecting viruses in downloaded files. I use Windows in a VM and have found numerous occasions when ClamAV would not detect a virus (scanned by the host machine). Scanning the file with most other free Windows anti-virus products results in the virus being found. So while I would love it if ClamAV did the job, it just doesn't.

Re:Passing on Viruses (5)

Bert64 (520050) | more than 3 years ago | (#35998196)

I have found the same thing happen with most other AV engines too...

I have done a number of incident response jobs whereby a machine has become infected and its my job to work out what happened...

All machines were windows...
All machines were running some kind of AV (multiple different vendors).
Every machine had a persistent piece of malware present on it.
The AV actually installed failed to detect the malware.
Testing the malware with other AV engines found that some would find it, i never encountered anything totally new that wasn't detected by anything.

Re:Passing on Viruses (2)

Lennie (16154) | more than 3 years ago | (#35998262)

As many have already figured out, AV is pretty useless.

It is nowhere near fullproof.

Re:Passing on Viruses (1)

Lennie (16154) | more than 3 years ago | (#35998314)

Maybe I should add why.

There are more viruses created every hour (automated) than any anti-virus company can handle.

I actually doubt that if they all worked together really well they would be able to have an up to date list.

I'm surprised the botnet operators haven't yet used the botnet to create the new variants every few emails/HTML-form-posts/whatever they do.

Re:Passing on Viruses (0)

Anonymous Coward | more than 3 years ago | (#35998444)

There are more viruses created every hour (automated) than any anti-virus company can handle.

If the viruses are being created by an algorithm then you can find the common denominator between them and detect all viruses created by that generator algorithm. The only sort of algorithm that would be able to pull that off is a Genetic Algorithm but I can't see how you would apply it to a virus since you'd need a fast way to test that the virus works for the algorithm to do its job.

Re:Passing on Viruses (1)

Yaa 101 (664725) | more than 3 years ago | (#35998344)

Most of the big brands have a virus scanner/remover running on a Linux powered live CD, I used several to disinfect a friends laptop.

I think they will make them like that for Linux oriented viruses too...

Any free except for BitDefender? (2)

Mathinker (909784) | more than 3 years ago | (#35998446)

My impression was that BitDefender was the only free live-CD commercial scanner, the other commercial A/V live-CD's are available only for paying customers.

If I were to upgrade from using only free A/V on my Windows boxes, I would consider paying BitDefender, if only because they are providing such a useful free service to everyone (disclosure: I've paid for Kaspersky in the past).

Re:Passing on Viruses (1)

Bert64 (520050) | more than 3 years ago | (#35998188)

There are a number of AV products for linux and mac, and they pretty much exclusively work as you describe... They are typically designed for servers with windows clients.

Re:Passing on Viruses (1)

Eggplant62 (120514) | more than 3 years ago | (#35998244)

How so? I've run Linux here for well over a decade and there's no way that I'm passing viruses around. What this request for quote from Tasmania demonstrates is how unaware of the technology benefits the requestors really are. With OSX or Linux, viruses can be disregarded. If you want to filter viruses from a mailserver, sure, I can see that. But there are no viruses for Linux. It's like needing an umbrella on a sunny day.

Re:Passing on Viruses (0)

Anonymous Coward | more than 3 years ago | (#35998268)

Plus, they could accidentally run something that messes with their home folder. Or install something that seems totally innocent until they accidentally run it from a root prompt. Or something that snoops their documents and broadcasts the data. The reason that especially Linux is much less virus-prone is that most of their users aren't stupid enough to run everything they get. Most viruses get installed with the user's consent, and Linux won't help you there. So if you plan to let a lot of stupid idiots use Linux, you'd better give them virus-scanners for Linux.

Re:Passing on Viruses (4, Interesting)

mjwx (966435) | more than 3 years ago | (#35998288)

A computer can still pass on a virus even if it cannot directly infect you. It might not be your responsibility but will a child know this? If he forwards an attachment unwittingly or something?

Linux users and Mac users could accidentally infect a Windows user.

In my experience, Mac users are even more irresponsible then clueless Windows users. They think they are magically protected, which means they will ignore obvious signs of infection till the very end.

As we all know, malware is less about doing damage and more about making money these days. Keyloggers, trojans and spambots exist for OSX these days (as well as Linux) but they focus on staying hidden as their job is to make money, not make people annoyed which means they need to stay where they are to collect CC numbers or send spam.

Linux users should not have a problem with AV. Even if they are smart enough not to need it. Linux users already think with a security focused mind, as an effect using Linux in lieu of a AV client is laziness on our part (granted, we can recognise an infected machine, so we can afford a bit of laziness).

To use a Zombie virus analogy, Windows users are the ones running about in a mad panic as the Zombie hoard approaches, blocking highways and running to get away. Mac users walk towards them saying, "Zombies dont exist on Mac, I could never get infected". Linux users fled to the hills six months ago with as much fuel, food and porn as they could carry.

Last Resort (3, Insightful)

iYk6 (1425255) | more than 3 years ago | (#35997926)

Anti-virus is a security last resort. If you've already downloaded or executed malware, then anti-virus might prevent it from running, or might be able to remove it if it already has. But it can't detect everything. It can only detect common malware. Linux doesn't have any common malware, and I'm not sure about Mac. There is clamav, but that's mostly detecting Windows viruses across platforms.

Re:Last Resort (1)

atomicstrawberry (955148) | more than 3 years ago | (#35997976)

There's more OSX and Linux malware out there than you might think. Especially OSX. When it comes to Linux I'd imagine that that is mainly for servers, where being able to e.g. natively run a sweep over all those shared directories that your staff are using to cache their files, or scanning incoming mail on your mail server or the like would be advantageous.

Re:Last Resort (1)

ozmanjusri (601766) | more than 3 years ago | (#35998132)

There's more OSX and Linux malware out there than you might think.

Examples?

Re:Last Resort (4, Informative)

Bert64 (520050) | more than 3 years ago | (#35998224)

Traditional rootkits exist for most unix systems, although they typically do not spread on their own - someone has to manually root your system and install them. There are even tools dedicated to finding/removing unix rootkits, eg http://www.rootkit.nl/projects/rootkit_hunter.html [rootkit.nl] has a long list of rootkits it knows about.

Re:Last Resort (2)

mjwx (966435) | more than 3 years ago | (#35998298)

There's more OSX and Linux malware out there than you might think.

Examples?

Here you go. [trendmicro.com]

As always, the most common infection vector is the user. This gets worse when a user refuses to recognise they can be infected.

Re:Last Resort (3, Funny)

Ihmhi (1206036) | more than 3 years ago | (#35998202)

Linux was created by the finest minds of the last thousand years - truly, men among men. They jacked their brains into the cyberspace, navigating neon green 3-D cities and running their own virtual construction company for ten years to build the Linux kernel. Only after it was finished did they convert it to more mundane code so that the lesser men of the world may bask in its glory.

I don't know what's more disheartening, the fact that someone believes they can create a virus that can melt cyberspace steel, or the fact that there are companies that are scamming their customers with unnecessary products~!

Re:Last Resort (2, Insightful)

timholman (71886) | more than 3 years ago | (#35998210)

There's more OSX and Linux malware out there than you might think. Especially OSX.

One of the Windows users I work with says the same thing. Like you, he can't provide any examples either.

And if you're talking about those instances of trojans that rely on social engineering, what anti-virus program can defend against a user who willingly types in an administrative password and installs the malware on his own?

Re:Last Resort (2)

michelcolman (1208008) | more than 3 years ago | (#35998252)

Exactly. I bet the same user, if he had an anti-virus app running, would disable it to be able to run the malware.

Re:Last Resort (2, Insightful)

mjwx (966435) | more than 3 years ago | (#35998316)

There's more OSX and Linux malware out there than you might think. Especially OSX.

One of the Windows users I work with says the same thing. Like you, he can't provide any examples either.

And if you're talking about those instances of trojans that rely on social engineering, what anti-virus program can defend against a user who willingly types in an administrative password and installs the malware on his own?

Well if we are excluding those...

There's 90% of Windows malware wiped out. The user is, always has been and will always be the biggest source of infection. Even in the Windows world and especially today when a patched Win 7 and Office suite aren't vulnerable to drive by infections.

I love how Mac fanboys need to move the goal posts to justify their positions. But here you go anyway.

http://about-threats.trendmicro.com/Search.aspx?language=us&p=OSX [trendmicro.com]

No doubt you have some wonderfully convenient excuse to ignore this.

Have fun.

Re:Last Resort (1)

jimicus (737525) | more than 3 years ago | (#35998338)

If you look at the latest threats for Windows, probably 70% of them are trojans of some sort.

Looking at Symantec's website, the remainder are all variants on the exact same application - VirusDoctor. So the true percentage of trojans (as opposed to viruses) is probably much higher than 70%.

Re:Last Resort (1)

Compaqt (1758360) | more than 3 years ago | (#35998134)

Even though that might be true, I think they want to scan all email to prevent viruses being passed around to Windows users, say from a Linux user whom it doesn't affect.

No direct benefit (0)

Anonymous Coward | more than 3 years ago | (#35997928)

Some of us run AV on OS X to clean files before they head to Windows machines so we don't act as a carrier. It has no practical benefit yet for OS X itself.

That day is not to far away though, i just think the threats will not look like they do for Windows so existing tech is not relevant.

Of course it's not needed. (0)

Anonymous Coward | more than 3 years ago | (#35997930)

Anti-virus software is just a security blanket for people who are scared of computers. Not only is it not necessary on Linux and OSX, it is hardly necessary on Windows. Just don't do stupid things. In my experience, most AV impairs the functioning of the machine more than the majority of viruses.

Re:Of course it's not needed. (2, Informative)

Anonymous Coward | more than 3 years ago | (#35998022)

Just don't do stupid things.

The average user doesn't know what's stupid and what is not.

To some extent, AV software is good for inexperienced users. Unfortunately most of these AV pograms have "evolved" to a point where they've become more of a burden than help. That's a real problem if you have to churn out a new-and-improved version every year.

Stupid things involve surfing the net (1)

Anonymous Coward | more than 3 years ago | (#35998096)

I surf the net and some of the pages aren't exactly the most innocent of pages. I experienced some times that viruses were able to exploit back-doors into my system. It's not often, but it happens. Even with firewalls, system and anti-virus updated there are things that sneak past the defenses. Needless to say, I run Windows. If I were to not surf the web and only be connected to the web for a brief amount of time I would not need anti-virus. But, as I said. I do need it. I actually ran without anti-virus software for a long time, but I stopped after my broadband-computer with 10 Mbit went into zombie-mode.

Re:Of course it's not needed. (2)

Bert64 (520050) | more than 3 years ago | (#35998256)

It's an extra layer to protect a user either from running vulnerable software, or from doing something stupid...

I've seen many windows systems become infected when the users haven't done stupid things, they were browsing perfectly legitimate sites that just happened to have been hacked and got infected without having to do anything else.

AV software is not only for your own safety... (4, Insightful)

Mattsson (105422) | more than 3 years ago | (#35997934)

If you exchange documents and files with other users, having anti-virus and anti-malware software or not is not only an issue for your own protection.
Even if you run on a system that you believe to be safe from those kinds of infections, you might spread it to other users if you ever pass on files that you get from others.
This might not be of any importance to you personally, but in a large organization it might be of vital importance that malicious software can't "hide" in unprotected systems of other flavours that it was designed for.

Whassa problem? (2)

macraig (621737) | more than 3 years ago | (#35997936)

I run Windows and I still don't use that stuff... I'm totally open source - err, open-minded - and I don't mind sharing my computer with a botnet and my credit card with poor Russkis, Nigerians, and Chinamen. All for one and one for all, I say!

Re:Whassa problem? (4, Funny)

J.J. Dane (1562629) | more than 3 years ago | (#35998018)

Well, if some friendly Russian kindly allows me to download an Adobe suite or a new game from his website it's only polite that I let him use my box to send a few e-mails or whatever when I'm not using it

Pretty standard, really. (1)

ThoughtMonster (1602047) | more than 3 years ago | (#35997938)

There already exist both commercial and non-commercial anti-virus applications that run on Linux (Wikipedia has a list [wikipedia.org] ) which mainly target Windows viruses passing through corporate networks. Some anti-virus solutions target native viruses (virii?), but most are quickly obsoleted via updates anyways. I suspect this is what the Dept. of Education is asking for, and it's not unreasonable.

Clam AV (2)

BoogeyOfTheMan (1256002) | more than 3 years ago | (#35997942)

I use clamav. I'm currently running a dual boot setup with Win7, but its only used for gaming (once a month or so) and for a few programs that I've only gotten to run without a hiccup in windows. Since I dont use it all that often, I also dont update it all that often, so having an AV run from outside the OS seems like its not a bad idea.

Re:Clam AV (0)

Anonymous Coward | more than 3 years ago | (#35997998)

I used to use that, but I think Microsoft Security Essentials is better (free too).

As for AV on Linux and OS X, I think its fair enough. You don't want to pass infected documents on - that could be embarrassing. Also something to detect native attacks too, but maybe they just want to run something for messaging for Lotus Domino servers running on Linux (have been there).

Re:Clam AV (2)

pixline (2028580) | more than 3 years ago | (#35998076)

MS Security Essentials won't install on a non-genuine machine, take it into account :-) Seriously: what's wrong with Clam AV and some decent network setup? It just works for everyone with no budget at all, will work for them too....

cross platform virus scanner for linux and mac (5, Funny)

Gunstick (312804) | more than 3 years ago | (#35997968)

#!/bin/sh
echo "stating scan..."
n=`find / -type f | wc -l`
echo "scan completed of $n files"
exit 0

Re:cross platform virus scanner for linux and mac (0)

Anonymous Coward | more than 3 years ago | (#35997992)

*starting

Re:cross platform virus scanner for linux and mac (1)

michelcolman (1208008) | more than 3 years ago | (#35998356)

No, "stating" is better: malware authors always leave some intentional typos to tip off the intelligent users (those who might cause trouble for them later, and in any case would not be running the malware for a long time). They only want to attack dumb people, which makes sense.

At least, that's my theory to explain the staggering amount of errors in pretty much all malware e-mails and websites I have seen so far.

Re:cross platform virus scanner for linux and mac (5, Informative)

O'Nazareth (1203258) | more than 3 years ago | (#35998004)

I wish to file a bug report: you count multiple times files with several hard links.

Re:cross platform virus scanner for linux and mac (5, Funny)

martin-boundary (547041) | more than 3 years ago | (#35998212)

That's normal behaviour, sir. Those are harder files to scan, which is why they must be scanned multiple times. Have a good day.

Re:cross platform virus scanner for linux and mac (1)

ControlFreal (661231) | more than 3 years ago | (#35998062)

As stated: it artificially embiggens the number of scanned files by counting hard links multiple times, but that is perfectly cromulent.

Re:cross platform virus scanner for linux and mac (2, Informative)

Anonymous Coward | more than 3 years ago | (#35998104)

# ./antivirus.exe
Segmentation fault

"Your honor, I ran the required anti-virus program, and it didn't detect any viruses."

Re:cross platform virus scanner for linux and mac (5, Funny)

Delgul (515042) | more than 3 years ago | (#35998108)

For manager types you need to include "Your computer is safe" somewhere along the line ;-)

Users need security software more than OS. (1)

Barryke (772876) | more than 3 years ago | (#35997978)

But have we reached the stage were Mac OS X and Linux even need third-party security software? It seems like most Mac and Linux users don't run it.

In todays world it is not a matter of whether the OS requires it, its more and more a matter whether the User/Admin requires it.

Not quite (0)

Anonymous Coward | more than 3 years ago | (#35997982)

Tasmanian DoE? Large?

What?

Re:Not quite (1)

Chuq (8564) | more than 3 years ago | (#35998116)

How many other organisations in Australia have 40000 workstations or more? Probably the other state education departments (assuming they purchase centrally), a handful of large corporates... maybe a few more, but not a huge amount.

prophecy (5, Insightful)

greenfruitsalad (2008354) | more than 3 years ago | (#35997984)

1 group will claim GNU/Linux doesn't need anti virus software.
2nd group will claim they use antivirus on their GNU/Linux already, but only to clean emails destined for MS Windows machines or to look after their Samba exported storage.
3rd group will say GNU/Linux needs AV software because it's only a matter of time before viruses (virii?) appear.
4th group will say viruses for GNU/Linux already exist and provide links to some sensationalist articles on the interwebs where researchers published some concepts.
5th group (partially composed of group 1 and 2) will claim they're not real viruses, but worms/snakes/butterflies/etc...
6th group will claim the threat aren't viruses but PPAs in ubuntu.
3rd/4th group will return saying it's all about users and not the OS. And because they're careful users, they've never in their life needed AV on their MS Windows.
Does that about cover that? Let the holy war begin...

Re:prophecy (1)

slackbheep (1420367) | more than 3 years ago | (#35998376)

What about those of us who decide not to use Windows AV for their recreation boxes and accept getting cornholed every five to ten years as a learning experience? (Last time for me was Sasser unless rage has blocked out a more recent experience)

Re:prophecy (1)

mwvdlee (775178) | more than 3 years ago | (#35998400)

Stages 4 and beyond will never be reached as stage 3 will re-ignite the flamewar about the plural form of "virus" (I vote for "viren").

Factual data on security (Win7 vs. Linux 2.6) (0)

Anonymous Coward | more than 3 years ago | (#35998426)

See subject-line 1st, & then this data from a respected source for known security vulnerabilities unpatched (keeping in mind Linux 2.6x is JUST A KERNEL ONLY - not an ENTIRE OS DISTRO (as is the case w/ Win7)):

---

Vulnerability Report: Microsoft SQL Server 2008: (04/29/2011)

http://secunia.com/advisories/product/21744/ [secunia.com]

Unpatched 0% (0 of 0 Secunia advisories)

Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (04/29/2011)

http://secunia.com/advisories/product/17543/ [secunia.com]

Unpatched 0% (0 of 6 Secunia advisories)

Vulnerability Report: Microsoft Exchange Server 2010: (04/29/2011)

http://secunia.com/advisories/product/28234/ [secunia.com]

Unpatched 0% (0 of 0 Secunia advisories)

Vulnerability Report: Microsoft SharePoint Server 2010: (04/29/2011)

http://secunia.com/advisories/product/29809/ [secunia.com]

Unpatched 0% (0 of 0 Secunia advisories)

Vulnerability Report: Microsoft Forefront Endpoint Protection 2010: (05/01/2011)

http://secunia.com/advisories/product/34343/ [secunia.com]

Unpatched 0% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft Office 2010: (04/29/2011)

http://secunia.com/advisories/product/30529/?task=advisories [secunia.com]

Unpatched 0% (0 of 6 Secunia advisories)

Vulnerability Report: Microsoft Virtual PC 2007:

http://secunia.com/advisories/product/14315/ [secunia.com]

Unpatched 0% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft Internet Explorer 9.x: (04/29/2011)

http://secunia.com/advisories/product/34591/ [secunia.com]

Unpatched 0% (0 of 0 Secunia advisories)

Vulnerability Report: Microsoft Visual Studio 2010: (04/29/2011)

http://secunia.com/advisories/product/30853/?task=advisories [secunia.com]

Unpatched 17% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft DirectX 10.x:
(04/29/2011)

http://secunia.com/advisories/product/16896/ [secunia.com]

Unpatched 0% (0 of 3 Secunia advisories)

Vulnerability Report: Microsoft .NET Framework 4.x
(04/29/2011)

http://secunia.com/advisories/product/29592/ [secunia.com]

Unpatched 0% (0 of 3 Secunia advisories)

Vulnerability Report: Microsoft Silverlight 4.x: (04/29/2011)

http://secunia.com/advisories/product/28947/ [secunia.com]

Unpatched 0% (0 of 0 Secunia advisories)

Vulnerability Report: Microsoft XML Core Services (MSXML) 6.x:(04/29/2011)

http://secunia.com/advisories/product/6473/ [secunia.com]

Unpatched 0% (0 of 4 Secunia advisories)

Vulnerability Report: Microsoft Windows 7: (04/29/2011)

http://secunia.com/advisories/product/27467/?task=advisories [secunia.com]

Unpatched 8% (5 of 65 Secunia advisories)

---

AND, of those 5 vulnerabilities, yes... 2 are still "remote". HOWEVER, they have EASY work-arounds (basic "don't be stupid" stuff everyone OUGHT to practice & be aware of).

They can be avoided by not just downloading & running "anything" etc. (being utterly stupid in other words, or just ignorant (which in the case of a child, I could excuse (not an adult)).

I.E.-> "NO PROBLEMO!"

&

3.5x LESS THAN IS PRESENT ON THE LINUX 2.6x KERNEL ALONE (toss on the rest of what goes into a Linux distro? That # goes "up, Up, UP & AWAY...", bigime, "increasing that lead, that Linux has", lol, in more unpatched known security bugs present that is (a dubious honor/win, lol, to say the least!)

So, that "all said & aside"?

Microsoft's doing a HELL OF A GOOD JOB on the security front!

APK

P.S.=> Compare a "*NIX/Open SORES" OS in Linux's "latest/greatest"?:

--

Vulnerability Report: Linux Kernel 2.6.x (04/29/2011)

http://secunia.com/advisories/product/2719/?task=advisories [secunia.com]

Unpatched 7% (17 of 259 Secunia advisories)

--

THAT? That's about 3.5x as many as Windows 7 has that are unpatched, and it's not even a FULL OS, it's only the kernel (and it's more than the ENTIRE GAMUT of what MS gives folks to do business & build tools for it as well has), & it's NOT the entire 'gamut/array' of what actually comes in a Linux distro (such as the attendant GUI, Windows managers, browsers, etc. that ship in distros too that have bugs, and yes, THEY DO), THAT ADDS EVEN MORE BUGS that COMPOUNDS THAT # EVEN MORE!

So, so much for "Windows is less secure than Linux" stuff you see around here on /., eh?

(It gets even WORSE for 'Linuxdom' when you toss on ANDROID (yes, it's a LINUX variant too), because it's being shredded on the security-front lately, unfortunately)

BOTTOM-LINE:

What this all comes down to, is all the "Pro-*NIX propoganda straight outta pravda" practically doesn't stand up very well against concrete, verifiable & visible facts now, does it? Nope... apk

Re:prophecy (1)

luther349 (645380) | more than 3 years ago | (#35998460)

and dispite your list av softwhere is avable for linux. so if they whant it they can have it the story is dumb. and most anyone in the linux world will agree on a server system av is nedded not so mutch to protect linux but the windows machines that connect to it.

Of Course (1)

batwingTM (202524) | more than 3 years ago | (#35998000)

Well, does a Mac or Linux require Anti Virus?

Let me ask you a question, do you hand out your credit card number to anyone who asks? Of course you don't because you have some common sense and realise that some people would take that information and use it for malicious purposes. Mac's and Linux can be compromised, of course, there are not as often targeted as if you are going to write a virus/malware you will pick the most popular platform, but if you are a Mac/Linux user and you don't run AV or expect that your OS is 'immune' then you are part of the problem.

ALL users should run AntiVirus, or at the very least, be aware of the security of their systems, regardless of what platform they are running as their OS. If putting a AV package on Mac/Linux educates users that you should ensure that your system is secure, then absolutely.

Re:Of Course (1, Insightful)

sydneyfong (410107) | more than 3 years ago | (#35998098)

You must work in IT support.

My personal experience is:

#1. For a technically sane, and security aware user, most antivirus software only exists to make the system hog slow.

#2. Antivirus software is used as a placebo to make users feel they are safer. If anything, I suspect it would make users feel less responsible for their own actions because some AV software is supposedly protecting them.

#3. How is a Linux user supposed to run AV? With WINE? I know there is clamav, but it's not intended for those "active monitoring/scanning" things you have on Windows. Maybe the "shell script" placebo* will work equally well at "educating users" if that's what you want. No point in making a system slow.

* http://apple.slashdot.org/comments.pl?sid=2119134&cid=35997968 [slashdot.org]

Re:Of Course (4, Informative)

mjwx (966435) | more than 3 years ago | (#35998382)

You must work in IT support.

My personal experience is:

#1. For a technically sane, and security aware user, most antivirus software only exists to make the system hog slow.

#2. Antivirus software is used as a placebo to make users feel they are safer. If anything, I suspect it would make users feel less responsible for their own actions because some AV software is supposedly protecting them.

#3. How is a Linux user supposed to run AV? With WINE? I know there is clamav, but it's not intended for those "active monitoring/scanning" things you have on Windows. Maybe the "shell script" placebo* will work equally well at "educating users" if that's what you want. No point in making a system slow.

* http://apple.slashdot.org/comments.pl?sid=2119134&cid=35997968 [slashdot.org]

You must work in sales, because you have no experience in the real world.

#1. Actual, technical users understand that AV is important, they just recognise the signs of infection as well as any AV does and will take steps when they detect them. For us, AV clients are just a way to be lazy.

#2. Just because AV will not protect against some 0-days does not make it useless. It's a method of protecting against old threats which are still quite prevalent thanks to people who dont use or ignore AV. Not to mention that many viruses are simply minor variations of old ones, the W32.Foo.F virus looks quite similar to W32.Foo.E.

#3. Umm... You do know that there are a variety of Linux clients out there. Clam AV, Trend Micro, AVG, Kaspersky and others have clients. Any AV vendor in the Enterprise space has a client as Enterprises use Linux servers quite a bit. Do a google search for "Linux Anti Virus" before launching on an ill informed rant.

Re:Of Course (0)

Anonymous Coward | more than 3 years ago | (#35998370)

This is all great - and I agree somewhat, but isn't running AV software sometimes adding one more attack vector?

Not to mention that I'd question the actual effectiveness of AV software in general - sure they detect some well known nasties, but the 0-day and unknown nasties will most likely go undetected - sure there are some unknown ones that can be caught with heuristics, but I'm pretty sure most will go undetected..

My point is not that you shouldn't use AV software, it more that we need to concentrate on having inherently secure environments rather than rely on a half baked part way solution that provides the feeling of safety while providing possibly very little real protection from real threats.

Rather than educate users on ensuring their systems are secure, how about we educate them that systems are not secure and THEY need to be cautious - i.e. Don't download pirated software, don't click on that funny dancing baby, don't run that executable that was just sent to them, don't forward these silly executables on to their friends, etc...

Systems as they are today (with or without AV software) will only ever be as secure as it's users..

Probably just a policy problem (4, Insightful)

Blade (1720) | more than 3 years ago | (#35998008)

This is probably just a policy issue. "We've put your AIX / HP-UX / Solaris server in". "What AV does it run?" "Er, it's running AIX / HP-UX / Solaris , we've not installed AV". "But our policy says we have to use product X or product Y to AV protect all our servers". "Yes, but you're not understan....." "Just install AV".

Re:Probably just a policy problem (0)

Anonymous Coward | more than 3 years ago | (#35998326)

I've had to put AV on Linux systems for a couple of years now to comply with Payment Card Industry Data Security Standard (PCI DSS), even for back end systems that have no direct file/email interaction with Windows PCs. When the industry standards body mandates it, arguing is a waste of breath. Install the software, let the auditor check the box, and move on.

Re:Probably just a policy problem (0)

Anonymous Coward | more than 3 years ago | (#35998390)

Sorry, but if you obey the insanity of the incompetent, you're part of the problem.
If your boss is wrong, TELL HIM. That's what he pays you for, after all: Your expertise! He's not the expert. YOU are. And you are letting him down majorly because of your lack of a spine / balls.

If that's not what he pays you for, and/or you're working in a Virtudyne-type environment, then of course feel free to fuck up his life at will so the business runs worse, so... oh, wait!
Better just get a job in a successful business with a future then... ;)

Re:Probably just a policy problem (1)

thegarbz (1787294) | more than 3 years ago | (#35998416)

Policy or just good design?

So your HP-UX server acts as a Samba file server, wouldn't it be nice to be able to catch windows viruses that one rogue computer may pass onto the network? Given how many viruses spread via file sharing inside a corporate network it could isolate an otherwise crippling breakout. Stuxnet for instance spread this way at our work. Turns out by the time they shut down all file servers some 30 people had managed to locally infect their PCs by opening files from the file server which was not infected, but merely carrying the infection.

Also claiming that Linux / Unix doesn't need antivirus is security by obscurity. Just because your system is obscure doesn't mean someone won't try and exploit it. Just because your operating system is secure doesn't mean someone won't exploit its biggest weakness ... the user.

Tasmanian devil (0)

Anonymous Coward | more than 3 years ago | (#35998050)

I was at first under the impression that they were seeking a cure for the virus induced cancer that decimates Tasmanian devils.

Tasmanian Devil? (1)

commash (2097266) | more than 3 years ago | (#35998060)

I thought viruses are too scared of Tasmanian Devil, no?

Re:Tasmanian Devil? (1)

dbIII (701233) | more than 3 years ago | (#35998126)

The tasmanian devils have a strange communicable cancer that is spread by them biting each others faces. It's an appropriately surreal disease for such creatures that bite things a lot but unfortunately it is driving them towards extinction.
So yes, maybe a virus is too scared of the things and it takes the big C to take them down.

What's the news? (1)

Anonymous Coward | more than 3 years ago | (#35998068)

I work in big IT company and the company policy requires all workstations to have antivirus software. For me it means having symantec running on my linux installation. I've been lucky and not having much of problems with it. It's just there consuming CPU time and every now and then doing a full scan of my HD.

Useful? No, but it looks good in IT policy.

Largest purchasers? (0)

Anonymous Coward | more than 3 years ago | (#35998070)

Tasmania is about 500,000 population. Largest purchasers in Australia? Snort. Giggle.

Re:Largest purchasers? (1)

Chuq (8564) | more than 3 years ago | (#35998138)

State Education departments typically have large IT fleets due to all the computers in every classroom in every school. RTFA.

Every classroom? (2)

dbIII (701233) | more than 3 years ago | (#35998184)

These are government schools. They don't have the money to waste putting computers on every desk when the students are not going to be using them in every lesson. They have rooms with computers in them and timetables to organise who can use them and when - there is no need to have one computer per student. That makes many large companies in Australia larger users of desktop computers than the education department of a low population state such as Tasmania. There would be more students in just about any city in the USA.

ClamAV/Immunet (1)

mendred (634647) | more than 3 years ago | (#35998100)

http://www.clamav.net/ [clamav.net] Used this around 5 years back when I was in Uni. I recommended it for the university mail server whch was running linux. Worked pretty well..the number of malware on email dropped to zero in a day..not sure about its effectiveness in the modern day but it is a cross platform with the windows equivalent being immunet (runs the same engine)

No problem - can stop MS malware via linux (1)

dbIII (701233) | more than 3 years ago | (#35998114)

F-prot and a long list of others have linux versions. It's useful for email gateways and I've got a spare licence to use the antivirus with knoppix to do malware removal on the laptops that come in with various infections (although a full wipe and reinstall is the only way to be sure).
It really depends upon whether they want software which CAN run on the platform or whether they actually want it deployed on every desktop. There is actual merit in one or two per site - if nothing else they can scan incoming material or network disks for Microsoft compatible malware even if there is no need to actually protect the computers doing the scanning against such incompatible malware.
Deploying it to the entire lot would be the same old story of somebody out of their depth making the choices before anybody with a clue working for them can properly inform them. Tasmania is the lowest population state of Australia do I don't know where the "largest" bit in the summary came from.

Antivirus, no. rkhunter? Yes. (0)

Anonymous Coward | more than 3 years ago | (#35998122)

A lot of ppl run it.

linux systems have lots... (1)

johnjones (14274) | more than 3 years ago | (#35998124)

every major vendor has a linux version for MTA's

have a look at a mavisd.conf

You can't (5, Informative)

bmo (77928) | more than 3 years ago | (#35998150)

http://technet.microsoft.com/en-us/library/cc512587.aspx [microsoft.com]

>>You can't clean a compromised system by patching it.

>>You can't clean a compromised system by removing the back doors.

>>You can't clean a compromised system by using some "vulnerability remover."

>>You can't clean a compromised system by using a virus scanner.

>>You can't clean a compromised system by reinstalling the operating system over the existing installation.

>>You can't trust any data copied from a compromised system.

>>You can't trust the event logs on a compromised system.

>>You may not be able to trust your latest backup.

>>>>>The only way to clean a compromised system is to flatten and rebuild.

Jesper M. Johansson, Ph.D. [YES, HE'S A DOCTOR], CISSP, MCSE, MCP+I

Security Program Manager
Microsoft Corporation

Re:You can't (2)

freedumb2000 (966222) | more than 3 years ago | (#35998234)

The only thing a positive scan tells me, is that it is time to rebuild which is a pain in the ass and I have skimped on it before.

Re:You can't (1)

Pascal Sartoretti (454385) | more than 3 years ago | (#35998336)

A very brilliant article, however :

You can't clean a compromised system by using a virus scanner.

Theoretically, it should be possible to boot the system from an other OS (say, a rescue Linux on an USB media) and then clean the system.

The only way to clean a compromised system is to flatten and rebuild.

And if the system was compromised at BIOS level ? Any possibility that even a rebuild could be fooled ?

Re:You can't (2)

jimicus (737525) | more than 3 years ago | (#35998456)

Which is why you don't run AV on a compromised machine. You boot from a rescue CD such as that provided by Avira [avira.com] or F-Secure [f-secure.com] .

Even that's not a perfect solution, of course, because it assumes your scanner can detect secondary vulnerabilities injected by the infection itself - or that no such vulnerability exists. Both of which seem rather optimistic assumptions. Ideally you'd have some sort of boot CD that can run checksums against every file on the system - but by the time you get to this point, it's probably several times quicker to rebuild the system.

anti virus for mac (1)

Anonymous Coward | more than 3 years ago | (#35998158)

Since I started using mac os X I immediately purchased and anti virus solution.
After some comparison I got Karspersky and I must admit that it has done a pretty good job till now.
The possibility to detect and remove malware before it spreads further to my co-workers is an important factor in my decision to use an antivirus sw on a platform considered "secure" by default. (if it really is so, I amn't here to judge; although my personal opinion is that no system is really secure and that not using an antivirus due to advertisement from apple or linux opinion groups is worst than silly, it's dangerous).

We must run antivirus software on linux and mac (2)

elucido (870205) | more than 3 years ago | (#35998170)

To protect the Windows computers on the network. But also to protect the Linux computers from Linux specific malware and virus attacks.

Lets bash the sensible goverment! (2, Insightful)

djsmiley (752149) | more than 3 years ago | (#35998232)

Wait, so we bash the govement for using windows, for using faulty antivirus software, for not using any antivirus software, for not using open source, for spending too much......

Now we bash them for asking for something SENSIBLE? Just because most linux/os x users dont run it doesn't mean its s a good idea -> Most windows users don't run antivirus software and use I.E. 6......

Now... if they want one. ClamAV does both linux and windows, not sure about OS X though.

Fear not fact (0)

Anonymous Coward | more than 3 years ago | (#35998264)

I have a problem with adding anti-virus software when there is no clear definition of what viruses it is defending my Ubuntu system from. I am not interested in Windows viruses just any Ubuntu ones. My view is that companies that sell antivirus software for Linux do so by fear rather than by fact.

Not just viruses (1)

Kanel (1105463) | more than 3 years ago | (#35998294)

Linux and Mac users risk being victims of phishing attacks and foolishly handing out passwords, just like the rest of us. It's been a long time since corporate antivirus was just about stopping malicious software being installed on a computer.

Most of the enterprise options already do this (1)

A Life in Hell (6303) | more than 3 years ago | (#35998296)

At least, both Symantec Antivirus and CA ETrust have honest to god linux and mac os x versions - they both use kernel modules/kexts to do realtime scanning, and actually catch linux threats. Sophos does at least linux too.

Tasmania, hmm ... (1)

udippel (562132) | more than 3 years ago | (#35998304)

I seriously tried to contribute something useful to an earlier thread, no chance.
Then I was looking for some politically incorrect snide remark about ex-convicts, no chance.

Here comes my serious take, then: I read TFA, and what I can read into it, with only some interpretation, is that when you buy/install OSX or Linux, you can do so only, when there is a cross-platform AV. If your Windows Anti-Virus also finds the viruses in OSX/Linux.

For Christ's sake, the question here isn't if OSX/Linux need AV or not. No, greenfruitsalad (http://apple.slashdot.org/comments.pl?sid=2119134&cid=35997984), your arguments all don't apply.
The hare-brained part of the thing is that OSX/Linux - if they have or can have viruses - will have altogether other exploits than Windows. Where comes the 'cross-platform' into the perspective? I can't see it. The AV-definition for a MTA is cross-platform already (trying to stop any sorts of malware from entering users' mailboxes), to give an example. *-listing is platform-independent as well.

So what was it, that these people are actually asking?? I don't get it.

Other reasons as well... (1)

mchawi (468120) | more than 3 years ago | (#35998340)

A lot of compliance audits have requirements that are not OS specific and one of them is having anti-virus (among other things). So a lot of large companies just find it easier to have something that supports all their systems so they don't have to get into an argument on every audit.

Whether it is right or wrong, or a system needs it, isn't the point. Audits can be very expensive and sometimes having those boxes checked can be an easier route to go.

More than just AV (1)

CaptainPuff (323270) | more than 3 years ago | (#35998346)

TFA says they want a multiplatform security solution with more than just AV but also antimalware, URL scanning and probably stuff like page source scanning for malicious JavaScript and the like. A Linux or Mac is less prone to malicious executables for now, but what about later when more show up? Just because they're the minority in the OS market, they're growing in popularity and are beginning to come to the attention of the seedy side of the Internet. A general user with admin rights will blindly enter their username and password to confirm the installation of whatever flashy malware toolbar or cursor icon changer that catches their eye, regardless of what OS they're running.* Also, phishing email and websites are fairly OS agnostic and users will enter their bank or credit card info onto fakebank.com's website if given a chance. A URL scanner/blocker that is centrally managed can help minimise the impact of common known phishing sites and also help in targeted phishing attacks customized to the organisation - common ones like email from support@yourschool.blah saying something like "due to a failed mail server maintenance we require you to login and reset your mail credentials here at website blah". Just because you have Mac or Linux users doesn't mean they're immune to social hacking. Speaking of central management, having all your endpoints reporting security information back to one central product makes security easier to mange for you as an IT admin. If you can cleanup infections on Windows remotely, that's great. But now you get reporting of whether Macs and Linux computers are receiving infected files an clean them before they're passed on to Windows computers. Plus, these security suites may also include a host based firewall program so now you can control that in the same console as well regardless of OS. Additionally, due to laws or regulations such as privacy laws or PCI compliance or whatever, some computers might be handling personally identifiable information (student numbers, addresses, birthdates, grades, etc.) and Data Loss Prevention mechanisms must be in place and auditable. Plus do you really want to set a separate new central mangement and reporting solution for all this stuff for every OS? Having worked with several of industry leading solutions I'm not sure if any of them are really fully cross platform - that is to say, not all the functionality that is available on the Windows platform is available on other operating systems, but if you want vendors to sit up and take Mac and Linux on the desktop seriously then movements like these are needed; saying that for my organisation, Mac and Linux are just as important as Windows and if you want my business you, as a vendor, need to support them equally. We should be praising that the Tamanian Dept of Education is promoting minority operating systems to be taken seriously. *I know that the solution is not to give them admin access but Windows is very secure if locked down properly as well. Also since this is the education sector, the IT group probably isn't given the mandate to lock down computers anyways so users very likely have admin rights. Also being the education sector, there are probably multiple IT groups in lots of geographical areas and most are probably under resourced and underfunded.

For those outside of Australia... (1)

andr00oo (915001) | more than 3 years ago | (#35998354)

The OP might have been stretching the truth:

> One of Australia's largest government technology buyers, the Tasmanian Department of Education

With a population of 507K (10% less than Wyoming), Tasmania is not quite top tier in the Government Departments department.

Andrew

Sad (1)

magamiako1 (1026318) | more than 3 years ago | (#35998362)

This scene on Slashdot is sad. It's funny how people on here say "Antiviruses are useless." and "Linux does't need an antivirus."

Antiviruses are but one part of a defense-in-depth system and while aren't the be-all-end-all of security for a user, it is indeed a very useful item. Patching security vulnerabilities doesn't get rid of the trojans/viruses after the fact.

And it's entirely possible a piece of malware could get on to your system through a zero-day, unless I assume you're running a fully managed SELinux distribution on your desktop, which I doubt.

F-Secure (0)

Anonymous Coward | more than 3 years ago | (#35998364)

For the size of the installation base the only possibility is an commercial vendor.

I have used F-Secure in the past since it supports all of the platforms in question (and couple of others too) and has the needed management tools.

Good planning (0)

Anonymous Coward | more than 3 years ago | (#35998388)

Linux servers make excellent file servers for both Windows and Mac clients. They also lead the way in mail servers.

The thought that this smallest of Australia's states would ask for a way to ensure that files passing through it on the way to lesser operating systems is brilliant stuff, well, apart from most mixed shops do that already.

Best practice. How about that?

worms and spam bots (4, Interesting)

mathfeel (937008) | more than 3 years ago | (#35998420)

I was embarrassed recently when the IT department claim a Linux computer in my office was taken over by the Rustock BOT. After checking the ssh log, I realized it was a coworker who uses it for code repository and SOCK5 Proxy as he works abroad from China. He has a compromised Windows machine. To the best of my knowledge, AV doesn't really catch these stuff which are more and more common now a day. Anyone has recommendations?

we have av what is this bs (0)

luther349 (645380) | more than 3 years ago | (#35998428)

relly who passed this story thers a list of av that have linux versions. so they whant something we aruldy have and didnt bother to fucking google it and the sad art its on slashdot whos supposed to knoe abought these things.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?