Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

deb-12

On 3/10/19 1:33 PM, Mart van de Wege wrote:
deb [hidden email] writes:

Starting assumption: I do want to run A/V.

  * I get that it may actually INCREASE attack surface.

  * But I have Windows & Mac stuff going back and forth to Debian 9.8
and just want to check.
When you say going back and forth, do you mean over the network?

On Linux the best solution right now is clamav, which is not 100%. Is it
an option for you to run a network based solution, like an IDS?

Mart


Yes Mart.

Over the network.

4 files were found being passed by just one Windows machine, which was running a paid A/'V (actually 3 different A/Vs!). 2 were in emails.

I will push along the ClamAV path.

It has worked.

I have to figure out if it really does real-time detection [it says it does].

That would allow it to beat out Malwarebytes.


 * I will be using ClamAV.

   It *seems* little shaky, but it worked.

 * I will ask elsewhere if there are better options.

  * Companies I push #debian into will be doing at least ClamAV [ [IF]

   they have or will have networked Windows/Mac machines, or receive email.

   (and probably anyway).

 * I'm not interested in cloud-based solutions,

    where "suspect" files are sent to the "cloud".

    That, to me, seems the worst answer.


I'm not interested in listening to noise from Brian (defines curmudgeon),

trying to guess what evil agenda I am backing; and all of that other posturing

about just compile your own code; review every line first, and all all is well.


People pass crap around on mixed networks.

They do.

I *ALREADY* caught it.


re: apt solving all? I understand it recently had a long-time vulnerability itself...

Linux will get hit more as it gets more popular.

I want to be ahead of that however possible.



So thank you for a real answer Mart.


What a pile of chest-thumping on this.


Sheesh.





Reply | Threaded
Open this post in threaded view
|

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

Stefan Monnier
> re: apt solving all? I understand it recently had a long-time vulnerability
> itself...
> Linux will get hit more as it gets more popular.

My point is not that APT and/or Debian is bullet-proof (I live under no
delusion in this respect).  Just that instead of keeping your A/V
up-to-date, the GNU/Linux approach to protecting oneself from attacks is
to keep your OS up-to-date.


        Stefan


PS: I guess that means I should have pointed to `unattended-upgrades`
rather than to `apt` as the solution that corresponds to an anti-virus.

Reply | Threaded
Open this post in threaded view
|

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

Joe Rowan
On Mon, 11 Mar 2019 13:53:39 -0400
Stefan Monnier <[hidden email]> wrote:

> > re: apt solving all? I understand it recently had a long-time
> > vulnerability itself...
> > Linux will get hit more as it gets more popular.  
>
> My point is not that APT and/or Debian is bullet-proof (I live under
> no delusion in this respect).  Just that instead of keeping your A/V
> up-to-date, the GNU/Linux approach to protecting oneself from attacks
> is to keep your OS up-to-date.
>

Yes, but malware (that does not necessarily exploit a bug) can be
installed on a completely secure (and imaginary!) OS by an incautious
user running as root.

There is a spectrum of Windows software than runs between evil malware
and legitimate programs, it isn't just black and white, and many
legitimate programs are supplied free but with grey semi-malware
(adware, spyware) bundled in to provide revenue. A laptop manufacturer
who shall be nameless once (allegedly unknowingly) bundled an
https-breaker among the pre-installed junk. It doesn't have to be about
exploiting unfixed bugs. A lot of it is in the whole ethos of the OS
and its hardware and software vendors. That's where free-as-in-beer
makes a huge difference.

--
Joe

Reply | Threaded
Open this post in threaded view
|

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

Stefan Monnier
> There is a spectrum of Windows software than runs between evil malware
> and legitimate programs, it isn't just black and white, and many

Agreed, but I doubt A/V software will know where to draw the line.


        Stefan

Reply | Threaded
Open this post in threaded view
|

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

Mart van de Wege
In reply to this post by Stefan Monnier
Stefan Monnier <[hidden email]> writes:

>> re: apt solving all? I understand it recently had a long-time vulnerability
>> itself...
>> Linux will get hit more as it gets more popular.
>
> My point is not that APT and/or Debian is bullet-proof (I live under no
> delusion in this respect).  Just that instead of keeping your A/V
> up-to-date, the GNU/Linux approach to protecting oneself from attacks is
> to keep your OS up-to-date.
>
>
>         Stefan
>
>
> PS: I guess that means I should have pointed to `unattended-upgrades`
> rather than to `apt` as the solution that corresponds to an anti-virus.

OP has a point though. The real world happens to have a huge amount of
heterogeneous networks, and asking for tools to keep those systems safe
is legitimate. Acting like purity ponies and basically going "Here's a
nickel kid, buy yourself a real OS" is immature at best.

I share OP's disappointment in the level of the replies they got.

Mart

--
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Reply | Threaded
Open this post in threaded view
|

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

Stefan Monnier
> OP has a point though. The real world happens to have a huge amount of
> heterogeneous networks, and asking for tools to keep those systems safe
> is legitimate.

I did not perceive the OP's request to be about the case where you
administer lots of machines and you want to use a Debian machine as
a virus-filter for all those other machines running Windows or whatnot.

So I assumed he meant "I do want to run A/V" to mean that he wants to
run an A/V just like all random Windows users feel the need to run some
A/V software on their machine to feel safer.


        Stefan

Reply | Threaded
Open this post in threaded view
|

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

Mart van de Wege
Stefan Monnier <[hidden email]> writes:

>> OP has a point though. The real world happens to have a huge amount of
>> heterogeneous networks, and asking for tools to keep those systems safe
>> is legitimate.
>
> I did not perceive the OP's request to be about the case where you
> administer lots of machines and you want to use a Debian machine as
> a virus-filter for all those other machines running Windows or whatnot.
>
> So I assumed he meant "I do want to run A/V" to mean that he wants to
> run an A/V just like all random Windows users feel the need to run some
> A/V software on their machine to feel safer.
>
I tend to make assumptions that the asker of a question knows what they
are talking about. In this case that meant assuming OP had a
heterogeneous environment they wanted to secure.

Sure, this is not always true, but assuming 'just a random Windows user'
is a tad...uncharitable, to say the least. Again proving OP's
disappointment to be correct, alas.

Mart

--
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Reply | Threaded
Open this post in threaded view
|

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

David Wright-3
On Tue 12 Mar 2019 at 15:01:32 (+0100), Mart van de Wege wrote:

> Stefan Monnier <[hidden email]> writes:
>
> >> OP has a point though. The real world happens to have a huge amount of
> >> heterogeneous networks, and asking for tools to keep those systems safe
> >> is legitimate.
> >
> > I did not perceive the OP's request to be about the case where you
> > administer lots of machines and you want to use a Debian machine as
> > a virus-filter for all those other machines running Windows or whatnot.
> >
> > So I assumed he meant "I do want to run A/V" to mean that he wants to
> > run an A/V just like all random Windows users feel the need to run some
> > A/V software on their machine to feel safer.
> >
> I tend to make assumptions that the asker of a question knows what they
> are talking about. In this case that meant assuming OP had a
> heterogeneous environment they wanted to secure.
>
> Sure, this is not always true, but assuming 'just a random Windows user'
> is a tad...uncharitable, to say the least. Again proving OP's
> disappointment to be correct, alas.

I thought just the opposite, ie that the OP ran a linux system in a
Windows dominated culture. (Isn't the OP posting from a linux system?)
I spent seven years working with linux in an almost totally Windows
(administration)/Mac (proselytising academics) institution, being eyed
suspiciously whenever their fragile systems misbehaved.

And in more recent years, I've signed up to many systems that carry
warnings like this:

   "If you use […], your computer, modem and mobile phone must meet
    any reasonable requirements we may set; you must carry out your
    own regular virus checks; […] "

A lot of peer pressure (if not T&C) to be always virus-scanning things …

Cheers,
David.

Reply | Threaded
Open this post in threaded view
|

David -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

deb-12

On 3/12/19 11:05 AM, David Wright wrote:

> On Tue 12 Mar 2019 at 15:01:32 (+0100), Mart van de Wege wrote:
>> Stefan Monnier <[hidden email]> writes:
>>
>>>> OP has a point though. The real world happens to have a huge amount of
>>>> heterogeneous networks, and asking for tools to keep those systems safe
>>>> is legitimate.
>>> I did not perceive the OP's request to be about the case where you
>>> administer lots of machines and you want to use a Debian machine as
>>> a virus-filter for all those other machines running Windows or whatnot.
>>>
>>> So I assumed he meant "I do want to run A/V" to mean that he wants to
>>> run an A/V just like all random Windows users feel the need to run some
>>> A/V software on their machine to feel safer.
>>>
>> I tend to make assumptions that the asker of a question knows what they
>> are talking about. In this case that meant assuming OP had a
>> heterogeneous environment they wanted to secure.
>>
>> Sure, this is not always true, but assuming 'just a random Windows user'
>> is a tad...uncharitable, to say the least. Again proving OP's
>> disappointment to be correct, alas.
> I thought just the opposite, ie that the OP ran a linux system in a
> Windows dominated culture. (Isn't the OP posting from a linux system?)
> I spent seven years working with linux in an almost totally Windows
> (administration)/Mac (proselytising academics) institution, being eyed
> suspiciously whenever their fragile systems misbehaved.


This is exactly my situation.


>
> And in more recent years, I've signed up to many systems that carry
> warnings like this:
>
>     "If you use […], your computer, modem and mobile phone must meet
>      any reasonable requirements we may set; you must carry out your
>      own regular virus checks; […] "
>
> A lot of peer pressure (if not T&C) to be always virus-scanning things …
>
> Cheers,
> David.
>

Thank you David

ps

Clamscan caught a trojan and a browser miner in downloaded web pages today.

I feel completely justified in ignoring all the
They-don't-really-understand-with-Just-away-from-Windows-with-a-10-foot-pole
responses.