[vox-tech] Ubuntu Security Software

Rick Moen rick at linuxmafia.com
Mon Aug 18 17:17:24 PDT 2008


Quoting Scott Miller (scottlinux at gmail.com):

> Hey Rick, that is very cool stuff. I'm reading through all of those
> links on that page right now...
> 
> I do have to ask/mention, is there even Linux anti-virus software to
> detect the vulnerabilities on that page, for example? (Not looking for
> a literal answer- just making a point here.) Running clamav or
> something meant for detecting windows viruses is not going to protect
> you against Linux vulnerabilities.

Ask yourself:  If the machine is or might be already
security-compromised at the root level, why would you trust a piece of
software running _on_ that root-compromised machine that says "I've
checked your machine, and I didn't find signs of root compromise"?

Nonetheless, notwithstanding the horrendous logic problem of such
software, rkhunter and chkrootkit do exist (which purport to check for
certain after-effects of some sorts of root compromise), and IDS
packages exist, too, a bit less pointlessly.

> I think that is where a lot of the 'anti-virus for Linux' confusion is...

Don't think of it as confusion; think of it as a sales opportunity for
installing a good IDS or two.

Possibly of interest:  http://linuxgazette.net/issue98/moen.html


More information about the vox-tech mailing list