[vox-tech] Ubuntu Security Software
Rick Moen
rick at linuxmafia.com
Mon Aug 18 17:17:24 PDT 2008
Quoting Scott Miller (scottlinux at gmail.com):
> Hey Rick, that is very cool stuff. I'm reading through all of those
> links on that page right now...
>
> I do have to ask/mention, is there even Linux anti-virus software to
> detect the vulnerabilities on that page, for example? (Not looking for
> a literal answer- just making a point here.) Running clamav or
> something meant for detecting windows viruses is not going to protect
> you against Linux vulnerabilities.
Ask yourself: If the machine is or might be already
security-compromised at the root level, why would you trust a piece of
software running _on_ that root-compromised machine that says "I've
checked your machine, and I didn't find signs of root compromise"?
Nonetheless, notwithstanding the horrendous logic problem of such
software, rkhunter and chkrootkit do exist (which purport to check for
certain after-effects of some sorts of root compromise), and IDS
packages exist, too, a bit less pointlessly.
> I think that is where a lot of the 'anti-virus for Linux' confusion is...
Don't think of it as confusion; think of it as a sales opportunity for
installing a good IDS or two.
Possibly of interest: http://linuxgazette.net/issue98/moen.html
More information about the vox-tech
mailing list