[vox-tech] (forw) Re: Linux Computer Infected

Rick Moen rick at linuxmafia.com
Sun Jun 3 17:24:17 PDT 2018 

Bob Scofield (scofield at omsoft.com) wrote:

> The problem with my computer started after I updated to the latest
> version of ESET antivirus for Linux.  The only thing I had not done
> to get my re-install finished was to re-install ESET.  So this
> morning I did.  And after the install the problem reappeared.
> Cinnamon and Thunderbird would crash.  Firefox was completely
> unusable.  So I uninstalled ESET and now everything is back to
> normal.

I _had_ thought of mentioning that possibility, earlier, but feared it
would have sounded too cynical.  But yes, the sub-ttype of antimalware 
software that runs in background all the time (as opposed to the type
that does periodic batch runs checking your files) can be a threat to
system stability and performance.

In that long screed of mine about 'security snake oil'
(http://linuxmafia.com/faq/Essays/security-snake-oil.html), you'll find
this passage:

  Way back in the late 1980s, I had my suspicions.  Even though the main
  environments I was obliged to work in were MS-Windows 3.x and Mac System
  6.0.x, which were nearly devoid of security infrastructure (e.g., no
  privilege levels), I had a theory:  "Hey, suppose I tried the strategy of
  keeping my system upgraded, not running sucky software, dealing with
  malware by just not running it, and keeping good backups in case of that
  or other mishap?" I stripped off all of the corporate-mandated
  anti-malware crap.

  And there were two immediate results.  1. My systems became much more
  stable and better-performing.  2. The strategy worked perfectly.

(At many firms, disabling corporate-mandated anti-malware software is a
firing offence, but I was the #2 guy in the IT Department, and was
pretty sure I knew what I was doing.  But don't do that today without 
careful contemplation.)


In my FAQ/rant about Linux/Unix viruses (http://linuxmafia.com/~rick/faq/), 
I also mention an _additional_ concern:

   (And, by the way, what's going to protect you from subverted or just
   dangerously defective
   (https://web.archive.org/web/20050729025654/http://news.com.com/Antivirus+insecurity+at+Black+Hat+confab/2100-7355_3-5805750.html) 
   _virus checkers_, themselves wielding superuser authority?  Hmm?  
   And why on earth would we entrust our system security to ethically 
   suspect firms who demonstrably 
   (https://web.archive.org/web/20051201051328/http://www.wired.com:80/news/privacy/0,1848,69601,00.html) 
   -- and please note that both anti-virus and also commercial 
   security-monitoring firms (with honourable exceptions ClamAV and F-Secure
   (https://web.archive.org/web/20051203024312/http://www.businessweek.com/technology/content/nov2005/tc20051129_938966.htm)) 
   were culpable in that hyperlinked example of corrupt collusion --  have 
   a tendency to sell their own customers down the river?)

The links cover the revelations about the anti-malware industry that
emerged in 2005.  All of those firms appear to have been aware that
hidden sofware placed on music CDs by Sony BMG Music Entertainment 
was hacking the security of customers' MS-Windows machines and 
degrading customer functionality -- the very model of what malware
is -- and deliberately ignored it because it was _corporate_ malware.
I.e., those firms deliberately screwed their customers -- with (to my
knowledge) the two exceptions noted.

(ClamAV is an open-source malware scanner focussed overwhelmingly on
finding MS-Windows malware living in files stored on Linux/FreeBSD
machines, e.g. on Samba shares for Windows boxes.)

More information about the vox-tech mailing list