On Mon, Apr 04, 2011 at 06:46:36AM +1000, Erik de Castro Lopo wrote: > Morgan Storey wrote: > > I think it is going to come back and bite the Linux community if we go > > via the line that we are immune to viruses, > > Unfortunately, the alternative, virus scanners that look for > particular virus signatures is nothing more than security > theatre.
I agree. What would a virus scanner look for anyway, if there are no extant viruses on linux systems? > Firstly, inew viruses can be written so fast that the virus > detection engines have absolutely no way of keep up. I don't think this is a strong argument. Windows viruses have lifetimes in decades (if not forever). Statistically speaking, a given computer is very unlikely to be infected by a young virus which cannot yet be detected by a virus scanner. Much more likely that a computer will come into contact with many well known viruses long after the viruses became prevalent. > The *only* 100% safe way to guard against viruses to fix all the > security holes that viruses exploit. That means better coding > practices. Don't execute incoming data as code. That's rule #1, learned by hard knocks as Windows systems happily executed auto-run files, email attachments, word macros, PostScript documents, and so on. Unfortunately we forgot rule #1 with the invention of JavaScript and Flash. Your browser is now happily executing untrusted third party code in your account. That leads to rule #2 - defense-in-depth. The only hope we have to survive this untrusted and potentially malicious code being executed by our browsers is to implement sandboxes, language-level restrictions and strict limits on authorization. Nick. -- PGP Key ID = 0x418487E7 http://www.nick-andrew.net/ PGP Key fingerprint = B3ED 6894 8E49 1770 C24A 67E3 6266 6EB9 4184 87E7 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
