[NBLUG/talk] Re: [WLUG] Linux virus protection?

J. Bruce Fields bfields at fieldses.org
Fri Jul 14 06:59:07 PDT 2006


On Fri, Jul 14, 2006 at 07:26:26AM -0400, Rich Clark <rrclark at rrclark.net> wrote:
> On Tue, 11 Jul 2006, Jack Smith wrote:
> 
> >I recently set up a test box on our internal bank network running Fedora 5
> >and my boss wants virus protection on it.  So, two questions.  Is he crazy?
> >And even if he is, he's the boss, so what out there is good, free, and not 
> >a
> >Trojan?
> 
> He's crazy.  The threat of a virus attack against a Linux PC is virtually 
> nil, though not completely non-existant.  It's obvious he's been living in 
> a Windows world.  You need to educate him.
> 
> To meet his request, though, I'd dump a package like clamd on the box and 
> say, "There, it has virus protection on it."

Another approach would be to interpret "I want virus protection" as "I
want to make sure our Fedora 5 boxes are secure".  Which makes it a
reasonable request that he just isn't expressing very well.

One way to satisfy that would be to document all the stuff you've
probably already done--the stuff that's a standard part of keeping a
linux box secure: explain which network clients and services you run,
and why, and how you keep them up-to-date; explain how you would detect
a virus (or other compromise), and what you'd do if you found one, etc.

You could even draw an analogy with standard Windows virus software.
Typically it's a bundle of software that adds extra access checks to the
operating system (comparable to what we'd do with SELinux, a firewall,
etc.), and that also attempts to detect and repair compromises (which
the typical linux admin might accomplish with an IDS and a policy that
any compromised machine is throroughly investigated before being wiped
and restored from backup).

And then hand him that documentation and say that's your virus
protection.  Which is perfectly true.  As an added benefit, what you
write might be useful reading for future sysadmins in your organization.

--b.



More information about the talk mailing list