mmm. Tasty FUD.

Story: Is Antivirus Ready for Open Source?Total Replies: 19
Author Content
techiem2

Sep 19, 2006
9:02 AM EDT
"However, when it comes to security tools and antivirus software--the thin blue line separating our computers from certain infection on the Internet--there is less agreement that open source can secure as well as traditionally developed, closed-source products."

Now there's some good FUD right there.

Let's see... I seem to recall studies recently (i.e. within this year, not from 2004), that put clam very comparable to the main avs. In my own experience, I've had clam find things on several machines that the installed big name avs on those machines couldn't.

As for security tools, can you say "iptables"? How about "snort", "nessus", and "nmap"? No huh? I guess those are just useless, not ready for business use toys....

The only main "problem" I've seen with clam is that it doesn't have on-access scanning yet.
jdixon

Sep 19, 2006
9:28 AM EDT
> The only main "problem" I've seen with clam is that it doesn't have on-access scanning yet.

For Linux or for Windows? For Windows, check out Winpooch -- http://sourceforge.net/projects/winpooch/
dinotrac

Sep 19, 2006
10:04 AM EDT
techium --

Security tools depend on your focus. Do iptables, snort, nessus, and nmap do much for detecting virii embedded in email?

I think clam does that.

Judging by the differential in signatures, I wonder if clam is good for new viruses and a little less good for those from a few years back? Or, maybe they are better at combining signatures in a way that makes a more compact file...beats me.





nalf38

Sep 19, 2006
10:59 AM EDT
There is on-access scanning with ClamAv, if you're willing to use a KDE program (KlamAV). It uses the dazuko module (dazuko.org) which is the exact same module that AVG for Linux uses. The module was GPL'd by AVG.

It would be nice someday if dazuko were integrated into a gui-less ClamAV so it can be run at boot as a service.
jdixon

Sep 19, 2006
11:20 AM EDT
> There is on-access scanning with ClamAv... It uses the dazuko module...

Sweet. I'll have to check it out sometime.
techiem2

Sep 19, 2006
2:04 PM EDT
I'll have to checkout the on access stuff too.

dino: They don't do much for email obviously, but I was making the point for security tools in generally, as the article seemed to indicate that all security tools are immature, even though it focused on the av field specifically.

As for the difference in number of viruses claimed, I thought I read an explanation at some point as to why clam is so much lower than the big avs. It could have been something like combining or the methods of detection or some such, but I don't remember.
NoDough

Sep 19, 2006
2:05 PM EDT
I used Clam in a previous job. It was one of five scanners (four virus scanners, one rules based scanner) used to check all incoming emails.

On one particular day, I came in to find all sorts of news about a new virus (Windows only, of course.) The scanners all updated their signatures at midnight. At one-o'clock McAfee, Trend, and BitDefender missed the virus, but Clam caught it.

[sarcasm] I wonder if FLOSS will ever be as good as commercial software. [/sarcasm]
dcparris

Sep 19, 2006
3:49 PM EDT
> [sarcasm] I wonder if FLOSS will ever be as good as commercial software. [/sarcasm]

Why no. Of course not. After all, it's just 'shareware'. You know, cobbled together by some folks who can't figure out that the car, not the computer, goes in the garage. What can ya do, eh?
hiohoaus

Sep 19, 2006
5:30 PM EDT
I've run several pay-for scanners behind ClamAV, including some big names, and never had ClamAV leave anything which triggered the pay-for scanners.

A year or so ago, I gave up the pointless exercise & now just run ClamAV.

One thing it did which impressed me was detect a few Linux-aimed viruses. Not very many & nothing I ran was vulnerable to them, but nevertheless...
tuxchick2

Sep 19, 2006
5:44 PM EDT
Y'all might recall the thundering silence by the commercial A/V companies over the Sony rootkit mess. F-Secure finally emitted self-congratulations, but remember how they sat on it for a month while they held 'discussions' with Sony. Sysinternals actually publicized the exploit. If it weren't for sysinternals the big security companies never would have said a word. Then even after public pressure forced them to do something about it, their response was very weak- they released a fix that removed the cloak, not the rootkit, and in their malware databases they called it a 'legitimate copy protection scheme.'

Then not long after that Microsoft bought Sysinternals. Funny, eh? Ha. Ha.
dcparris

Sep 19, 2006
6:55 PM EDT
TC, you're so funny it's scary. ;-)
dinotrac

Sep 19, 2006
6:59 PM EDT
tc and dc --

Still, aren't you just a bit concerned to give so much security responsibility to a bi-valve?
tuxchick2

Sep 19, 2006
7:14 PM EDT
Better a bivalve than a biped.

*guffaw*

And this was scarcely odd, because they'd eaten every one
jimf

Sep 19, 2006
7:30 PM EDT
So it was Bill and not Paul that was the Walrus...
Scott_Ruecker

Sep 19, 2006
7:33 PM EDT
See, the problem for the Norton and McAfee and their ilk is that Linux really is built like a tank and that leaves them very little to do. The only thing they have left is to attempt to convince people that Linux is not safe.

>In my own experience, I've had clam find things on several machines that the installed big name avs on those machines couldn't.<

>If it weren't for sysinternals the big security companies never would have said a word.<

Exactly, and they are still pissed about it. Luckily the press seemed to not make a big deal out of it for them. Must be nice, since every update to Firefox is a "critical" bugfix. What a joke.

Linux is like a tire that essentially never loses tread and does not need replacing and we know that the tire companies have been able to produce such tires for years, but why do that when you can continue to sell people tires that do need replacing?

So, If we make every update and bug fix "look" critical and then create an anti-virus product for Linux then people will think that they will need it. I cannot tell you how many articles I have kept from the news-wire that were "Critical bugfixes" for an FOSS program. Again, what a joke.

Anti-virus companies are not interested in protecting you at all. They are only interested in making to "think" you are protected, if you buy there product of course.

I mean, how could you possibly be protected if you have not purchased the highest quality product designed to protect you? Right? ;-)

dinotrac

Sep 20, 2006
1:45 AM EDT
>Linux is like a tire that essentially never loses tread and does not need replacing and we know that the tire companies have been able to produce such tires for years,

Hey Scott...where do I get some of that magic rubber? A material with enough friction and flexibility to use in a tire but is completely impervious to wear and tear? Heck, I'd re-roof my house with the stuff. Wonder if it would make a better base material than vinyl for wallpaper? Etc.
jimf

Sep 20, 2006
2:06 AM EDT
> Linux is like a tire that essentially never loses tread and does not need replacing and we know that the tire companies have been able to produce such tires for years,

You wish :)
Scott_Ruecker

Sep 20, 2006
2:51 AM EDT
After posting that I did do some searching on it and I was wrong. My Apologies.

They do make tires that can last a lot longer than the ones that go to market but no tire can last forever.

You know, its times like these that I actually like having the two of you around, keep me on my toes, get my facts straight...

;-)
dinotrac

Sep 20, 2006
5:32 AM EDT
Scott -

And, of course, all of this stuff gets tricky as all get out...

For example (without going near Fish carburators or such things), tires have always been a tradeoff between ride, handling, and tread life.

You really can make a tire that lasts the life of the car. You just can't make anyone want to drive on it.
jdixon

Sep 20, 2006
5:48 AM EDT
> You really can make a tire that lasts the life of the car. You just can't make anyone want to drive on it.

Yeah, I think I had a set of those one time. Must have lasted for 80K miles or more. The worst 80K miles of my driving life. :( The ride and control were absolutely terrible.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!