Posted by: Anonymous Coward
on February 27, 2007 02:11 AM
Disclaimer: I'm a Linux user and I don't use any antivirus or antimalware program because I don't think I need any.
However, there are a couple of weak points when people say Linux doesn't and probably won't need antivirus or antimalware programs. First, as somebody already mentioned, the MIME type associations are a weak point because you can use them to launch scripts by clicking.
Second, we have the<nobr> <wbr></nobr>.desktop files, which have been a matter of discussion in several mailing lists.<nobr> <wbr></nobr>.desktop files, currently, allow anybody to send you any program and make it look however they want, ready to be triggered by a mouse click. Just like it happens on Windows, one of the weakest points is the user. If an unexperienced user is sent a joke.jpg.desktop file in an email and told to right click on it, save it to the desktop and then click it, they _may_ do it. And the file may even have the icon of an image MIME type. Or what's worse: it could create a spam-sending program or script in your Autostart folder _and_ display a joke image, so you won't even suspect you've been infected.
So don't use your Linux machine with a sense of fake confidence that nothing will happen and you're safe. That's the worse thing you can do. Users should be aware of the danger of opening unexpected attachments and visiting malicious websites, and we should still remind them of those dangers despite the fact that they're running Linux. Say "You won't need an AV, but be careful" instead of "Oh, don't worry, you won't need an AV if you run Linux".
Also, not running programs as root has the advantage that malware infections are easier to clean (delete mail, crontab and user home directory and you'll be ready), but you still need to apply security fixes carefully to avoid privilege escalation vulnerabilities. And let's not forget that you can't say "Don't worry. Your Linux system will be OK in 5 minutes. It's only your private emails, documents, gpg and ssh keys which have been exposed to this malware program." That's not acceptable.
Learn about Linux
Download Linux
Get Linux help
Not quite
Posted by: Anonymous Coward on February 27, 2007 02:11 AMHowever, there are a couple of weak points when people say Linux doesn't and probably won't need antivirus or antimalware programs. First, as somebody already mentioned, the MIME type associations are a weak point because you can use them to launch scripts by clicking.
Second, we have the<nobr> <wbr></nobr>.desktop files, which have been a matter of discussion in several mailing lists.<nobr> <wbr></nobr>.desktop files, currently, allow anybody to send you any program and make it look however they want, ready to be triggered by a mouse click. Just like it happens on Windows, one of the weakest points is the user. If an unexperienced user is sent a joke.jpg.desktop file in an email and told to right click on it, save it to the desktop and then click it, they _may_ do it. And the file may even have the icon of an image MIME type. Or what's worse: it could create a spam-sending program or script in your Autostart folder _and_ display a joke image, so you won't even suspect you've been infected.
So don't use your Linux machine with a sense of fake confidence that nothing will happen and you're safe. That's the worse thing you can do. Users should be aware of the danger of opening unexpected attachments and visiting malicious websites, and we should still remind them of those dangers despite the fact that they're running Linux. Say "You won't need an AV, but be careful" instead of "Oh, don't worry, you won't need an AV if you run Linux".
Also, not running programs as root has the advantage that malware infections are easier to clean (delete mail, crontab and user home directory and you'll be ready), but you still need to apply security fixes carefully to avoid privilege escalation vulnerabilities. And let's not forget that you can't say "Don't worry. Your Linux system will be OK in 5 minutes. It's only your private emails, documents, gpg and ssh keys which have been exposed to this malware program." That's not acceptable.
#