Slashdot Mirror
Tasmanian Dept. of Education Wants Anti-Virus for Linux, OS X
An anonymous reader writes "One of Australia's largest government technology buyers, the Tasmanian Department of Education, has gone to market for a security vendor to supply anti-virus software for its 40,000-odd desktop PCs and laptops, as well as servers. But the department's not just running Windows — it runs Mac OS X and Linux as well, and has requested that whatever solution it buys must be able to run on those platforms as well. But have we reached the stage were Mac OS X and Linux even need third-party security software? It seems like most Mac and Linux users don't run it."
This is exactly why antivirus software for Linux already exists, they probably catch a couple of Linux viruses too, but the majority of their definitions are Windows viruses.
I've set up ClamAV on my Linux mail server to catch most dodgy stuff before it reaches my Windows PC. I also recently installed it onto my Linux Netbook to scan a friend's external hard drive for a Windows virus. I haven't been following the latest security news, so didn't particularly want to risk plugging it into my friend's or my Windows machine to scan it.
So I agree, there definitely is a use for Linux-based anti virus software...even if my own uses are mainly concerned with protecting Windows machines.
I wish to file a bug report: you count multiple times files with several hard links.
http://technet.microsoft.com/en-us/library/cc512587.aspx
>>You can't clean a compromised system by patching it.
>>You can't clean a compromised system by removing the back doors.
>>You can't clean a compromised system by using some "vulnerability remover."
>>You can't clean a compromised system by using a virus scanner.
>>You can't clean a compromised system by reinstalling the operating system over the existing installation.
>>You can't trust any data copied from a compromised system.
>>You can't trust the event logs on a compromised system.
>>You may not be able to trust your latest backup.
>>>>>The only way to clean a compromised system is to flatten and rebuild.
Jesper M. Johansson, Ph.D. [YES, HE'S A DOCTOR], CISSP, MCSE, MCP+I
Security Program Manager
Microsoft Corporation
Pretty much hit the nail on the head.
Polymorphic and Metamorphic viruses already exist and it's been proven mathematically that detecting such code is NP-complete.
(Spinellis, Diomidis; Reliable identification of bounded-length viruses is NP-complete, IEEE Transactions on Information Theory, 49(1):280â"284, January 2003. doi:10.1109/TIT.2002.806137)
http://en.wikipedia.org/wiki/Polymorphic_code
http://en.wikipedia.org/wiki/Metamorphic_code
The scanners are so bad at detecting viruses because it's an example of Enumerating Badness which is one of the 6 dumbest ideas in security which just won't die.
http://www.ranum.com/security/computer_security/editorials/dumb/
Rather than trying to keep track of the few thousand or tens of thousands of things that should be running on your own network and white-listing those you either try to keep track of everything bad in the world or pay someone else to. Then you try to blacklist those.
Thus you get an antivirus scanner.
Counterpoint: yes
The US DoD requires it too. Fortunately, it is available from commercial suppliers (ClamAV is not compliant with something or other), so you just install it and maintain it and pass the bill on to the taxpayers.
I think it's just standard CYA, so you have someone external to blame if something slips through (which possibly explains why effective roll-your-own measures are deemed insufficient by the policymakers).