From: Andrei Popescu on 19 Jul 2010 13:20 On Lu, 19 iul 10, 15:12:26, Sthu Deus wrote: [...] > question: I have s live/installable-CD/DVD. I use its normal/rescue > mode - I do somethings w/ my OS on HDD in order to make it working. I > had no ability to check its checksum, so, is there a way I can be sure > that the software I used is "clean"? Why can't you check the checksum? Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
From: Camaleón on 19 Jul 2010 14:10 On Mon, 19 Jul 2010 15:12:26 +0700, Sthu Deus wrote: >> On Sat, 17 Jul 2010 14:06:58 +0700, Sthu Deus wrote: >> >> > I have 3 questions on virus/spy-ware detection and detection >> > technique. >> >> He, sounds like a test... > > Would You like to take it? Sure! I like tests (almost) more than cakes :-) >> > 1. Which software (may that is even packaged for Debian) is the best >> > at Your opinion and why for virus/spy-ware (the software that scans >> > for interesting data and sends it to some host) detection? >> >> - For scanning/detecting virus/malware for Windows systems or linux >> systems? > > Please, do not be amazed, but... LINUX. And preferably.... DEBIAN 5/6. What are you afraid of? I mean, what is your main concern? I have not heard for any malware affecting massively linux users for... when? I cannot remember any threat I had to be care of since I am using Linux (that is from 2003). I cannot say the same for another OSs. >> - For local scanning (e-mails, Internet browsing) or a bunch of network >> share files? > > For the local files on HDD and the whole CD/DVD of a distro (live or > installable). ClamAV can scan local files but is not very accurate with rootkits/ malware, just plain common viruses. >> - By "(sic) and sends it to some host" you mean "keep the admin >> informed by sending an alert to a host" or you mean "collaborative >> tools to benefit others"? > > Here I mean malicious software that scans for sensitive data like saved > passwords in files and the typed on keyboard as well, then sends it to > the people that have created / infested my OS w/ the software. Then you maybe interested in anti-rooktiks, like "chkrootkit" or "rootkit hunter" solutions. >> > 3. Is it possible to scan for this very purposes (virus & spy-ware) >> > the distro CD/DVD -s - as it is from the media, without explicit >> > manual unpacking - to be sure the software is OK (in case when check >> > sums are not available OR it is impossible for some reasons to >> > re-download the images)? >> >> I think yes. Many AV scanners will scan ISO files (no "unpacking" >> required) but that depends on the AV engine itself. > > Do You know such a skillful AV engine available for Debian? Mmm, not by first hand, I was just told that they did. But take a look into the major linux AV websites (Karpesky, Avira or Avast) and check their features. >> But (and I think this is important) when you scan and ISO file for >> malware and the result is clean/passed, that is not proving the ISO >> image could have been manipulated and/or changed. Checksum (or > > If so, then AV engines gives false negatives, why should I use it? In > case we misunderstand each other, I try to rephrase my this question: I > have s live/installable-CD/DVD. I use its normal/rescue mode - I do > somethings w/ my OS on HDD in order to make it working. I had no ability > to check its checksum, so, is there a way I can be sure that the > software I used is "clean"? Don't you remember that phrase of "computer security is just an attitude" (or something like that, I barely remember the right statement)? No, unless you manually examine (and understand) the full code, you cannot be 100% safe. I'll give a you a recent example: http://blog.mozilla.com/addons/2010/07/13/add-on-security-announcement/ To make it short, a Mozilla third party plugin was encountered to be a sniffer created to steal the user's passwords. Nice... So, one can be paranoid and back to the typewriter or just remove the ethernet plug... but we'll miss the funny part of the Internet (if any :- P). I mean, checking the MD5SUM or SHA1SUM should be enough guarantee to mark the source as valid/clean and go on. >> I hope I've passed the test :-P > You truly did. Thank You, once again. Great! :-) Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/pan.2010.07.19.18.05.54(a)gmail.com
From: Ron Johnson on 19 Jul 2010 14:30 On 07/17/2010 03:11 AM, Andrei Popescu wrote: > On Sb, 17 iul 10, 14:06:58, Sthu Deus wrote: >> Good day. >> >> I have 3 questions on virus/spy-ware detection and detection technique. > > [snip] > > This has been discussed several times, but IMVHO the time and resources > invested in scanning for malware on Debian are better used in securing > the system. > Unless the Debian machine serves mail to Windows users. -- Seek truth from facts. -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4C449959.6090603(a)cox.net
From: Sthu Deus on 20 Jul 2010 14:30 Thank You for Your time and answer, Camaleón: > What are you afraid of? I mean, what is your main concern? Spying, programs modifications. I have seen already unexplainable weird things - one text file was in size - zero - that never has been so for a long time, another, .ods - was partially damaged... > I have not heard for any malware affecting massively linux users > for... when? I cannot remember any threat I had to be care of since I > am using Linux (that is from 2003). > > For the local files on HDD and the whole CD/DVD of a distro (live or > > installable). > > ClamAV can scan local files but is not very accurate with rootkits/ > malware, just plain common viruses. So, what should I do for the distro install cds - regarding both - spyware and viruses? If we speak about checksumming - sometimes it fails though I believe the problem lays in not accurate or whatever downloading, the images being - I believe - unmodified... - Redownloading is hard because of bandwith. > Then you maybe interested in anti-rooktiks, like "chkrootkit" or > "rootkit hunter" solutions. I guess it does not fit distro cd scanning right? > > Do You know such a skillful AV engine available for Debian? > > Mmm, not by first hand, I was just told that they did. But take a > look In apt-cache search ... ? -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4c45eab7.1eeb640a.4de6.22bd(a)mx.google.com
From: Sthu Deus on 20 Jul 2010 14:30
Thank You for Your time and answer, Andrei: > > question: I have s live/installable-CD/DVD. I use its normal/rescue > > mode - I do somethings w/ my OS on HDD in order to make it working. > > I had no ability to check its checksum, so, is there a way I can be > > sure that the software I used is "clean"? > > Why can't you check the checksum? For two reasons: 1. I do not know how to get image from a cd/dvd - I believe by simple dd-ing it will not work w/ checksum, but some more options should be used. 2. not for all cd/dvd-s I know checksums or places where I can obtain it - it is for a bit older Debian and Ubuntu. - For I have noticed that on their sites the chcksums are gone as soon as new images are uploaded to the sites. Or there is a archive for the checksums? -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4c45e8bb.1eeb640a.52b9.219e(a)mx.google.com |