From: Sthu Deus on
Good day.

I have 3 questions on virus/spy-ware detection and detection technique.

1. Which software (may that is even packaged for Debian) is the best at
Your opinion and why for virus/spy-ware (the software that scans for
interesting data and sends it to some host) detection?

2. What's the technique of scanning for the malicious software? - As I
can understand it should be absolutely trustworthy and at the same time
- up-to-date (the bases it uses) - so, should I have a separate HDD for
the goal that stands most the time separately (on a shelf), updating
alone in computer, then again removed and being used only as a
primary disk for scanning attached disks - as the secondary? Or there
is more easy to perform way of accomplishing this?

3. Is it possible to scan for this very purposes (virus & spy-ware) the
distro CD/DVD -s - as it is from the media, without explicit manual
unpacking - to be sure the software is OK (in case when check sums are
not available OR it is impossible for some reasons to re-download the
images)?

Thank You for Your time.


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/4c4156a3.ce7c0e0a.6a17.ffffa666(a)mx.google.com
From: Andrei Popescu on
On Sb, 17 iul 10, 14:06:58, Sthu Deus wrote:
> Good day.
>
> I have 3 questions on virus/spy-ware detection and detection technique.

[snip]

This has been discussed several times, but IMVHO the time and resources
invested in scanning for malware on Debian are better used in securing
the system.

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
From: Jordon Bedwell on
On Sb, 17 iul 10, 14:06:58, Sthu Deus wrote:
> Good day.
>
> I have 3 questions on virus/spy-ware detection and detection technique.
>

If you must because of incoming mail try using ClamAV. Which a lot of
servers are readily able to integrate and unless you're dumb enough (and
this is just a subjective opinion) to allow elevated privileges without
knowing what the program is, or you run as root, you won't run into any
problems (normally ~ lets not forget the possible potential security
hole ~ it's happened before) with something jacking your system. Even
though Linux is open too, if it's in the repo somebody manages it, so
you can always assume that software found in official repositories is safe.

--
Cheers,

Jordon Bedwell
http://envygeeks.com


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/4C41717E.8000808(a)envygeeks.com
From: Camaleón on
On Sat, 17 Jul 2010 14:06:58 +0700, Sthu Deus wrote:

> I have 3 questions on virus/spy-ware detection and detection technique.

He, sounds like a test...

> 1. Which software (may that is even packaged for Debian) is the best at
> Your opinion and why for virus/spy-ware (the software that scans for
> interesting data and sends it to some host) detection?

- For scanning/detecting virus/malware for Windows systems or linux
systems?

- For local scanning (e-mails, Internet browsing) or a bunch of network
share files?

- By "(sic) and sends it to some host" you mean "keep the admin informed
by sending an alert to a host" or you mean "collaborative tools to
benefit others"?

> 2. What's the technique of scanning for the malicious software? - As I
> can understand it should be absolutely trustworthy and at the same time
> - up-to-date (the bases it uses) - so, should I have a separate HDD for
> the goal that stands most the time separately (on a shelf), updating
> alone in computer, then again removed and being used only as a primary
> disk for scanning attached disks - as the secondary? Or there is more
> easy to perform way of accomplishing this?

Not sure what OS we are talking here...

If you want to assure a true clean environment, better reformat and start
from scratch. As soon as you plug the disk in a network (or via USB port
to an infected machine) data on it can be also compromised.

> 3. Is it possible to scan for this very purposes (virus & spy-ware) the
> distro CD/DVD -s - as it is from the media, without explicit manual
> unpacking - to be sure the software is OK (in case when check sums are
> not available OR it is impossible for some reasons to re-download the
> images)?

I think yes. Many AV scanners will scan ISO files (no "unpacking"
required) but that depends on the AV engine itself.

But (and I think this is important) when you scan and ISO file for
malware and the result is clean/passed, that is not proving the ISO image
could have been manipulated and/or changed. Checksum (or similiar
techniques) is a must.

....

Final words: In general, I do not trust AV scanners so much, neither for
Windows nor other OS. They are still basing their detection score on
rather older techniques (stock antimalware firm definition files). Any
good designed OS has to have its own defenses... and the user has to be
always alert.

> Thank You for Your time.

I hope I've passed the test :-P

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/pan.2010.07.17.09.31.09(a)gmail.com
From: Sthu Deus on
Thank You for Your time and answer, Andrei, giving me and others the
points:

>This has been discussed several times, but IMVHO the time and
>resources invested in scanning for malware on Debian are better used
>in securing the system.
>
>Regards,
>Andrei

> http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/4c4484b5.ce7c0e0a.15d2.1812(a)mx.google.com