Debian virus/spy-ware detection and detection technique.
in [Debian]
|
From: Sthu Deus on 17 Jul 2010 03:10 Good day. I have 3 questions on virus/spy-ware detection and detection technique. 1. Which software (may that is even packaged for Debian) is the best at Your opinion and why for virus/spy-ware (the software that scans for interesting data and sends it to some host) detection? 2. What's the technique of scanning for the malicious software? - As I can understand it should be absolutely trustworthy and at the same time - up-to-date (the bases it uses) - so, should I have a separate HDD for the goal that stands most the time separately (on a shelf), updating alone in computer, then again removed and being used only as a primary disk for scanning attached disks - as the secondary? Or there is more easy to perform way of accomplishing this? 3. Is it possible to scan for this very purposes (virus & spy-ware) the distro CD/DVD -s - as it is from the media, without explicit manual unpacking - to be sure the software is OK (in case when check sums are not available OR it is impossible for some reasons to re-download the images)? Thank You for Your time. -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4c4156a3.ce7c0e0a.6a17.ffffa666(a)mx.google.com
From: Andrei Popescu on 17 Jul 2010 04:20 On Sb, 17 iul 10, 14:06:58, Sthu Deus wrote: > Good day. > > I have 3 questions on virus/spy-ware detection and detection technique. [snip] This has been discussed several times, but IMVHO the time and resources invested in scanning for malware on Debian are better used in securing the system. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
From: Jordon Bedwell on 17 Jul 2010 05:10 On Sb, 17 iul 10, 14:06:58, Sthu Deus wrote: > Good day. > > I have 3 questions on virus/spy-ware detection and detection technique. > If you must because of incoming mail try using ClamAV. Which a lot of servers are readily able to integrate and unless you're dumb enough (and this is just a subjective opinion) to allow elevated privileges without knowing what the program is, or you run as root, you won't run into any problems (normally ~ lets not forget the possible potential security hole ~ it's happened before) with something jacking your system. Even though Linux is open too, if it's in the repo somebody manages it, so you can always assume that software found in official repositories is safe. -- Cheers, Jordon Bedwell http://envygeeks.com -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4C41717E.8000808(a)envygeeks.com
From: Camaleón on 17 Jul 2010 05:40 On Sat, 17 Jul 2010 14:06:58 +0700, Sthu Deus wrote: > I have 3 questions on virus/spy-ware detection and detection technique. He, sounds like a test... > 1. Which software (may that is even packaged for Debian) is the best at > Your opinion and why for virus/spy-ware (the software that scans for > interesting data and sends it to some host) detection? - For scanning/detecting virus/malware for Windows systems or linux systems? - For local scanning (e-mails, Internet browsing) or a bunch of network share files? - By "(sic) and sends it to some host" you mean "keep the admin informed by sending an alert to a host" or you mean "collaborative tools to benefit others"? > 2. What's the technique of scanning for the malicious software? - As I > can understand it should be absolutely trustworthy and at the same time > - up-to-date (the bases it uses) - so, should I have a separate HDD for > the goal that stands most the time separately (on a shelf), updating > alone in computer, then again removed and being used only as a primary > disk for scanning attached disks - as the secondary? Or there is more > easy to perform way of accomplishing this? Not sure what OS we are talking here... If you want to assure a true clean environment, better reformat and start from scratch. As soon as you plug the disk in a network (or via USB port to an infected machine) data on it can be also compromised. > 3. Is it possible to scan for this very purposes (virus & spy-ware) the > distro CD/DVD -s - as it is from the media, without explicit manual > unpacking - to be sure the software is OK (in case when check sums are > not available OR it is impossible for some reasons to re-download the > images)? I think yes. Many AV scanners will scan ISO files (no "unpacking" required) but that depends on the AV engine itself. But (and I think this is important) when you scan and ISO file for malware and the result is clean/passed, that is not proving the ISO image could have been manipulated and/or changed. Checksum (or similiar techniques) is a must. .... Final words: In general, I do not trust AV scanners so much, neither for Windows nor other OS. They are still basing their detection score on rather older techniques (stock antimalware firm definition files). Any good designed OS has to have its own defenses... and the user has to be always alert. > Thank You for Your time. I hope I've passed the test :-P Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/pan.2010.07.17.09.31.09(a)gmail.com
From: Sthu Deus on 19 Jul 2010 13:10 Thank You for Your time and answer, Andrei, giving me and others the points: >This has been discussed several times, but IMVHO the time and >resources invested in scanning for malware on Debian are better used >in securing the system. > >Regards, >Andrei > http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4c4484b5.ce7c0e0a.15d2.1812(a)mx.google.com
|
Next
|
Last
Pages: 1 2 3 4 5 6 7 Prev: Please help me test aufs Next: Problem Replacing LVM on RAID1 Disk |