Antivirus and firewalls

[Belgian Brownie]

Newbie-type question!

Do I need antivirus and firewall software such as Norton, Sophos, Kapersky, etc... in a linux networked environment?

I know linux has its own firewall, but the so does Windows and I simply turn that off and use a reputable 3rd party one.

[ph34r]

Firewall maybe , AV probably not

[kiel]

really depens on what you are doing, myself I prefer a good router firewall, configure to not be able to ping router etc, but a firewall coulnt hurt either.

antivirus, well you coul install it, but the luikelyhood of a virus infecting your linux system is 1 in 1000

I personaly dont worry about antivirus.

[gamblor01]

If you have a spare system lying around, even if it's really old, you might look at using ipcop (see http://www.ipcop.org).

My old roommate and I set this up at our old apartment. It was really easy to install/setup and the amount of information you get in incredible. We had 2 NICs in the box so one was connected to the cable modem, the other one had the wireless router plugged into it. You can have it serve as a DHCP server (or not)...it was neat.

[camelrider]

A firewall should always be in place if anything on your network faces the Internet! This may be built-in to a router device, or firewall and routing can be implemented on a Linux or BSD box. I'm partial to Shorewall. ( www.shorewall.net ) as a front-end to ip-tables firewall.

If you are running an e-mail server I'm sure your clients would appreciate some AV measures. There are several AV apps that integrate well with Linux e-mail servers.

[Belgian Brownie]

Thanks for the replies.

At the moment, I am testing, but if I were to implement a network for a customer, would an AV be advisable or over the top?

As for firewalls, my Linksys router should do the job, then?

Cheers in advance.

[happybunny]

i like this article http://linuxmafia.com/~rick/faq/inde...ge=virus#virus

While I don't typical put virus protection on my linux machines, it does help.

My dual boot linux/xp machine got a virus on the xp side...I booted linux, mounted the xp partition and scanned and removed the virus.

While Linux "can't" get infected, it can sure hold files that are, so in a mixed windows/linux environment, it may make sense to put virus protection on the linux box as another layer of protection.

clamav is my favorite, since i can just apt-get install clamav and be done with it...it's simple, free and just works.

[irlandes]

A year or two ago, I got from the former Soviet Union a message with an attachment. Out of curiosity, I clicked on it, and got a prompt for the password. I took it as a virus intended for Linux. Today, on a rare occasion (an old friend wants long distance advice on a Windows computer problem) I booted XP and ran Avast. It went down into my FAT storage and found that "linux virus", said it is some kind of worm.

So, now I don't know if it is a "bilingual" virus, or if that type of worm would invoke the password box in Linux in any case. I may re-evaluate my need for an antivirus in Linux.

The main reason for a virus checker is when you are serving Windows machines. It pretty much becomes mandatory to protect them.

[mmills]

Thanks for the replies.

At the moment, I am testing, but if I were to implement a network for a customer, would an AV be advisable or over the top?

As for firewalls, my Linksys router should do the job, then?

Cheers in advance.

for running a regular desktop, yes, if your running a server for clients, they would appreciate some av, since "they" could get infected.

[Pierre2]

software such as Norton, Sophos, Kapersky, etc

is generally not available in a Lnx environment.

do you need that extra protection ?.
As a rule of thumb - NO.

but, as stated above - if you dual boot or have friends in M$ land,
then it,s a good precaution.
however, neither is actually necessary in Lnx.

[cybertron]

antivirus, well you coul install it, but the luikelyhood of a virus infecting your linux system is 1 in 1000

I'd say it's considerably smaller than that, unless you do something like:

A year or two ago, I got from the former Soviet Union a message with an attachment. Out of curiosity, I clicked on it, and got a prompt for the password.

Curiosity killed the cat.

Mind you, as long as you didn't give it the root password it couldn't have messed with the system, but it could have royally screwed your regular user files. Rule #1 of e-mail: If you get an attachment that seems shady (even from someone you know), don't open it, even on Linux. If you absolutely have to know, that's what VirtualBox is for.

[Satanic Atheist]

As happybunny said, Linux cannot be infected by Windows viruses. As a "normal" user (as opposed to root), the worst you could do to your system is flatten your own homeshare.

There is no reason to run Anti-Virus software on Linux systems UNLESS you fall into one of the following categories:

1) Your Linux machine integrates via ANY means with a Windows system
2) Your Linux machine is a server for e-mail
3) You run Windows in a Virtual Machine under Linux

I cannot think of any others off the top of my head...

I run my own mailserver and I use ClamAV to scan e-mails at SMTP time. Any that have viruses in them are rejected outright. Although I do not use Windows, I may do in the future and would rather not have the hassle of cleaning up crap like that.

To avoid wasting your hard drives needlessly, I wouldn't recommend daily scanning for viruses on your Linux systems because the process will wear them out very quickly. It would be much better to stop virus infected files getting in in the first place.

There are a LOT of security systems available for Linux to augment its outstanding security model. I use DenyHosts, SSHD (with authentication key ONLY), ClamAV and chroot jailing for all Internet services that support it. I am also careful about authentication for systems that cannot use Public Key encryption such as e-mail.

James

[braindamage73]

Yes, you need an antivirus. No operating system is safe no matter who says so. I know. There are Linux viruses and trojan horses and all sorts of 'vicious knids' out there and there are many enlightening, even frightening and authorative articles about the coming problem. Why? Think about how many Linux distributions there are: over a hundred from almost as many countries (including Nepal Linux). I have free AVG, but AVAST is free, too. $US 29.99+ tax will get you the best, BitDefender, for a year.

[irlandes]

Could you give us some clues where find the "many enlightening, even frightening and authoritative articles about the coming problem?"

I spend a lot of time reading Linux news articles, and once in a while Linux forums. I have NEVER heard anywhere of a single person who received damage on a Linux system from a virus; worm; trojan; spyware; etc. All I have encountered is the MS folks who tell us any minute we are going to be under attack, that Linux is as susceptible to viruses as Windows, the only reason we don't get nailed is because the number of Linux machines is insignificant. Etc.;etc.; etc.

Having said that, I am willing to be corrected in any evidentiary way. I do not wish to ignore a truly changing reality.

As far as the attachment I clicked on, that was a calculated decision. It was my own computer. I honestly did not believe anyone had written a virus which would harm my computer without the root password. I was willing to risk it to find out. I was right. It did no harm. No cats were killed.

I volunteered on this URL to send it to anyone who wished to investigate. I was told this was inappropriate. This is what will kill us, if we are killed, which I doubt, is the fear and trembling which precludes investigating what might be malware when it is observed, so information can be distributed in a timely manner. (Just back from Mexico; Mexico Pig Flu was observed in the state of Vera Cruz in February, but was ignored by the government until it had been spread in Mexico City. thus the world.)

[cybertron]

Yes, you need an antivirus. No operating system is safe no matter who says so. I know. There are Linux viruses and trojan horses and all sorts of 'vicious knids' out there

This is true, but to my knowledge they all depend on either a flaw in a piece of software, in which case antivirus is useless, or the user opening and running an untrusted file sent to them, which could (but may not be) caught by antivirus. But the reality is that if an antivirus program catches 95% of all known viruses, never mind new ones that they don't know about yet, it's considered to be doing well so you shouldn't think that running antivirus allows you to forget about potential threats. At best it's an occasional get out of jail free card if you make a mistake but it shouldn't be depended on.

and there are many enlightening, even frightening and authorative articles about the coming problem. Why? Think about how many Linux distributions there are: over a hundred from almost as many countries (including Nepal Linux).

Frightening, certainly, enlightening, probably not, authoritative, according to whom? Most of these articles are written by Windows users who have been snowed by the AV companies for years into believing that you're effectively surfing naked if you don't use their software. I'll link to one of the first articles I saw explaining the actual reason for the lack of viruses on Linux, and it doesn't need any separate authority because all of the arguments are supported by logic based solely on how Linux works, not some Windows luminary's theory about why Linux doesn't have viruses.

http://linuxmafia.com/~rick/faq/inde...ge=virus#virus

It's a good read and it should be read by anyone planning to write an article about Linux viruses, if for no other reason than to know what the arguments against Linux viruses are. While I suppose they could come up with a counter-argument, I think in most cases they would be dissuaded from ever writing their own article.