Antivirus solutions

[eeyore-p40]

Linux is not invincible because we leave in a FUZZY (not bivalent) world. So "everything is a matter of quantity".
How many server run Linux? How many windows? How many Linux servers fail under attack, and how many windows servers does?
Your resoning could be rigth for desktop market (could be) but my question is: Why no one try a porting of viruses? If they work for Windows, and Windows is almost the same of Linux, why sould be so difficult to port it?

Actually, a lot of focus now is on making viruses that run as small hypervisors in a virtualized environment. Key viruses recently have shown the capability to reside in the BIOS and persist after reboot. There you're living in an OS independent environment and very few security programs will be able to catch you, much less remove you. It then becomes an issue of CPU architecture support rather than OS version. Windows, OS X, Linux, doesn't matter. Just need to support Intel or AMD's HV architectures, or worse, support both.

I don't know very well OS X story, but Windows! The great improvement went with Linux success (Win 98 -> Win XP).

Agreed. I think XP is a very good OS, despite all the bugs, and certainly better than 98.

OS too!
There is a fact that show the big difference between Ms an nix worlds: Microsoft sale an Antivirus but none of Linux distro.

Yeah, Microsoft certainly needs to be a little quicker in the turnaround on patches. Personally, I'm a little disappointed in Apple for this too. And I'll hand it to Linux. Several of their distro's are very good about this.

[Mr. M-p40]

If you haven't seen Malwarebytes.org you should check it out, its the only malware application I have used for a couple years and I have had zero problems. The "free" version suffices, it just requires you to run scans manually.

Still no problems...

[russellhltn]

If you want a virtually virus free windows computer, create an Administrator account that you only use to install software and make major changes to the system. Run all your applications and everyday stuff through a limited account. By simply doing that, you'll eliminate 95-99% of all possible scenarios in which a virus may be installed on your computer.

This study puts the number at 92%. Still an impressive number.


The biggest problem with trying to run Windows this way is that Administrator is a separate account and many times software will only put things in for the person doing the installing, not everyone. That and the fact many don't follow the rules properly and end up breaking if you run them with less than admin privileges. Fortunatly Vista compatibility is fixing that.

Yes, it's safer, but in my experience, you need to be a computer expert to successfully do that. Even then it will try one's patience.

One of the key components is to keep up to date with patches. Not just for the OS, but for all the common apps and plug-ins. That's a real pain.

I'd suggest everyone go to to Secunia.com and run a on-line scan on your system. Unless you've really been aggressive with all of your apps, you'll probably find something is out of date on your machine. I'm not sure if the service works for Mac or *nix. It's worth a try. The average user probably has outdated and venerable Java and Adobe/Macromedia Flash apps installed.

It's been a few years, but I remember seeing one "virus" going around that attacked the Java plug-in and would run on all platforms.

[eeyore-p40]

This study puts the number at 92%. Still an impressive number.

Thanks for the update. I knew it was in the 90's area, but I guess I thought it was a little higher. But like you said, still impressive.

The biggest problem with trying to run Windows this way is that Administrator is a separate account and many times software will only put things in for the person doing the installing, not everyone. That and the fact many don't follow the rules properly and end up breaking if you run them with less than admin privileges. Fortunatly Vista compatibility is fixing that.

Yes, it's safer, but in my experience, you need to be a computer expert to successfully do that. Even then it will try one's patience.

One of the key components is to keep up to date with patches. Not just for the OS, but for all the common apps and plug-ins. That's a real pain.

Very true. It would then just be a question of worth in running Windows in this fashion so you can use more applications you might be familiar with, or switching to some version of Linux and climbing that learning curve (the grade of that learning curve is getting much smaller IMO, but it's still a personal thing). As for me, I run Windows as a virtual machine on my Mac and don't connect it to the internet. That's just what works for me.

I'd suggest everyone go to to Secunia.com and run a on-line scan on your system. Unless you've really been aggressive with all of your apps, you'll probably find something is out of date on your machine. I'm not sure if the service works for Mac or *nix. It's worth a try. The average user probably has outdated and venerable Java and Adobe/Macromedia Flash apps installed.

It's been a few years, but I remember seeing one "virus" going around that attacked the Java plug-in and would run on all platforms.

Yeah, virtualization platforms, as great as they are, is getting a lot of scrutiny on the security front. The idea is great, but man the possible exploits are scary as all get out.

[marianomarini]

Actually, a lot of focus now is on making viruses that run as small hypervisors in a virtualized environment. Key viruses recently have shown the capability to reside in the BIOS and persist after reboot. There you're living in an OS independent environment and very few security programs will be able to catch you, much less remove you. It then becomes an issue of CPU architecture support rather than OS version. Windows, OS X, Linux, doesn't matter. Just need to support Intel or AMD's HV architectures, or worse, support both.

To modify BIOS firmware (now almost all build in flash technology) viruses has to access directly the hardware or use the embedded software. Both operations rely on OS (at least for the installation).

Agreed. I think XP is a very good OS, despite all the bugs, and certainly better than 98.

It was a terrific improvement, comparable to that from Win 3.0 and Win95! A very great work!

Yeah, Microsoft certainly needs to be a little quicker in the turnaround on patches. Personally, I'm a little disappointed in Apple for this too. And I'll hand it to Linux. Several of their distro's are very good about this.

Corporate company is less responsive than open community. (Budget, market plans, ecc.)

[eeyore-p40]

To modify BIOS firmware (now almost all build in flash technology) viruses has to access directly the hardware or use the embedded software. Both operations rely on OS (at least for the installation).

Actually, that's not true. A hypervisor can install anything it wants regardless of the OS running on top of it. The trick is getting the code implanted on the host machine, whether through a virus, a computer hack, or a bogus driver. Once I have code implanted, I just have to tell the computer to boot that code first. The next time the system reboots, it runs the code I implanted and can do whatever it wants to the underlying hardware before the OS even boots. Once it makes that implant, it removes itself and boots the standard OS. Once that happens, you have a very small chance of ever detecting it.

For instance, check out this link: BIOS hack. As the article states, this worked for Windows, OpenBSD, and through VMware. This method take a slightly different angle, but still effective and still possible on Linux OS's as well as Windows. You'll probably also want to check the link on that site about persistent rootkits. As the article says, "Getting root on a Unix box or taking full control of a Windows machine is just a matter of having the patience to find a soft spot in the operating system or one of the applications and then moving up the stack from there."

I'll go ahead and let the issue drop now, but I just want people to be aware of this kind of stuff. Like I said originally, agree with it, don't agree with it. But working full-time in vulnerability analysis, I just want to pass on what I've learned.

[rmrichesjr]

...
For instance, check out this link: BIOS hack. As the article states, this worked for Windows, OpenBSD, and through VMware. This method take a slightly different angle, but still effective and still possible on Linux OS's as well as Windows. You'll probably also want to check the link on that site about persistent rootkits. As the article says, "Getting root on a Unix box or taking full control of a Windows machine is just a matter of having the patience to find a soft spot in the operating system or one of the applications and then moving up the stack from there."
...

I don't see the quoted passage ("Getting root on a Unix box or taking full control of a Windows machine is just a matter of having the patience to find a soft spot in the operating system or one of the applications and then moving up the stack from there.") in the article I see at the supplied URL.

The article I see at that URL is about getting inside the machine through pre-infected hardware or a fake or compromised driver. Pre-infected hardware (PCI card flash, for example) implies physical access, at which point all OS security mechanisms are out of the picture. Fake and compromised drivers can largely be avoided by getting drivers from reputable sources rather than Googling for drivers to make a new piece of hardware work. I've seen a clerk searching the web for and installing drivers to try to get a ward office PC to recognize a thumb drive that my home machine uses just fine with only the drivers supplied as part of the kernel it's running.

[marianomarini]

I've seen a clerk searching the web for and installing drivers to try to get a ward office PC to recognize a thumb drive that my home machine uses just fine with only the drivers supplied as part of the kernel it's running.

This is a one of mine existential questions! But I think is out of scope of this thread!

[steph.younger]

From the direction the thread has taken, it may be too late for me to weigh in, but I have to make a plug for Avast antivirus. I use it on two of my computers and have been virus free for more than five years - and I use my internet connection in airports and hotels rather often, which is where my coworkers complain about getting their infections.

One note about the "which OS is better" discussion: I love Ubuntu (my wife does not, so we're a Windows family ). Linux is a great OS and does everything I need it to do, but it's not immune - it's just not targeted as often. That aside, if you're running a virtual machine to port those Windows programs you just can't live without, my understanding is that you should protect the VM just like you would a native operating system.

[eeyore-p40]

I don't see the quoted passage ("Getting root on a Unix box or taking full control of a Windows machine is just a matter of having the patience to find a soft spot in the operating system or one of the applications and then moving up the stack from there.") in the article I see at the supplied URL.

It's in the link provided in the article, persistent rootkits. Here's a direct link: http://searchsecurity.techtarget.com/ne ... 33,00.html

The article I see at that URL is about getting inside the machine through pre-infected hardware or a fake or compromised driver. Pre-infected hardware (PCI card flash, for example) implies physical access, at which point all OS security mechanisms are out of the picture. Fake and compromised drivers can largely be avoided by getting drivers from reputable sources rather than Googling for drivers to make a new piece of hardware work. I've seen a clerk searching the web for and installing drivers to try to get a ward office PC to recognize a thumb drive that my home machine uses just fine with only the drivers supplied as part of the kernel it's running.

Like I said, the article presents only one possible method, and doesn't represent the exact same method I was presenting. It simple showed another way in which viruses can transcend Operating Systems and operate on multiple platforms. Blue pill (http://theinvisiblethings.blogspot.com/ ... -pill.html) is better suited to what I was actually talking about and is a very interesting read if you've never heard of it.