Senior Linux Systems Engineer or Linux Systems Administrator WSI Nationwide, Inc. US-NY-New York Post A Job | Post A Resume

By Brian Proffitt
Managing Editor

I'll admit it: I found some of anti-virus for Linux software announcements mildly interesting. After all, there seemed to be some logic in the notion that once Linux got more popular on the desktop, it would become a bigger target for the virus-writing crowd. And there seemed to definitely be a need for running AV software on Linux servers that dealt with Windows clients. No argument from me there.

Until now.

Now my attitude has shifted from a neutral "what harm can it do" stance to outright opposition. Because any notion that AV software would be a slightly positive thing (like providing an extra security blanket and incentive to those IT folks that can't comprehend why viruses plus Linux equal nothing in the first place) for Linux has turned into yet another reason why people should flee Windows once and for all.

In short, my caviler attitude was wrong. AV software for Linux is only going to provide hackers more ways into my system, not less.

What turned me around was, of course, the whole Sony DRM rootkit mess. This example of corporate largess and greed clearly points out huge problems with IP enforcement, DRM, and privacy. If I were a corporate IT manager I would be sick to my stomach wondering how many employees brought in these CDs to play them on work time. How much corporate data is at risk, right now, from these rootkited Windows boxes? How many more zombies are out there waiting to be resurrected? (Heck, I'm running Linux and I'm even flinching at the thought of yet another wave of spam that spamassassin will have to learn.)

Ultimately, the blame for this lies at Sony's feet. But what I want to know is, why didn't the firewalls, spyware detectors, and AV clients catch this in the first place? The fact that no AV appliance or client caught this implies that these companies are either (a) incompetent or (b) letting this stuff slide by all in the name of digital rights management. Either option is inexcusable, but (b) sends chills down my spine.

And I am not alone in my questioning the AV companies. After coming to this realization, I saw that Bruce Schneier had brought up the same questions in an article at Wired. And props definitely must go out to Ken Starks who has admonished Windows users to flee as well on Lobby4Linux. Common sense, it seems, finds ways to get out through a variety of outlets.

Schneier's article asked the pointed question, "What do you think of your antivirus company, the one that didn't notice Sony's rootkit as it infected half a million computers?" Rhetorical as this question might be, I'll give the answer a shot: I think it's reprehensible that any company charged with protecting systems from harm allowed this DRM software inside with nary so much as a "hey, what's this?"

Look, even if you buy into the whole notion of DRM, the very fact that software is installed on any system without the user's knowledge makes it malware. If Sony were on the up and up, they would have at least thrown up a pop-up screen that gave users a choice. Of course, given the userspace's reaction to the whole Intuit DRM fuss in 2003, when that company opted to start product activation and install C-Dilla DRM software, I'm sure Sony was hoping to avoid all of that and just install the software with literally no questions asked.

Stark's article uses this as an opportunity to admonish Windows users that this is yet another reason to dump Windows. Can't argue with that. But I feel it necessary to add to the Linux community that this whole incident is why we do not want to rely on commercial AV software to help protect our systems, even if it were necessary.

Clearly, these AV companies do not have the end-user's protection in mind any more, if they ever did. Why would Linux users ever want to rely on them to protect our systems?

Viruses will come. There will always be users who will double-click on anything in their Inboxes. But protection should come from within the open source community, not without. Hardened Linux distros should become the norm. New AV teams should be working on AV add-on controls, if the need arises. I'd like to see a nice app that runs in the background, pops up, and makes me confirm MD5 checksums anytime I download an RPM, DEB, or tarball from anywhere. (If there is such an animal, let me know.)

There are plenty of ways to protect Linux systems now and in the future from malware. And one way I can think of right now is: don't use commercial AV software on Linux.

Because if we really want to protect our data, then we are going to have to be ultimately responsible for it.

Index Mode   |   Flat Mode   |   Thread Mode   |   Thread Flat     Talkback(s) Name  and Date   very good...!!!!    Pete Nov 18, 2005, 23:51:02     AV companies knew already?    Eduardo Nov 18, 2005, 23:58:30     agreed!    Carla Schroder Nov 19, 2005, 01:36:44     I think there can be no doubt...    Nate Bargmann Nov 19, 2005, 02:19:42     Dominos    jp Nov 19, 2005, 02:33:14     Kudos and a minor nit-pick    Jim Russell Nov 19, 2005, 02:56:50     Re: agreed!    jp Nov 19, 2005, 03:59:31     It has been my opinion....    Edmundo Nov 19, 2005, 04:28:33     Brian, you're completely contaminated    Alastor Nov 19, 2005, 05:58:08     Point well taken, time to rip out the text    Mark Rais Nov 19, 2005, 08:17:46     Re: It has been my opinion....    Mike R. Nov 19, 2005, 08:40:20     My experice in the "security" secto    Paul Henrichsen Nov 19, 2005, 10:17:36     Re: Dominos    blackhole Nov 19, 2005, 11:02:20     Grrrrrrrreat article!    Roni Oliva Nov 19, 2005, 11:24:11     Debian, md5's, and insecurity    Sepero Nov 19, 2005, 12:31:24     Re: Brian, you're completely contaminated    Brian Proffitt Nov 19, 2005, 12:33:58     More Linux == More Linux Virus = FUD    Ed Young Nov 19, 2005, 15:36:49     Open Source AV programs    Henrik R Clausen Nov 19, 2005, 17:12:34     Re: Open Source AV programs    Rufus Polson Nov 19, 2005, 19:47:33     Welcome!    Peter Yellman Nov 20, 2005, 00:50:50     No where near the infection rate...    helio Nov 20, 2005, 02:39:00     rpm --checksig    Vance Nov 20, 2005, 06:34:59     Largess?    Martin Nov 20, 2005, 17:48:28     Generalized AV    Passacaglia Nov 20, 2005, 19:41:39     Re: No where near the infection rate...    Emu Nov 21, 2005, 00:33:59     WinClam Didn't Find It!??!?!    Matt Nov 21, 2005, 03:00:35     It's all about CLAMAV    Peteris Krisjanis Nov 21, 2005, 05:20:10     Re: Welcome!    Hyper L Nov 21, 2005, 13:49:27     It's all about scale?    Onan the Barbarian Nov 21, 2005, 14:28:30     Re: Brian, you're completely contaminated    Víctor R. Rivarola S. Nov 22, 2005, 16:21:25     Re: Re: Brian, you're completely contaminated    Tony OBryan Nov 26, 2005, 00:36:43     Re: Re: No where near the infection rate...    helios Nov 27, 2005, 05:02:43     Home | Search Talkbacks | Customize View    Top of Page   Enter your comments below: * Your Name: * Your Email Address: * Subject: CC: [will also send this talkback to an E-Mail address] * Comments: Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content. Fields marked with * are required!