Editor's Note: Putting Away the Welcome MatNov 18, 2005, 23:30 (32 Talkback[s])
By Brian Proffitt
I'll admit it: I found some of anti-virus for Linux software announcements mildly interesting. After all, there seemed to be some logic in the notion that once Linux got more popular on the desktop, it would become a bigger target for the virus-writing crowd. And there seemed to definitely be a need for running AV software on Linux servers that dealt with Windows clients. No argument from me there.
Now my attitude has shifted from a neutral "what harm can it do" stance to outright opposition. Because any notion that AV software would be a slightly positive thing (like providing an extra security blanket and incentive to those IT folks that can't comprehend why viruses plus Linux equal nothing in the first place) for Linux has turned into yet another reason why people should flee Windows once and for all.
In short, my caviler attitude was wrong. AV software for Linux is only going to provide hackers more ways into my system, not less.
What turned me around was, of course, the whole Sony DRM rootkit mess. This example of corporate largess and greed clearly points out huge problems with IP enforcement, DRM, and privacy. If I were a corporate IT manager I would be sick to my stomach wondering how many employees brought in these CDs to play them on work time. How much corporate data is at risk, right now, from these rootkited Windows boxes? How many more zombies are out there waiting to be resurrected? (Heck, I'm running Linux and I'm even flinching at the thought of yet another wave of spam that spamassassin will have to learn.)
Ultimately, the blame for this lies at Sony's feet. But what I want to know is, why didn't the firewalls, spyware detectors, and AV clients catch this in the first place? The fact that no AV appliance or client caught this implies that these companies are either (a) incompetent or (b) letting this stuff slide by all in the name of digital rights management. Either option is inexcusable, but (b) sends chills down my spine.
And I am not alone in my questioning the AV companies. After coming to this realization, I saw that Bruce Schneier had brought up the same questions in an article at Wired. And props definitely must go out to Ken Starks who has admonished Windows users to flee as well on Lobby4Linux. Common sense, it seems, finds ways to get out through a variety of outlets.
Schneier's article asked the pointed question, "What do you think of your antivirus company, the one that didn't notice Sony's rootkit as it infected half a million computers?" Rhetorical as this question might be, I'll give the answer a shot: I think it's reprehensible that any company charged with protecting systems from harm allowed this DRM software inside with nary so much as a "hey, what's this?"
Look, even if you buy into the whole notion of DRM, the very fact that software is installed on any system without the user's knowledge makes it malware. If Sony were on the up and up, they would have at least thrown up a pop-up screen that gave users a choice. Of course, given the userspace's reaction to the whole Intuit DRM fuss in 2003, when that company opted to start product activation and install C-Dilla DRM software, I'm sure Sony was hoping to avoid all of that and just install the software with literally no questions asked.
Stark's article uses this as an opportunity to admonish Windows users that this is yet another reason to dump Windows. Can't argue with that. But I feel it necessary to add to the Linux community that this whole incident is why we do not want to rely on commercial AV software to help protect our systems, even if it were necessary.
Clearly, these AV companies do not have the end-user's protection in mind any more, if they ever did. Why would Linux users ever want to rely on them to protect our systems?
Viruses will come. There will always be users who will double-click on anything in their Inboxes. But protection should come from within the open source community, not without. Hardened Linux distros should become the norm. New AV teams should be working on AV add-on controls, if the need arises. I'd like to see a nice app that runs in the background, pops up, and makes me confirm MD5 checksums anytime I download an RPM, DEB, or tarball from anywhere. (If there is such an animal, let me know.)
There are plenty of ways to protect Linux systems now and in the future from malware. And one way I can think of right now is: don't use commercial AV software on Linux.
Because if we really want to protect our data, then we are going to have to be ultimately responsible for it.