By Brian Proffitt
Managing Editor
I’ll admit it: I found some of anti-virus for Linux software
announcements mildly interesting. After all, there seemed to be
some logic in the notion that once Linux got more popular on the
desktop, it would become a bigger target for the virus-writing
crowd. And there seemed to definitely be a need for running AV
software on Linux servers that dealt with Windows clients. No
argument from me there.
Until now.
Now my attitude has shifted from a neutral “what harm can it do”
stance to outright opposition. Because any notion that AV software
would be a slightly positive thing (like providing an extra
security blanket and incentive to those IT folks that can’t
comprehend why viruses plus Linux equal nothing in the first place)
for Linux has turned into yet another reason why people should flee
Windows once and for all.
In short, my caviler attitude was wrong. AV software for Linux
is only going to provide hackers more ways into my system, not
less.
What turned me around was, of course, the whole Sony DRM rootkit
mess. This example of corporate largess and greed clearly points
out huge problems with IP enforcement, DRM, and privacy. If I were
a corporate IT manager I would be sick to my stomach wondering how
many employees brought in these CDs to play them on work time. How
much corporate data is at risk, right now, from these rootkited
Windows boxes? How many more zombies are out there waiting to be
resurrected? (Heck, I’m running Linux and I’m even flinching at the
thought of yet another wave of spam that spamassassin will have to
learn.)
Ultimately, the blame for this lies at Sony’s feet. But what I
want to know is, why didn’t the firewalls, spyware detectors, and
AV clients catch this in the first place? The fact that no AV
appliance or client caught this implies that these companies are
either (a) incompetent or (b) letting this stuff slide by all in
the name of digital rights management. Either option is
inexcusable, but (b) sends chills down my spine.
And I am not alone in my questioning the AV companies. After
coming to this realization, I saw that Bruce Schneier had brought
up the same questions in an article at
Wired. And props definitely must go out to Ken Starks who has
admonished Windows users to flee as well on Lobby4Linux. Common
sense, it seems, finds ways to get out through a variety of
outlets.
Schneier’s article asked the pointed question, “What do you
think of your antivirus company, the one that didn’t notice Sony’s
rootkit as it infected half a million computers?” Rhetorical as
this question might be, I’ll give the answer a shot: I think it’s
reprehensible that any company charged with protecting systems from
harm allowed this DRM software inside with nary so much as a “hey,
what’s this?”
Look, even if you buy into the whole notion of DRM, the very
fact that software is installed on any system without the user’s
knowledge makes it malware. If Sony were on the up and up, they
would have at least thrown up a pop-up screen that gave users a
choice. Of course, given the userspace’s reaction to the whole
Intuit DRM fuss in 2003, when that company opted to start product
activation and install C-Dilla DRM software, I’m sure Sony was
hoping to avoid all of that and just install the software with
literally no questions asked.
Stark’s article uses this as an opportunity to admonish Windows
users that this is yet another reason to dump Windows. Can’t argue
with that. But I feel it necessary to add to the Linux community
that this whole incident is why we do not want to rely on
commercial AV software to help protect our systems, even if it were
necessary.
Clearly, these AV companies do not have the end-user’s
protection in mind any more, if they ever did. Why would Linux
users ever want to rely on them to protect our systems?
Viruses will come. There will always be users who will
double-click on anything in their Inboxes. But protection should
come from within the open source community, not without. Hardened
Linux distros should become the norm. New AV teams should be
working on AV add-on controls, if the need arises. I’d like to see
a nice app that runs in the background, pops up, and makes me
confirm MD5 checksums anytime I download an RPM, DEB, or tarball
from anywhere. (If there is such an animal, let me know.)
There are plenty of ways to protect Linux systems now and in the
future from malware. And one way I can think of right now is: don’t
use commercial AV software on Linux.
Because if we really want to protect our data, then we are going
to have to be ultimately responsible for it.