[Dshield] Is it true that Linux users do not fear Viruses and Trojans (+ some vital questions)

Ed Truitt ed.truitt at etee2k.net
Thu Oct 10 12:09:38 GMT 2002


3a) Linux actually has 2 "firewalls" built in to the OS.  IPCHAINS, and
IPTABLES.  While I am not aware of a GUI front end to these similar to ZA,
there are some tools available to help facilitate the process.  Yes, they do
produce "pages" of cryptic logs - so does ZA.  Again, I suspect you should
be able to locate some utilities that make it easier to read them.  I use
IPTABLES along with an Intrusion Detection System called SNORT, and each day
I automatically run a script which takes the (cryptic) logs from SNORT and
turns them into an email report I can scan to see who is bugging me.  The
IPTABLES logs I simply forward to DShield (though there are some scripts
that pretty them up into a nice report, too.)  SNORT also has other add-ins,
including some GUI and web-based front-ends for real-time monitoring.

3b)  I do remember an anti-virus software with a GUI for Linux - If I
recall, it was RAV A/V, (http://www.ravantivirus.com) which has versions for
Windows and Linux both.  I actually prefer the command-line stuff myself, as
I can set it up to run automatically at a given time, and the computer will
do so.  While more malware has been written to Windows than Linux, this may
well change as Linux becomes more "mainstream" (at one time, most of the
virii were written against the Apple II and Mac - how many Apple virii do we
see today?)  As such, anti-virus is a good thing to have.  BTW, I also use
the SNORT software for that purpose (though it is NOT a full-featured A/V
solution.)

3c) The BEST way to defeat virii or other malware in emails is to avoid
using a Mail User Agent (like Netscape, or Outlook) which allows executable
code embedded in an email - even better, it should only support plain ASCII
text (no HTML).  A mail client like Mutt will show you the bad stuff, but
will not run it.  And, since it will not render HTML, you don't have to
worry about auto-executing malware inside of iframes.  Again, something like
SNORT will help out here, as well.

The bottom line, from my viewpoint, is that while the GUI-based stuff looks
really neat, and has all sorts of bells and whistles, if you want native-GUI
stuff, you probably have to go with Windows.  If you want to use Linux, you
will have to hunt around, and learn some more things about how it works.
One is not inherently better than the other, I just tend to prefer the
second approach myself.

Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: domo
To: list at dshield.org

[snip]

3/ THE BIG QUESTION


3a ) I am looking for a Firewall


A Soft with a human interface (not pages and pages of cryptic logs please)
that would be a Firewall.

I miss my Seagate (actually it did not see my Hacker) or Zone Alarm

3b) I am also looking for an anti virus soft that would look like Symantec
(interface and capabilities) not a Xterm cryptic scan manul for each
directory please.

3 c) I am looking for a protection for my E mails against malicious mails
any idea ?


This is it this is the only issue I see in Linux but I guess it is because I
do not know if such Soft exist

Warmest regards


Dominique




More information about the list mailing list