[Dshield] Linux A/V Recommendation?

Leone, Michael michael_leone at merck.com
Tue Aug 19 20:14:41 GMT 2003


Hrm.....There were a few others way before Ramen, check back late 96'. Of
course I might be overgeneralizing. -shrug- Just as well, check for
exploits, not saying Slack and BSD didn't have a lot more than their fair
share, but it does seem that they would be used on a Red Hat machine before
it was even found to work on any others. Of course Patching makes a big
difference, but the norm is usually people installing Red Hat and not
bothering (or not knowing how) to patch.

-----Original Message-----
From: Kenton Smith [mailto:ksmith at chartwelltechnology.com] 
Sent: Tuesday, August 19, 2003 3:12 PM
To: General DShield Discussion List
Subject: RE: [Dshield] Linux A/V Recommendation?


Isn't this a little like saying to a Windows user that they should have
been running ME because that way they could have avoided the Blaster
worm?
I did a little (not much) research before replying, and the only Redhat
specific virus/worm I could find was Ramen. That worm had the code to
infect FreeBSD and Suse machines, but it wasn't turned on.
You're also assuming that the Redhat user is going to install everything
and not patch, as the patch to prevent infection by this worm was
available 3 months prior to the discovery of the worm.
Maybe I'm out to lunch here, but this doesn't seem like enough of a
threat to dump my Redhat distro for Slack or BSD.

On Tue, 2003-08-19 at 12:38, Leone, Michael wrote:
> <immense snippage>

>  Mainly due to paths, but sometimes functions also
> differ. Which leads me to my point, that since Red hat is so popular, that
> some viruses are written almost exclusively for it, hence rendering Red
Hat
> the most prone.
> 
<end of immense snippage>

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

------------------------------------------------------------------------------
Notice:  This e-mail message, together with any attachments, contains
information of Merck & Co., Inc. (Whitehouse Station, New Jersey, USA), and/or
its affiliates (which may be known outside the United States as Merck Frosst,
Merck Sharp & Dohme or MSD) that may be confidential, proprietary copyrighted
and/or legally privileged, and is intended solely for the use of the
individual or entity named on this message.  If you are not the intended
recipient, and have received this message in error, please immediately return
this by e-mail and then delete it.
------------------------------------------------------------------------------




More information about the list mailing list