Tasmanian Dept. of Education Wants Anti-Virus for Linux, OS X 396
An anonymous reader writes "One of Australia's largest government technology buyers, the Tasmanian Department of Education, has gone to market for a security vendor to supply anti-virus software for its 40,000-odd desktop PCs and laptops, as well as servers. But the department's not just running Windows — it runs Mac OS X and Linux as well, and has requested that whatever solution it buys must be able to run on those platforms as well. But have we reached the stage were Mac OS X and Linux even need third-party security software? It seems like most Mac and Linux users don't run it."
Re:Passing on Viruses (Score:2, Interesting)
Re:Passing on Viruses (Score:5, Interesting)
A computer can still pass on a virus even if it cannot directly infect you. It might not be your responsibility but will a child know this? If he forwards an attachment unwittingly or something?
Linux users and Mac users could accidentally infect a Windows user.
In my experience, Mac users are even more irresponsible then clueless Windows users. They think they are magically protected, which means they will ignore obvious signs of infection till the very end.
As we all know, malware is less about doing damage and more about making money these days. Keyloggers, trojans and spambots exist for OSX these days (as well as Linux) but they focus on staying hidden as their job is to make money, not make people annoyed which means they need to stay where they are to collect CC numbers or send spam.
Linux users should not have a problem with AV. Even if they are smart enough not to need it. Linux users already think with a security focused mind, as an effect using Linux in lieu of a AV client is laziness on our part (granted, we can recognise an infected machine, so we can afford a bit of laziness).
To use a Zombie virus analogy, Windows users are the ones running about in a mad panic as the Zombie hoard approaches, blocking highways and running to get away. Mac users walk towards them saying, "Zombies dont exist on Mac, I could never get infected". Linux users fled to the hills six months ago with as much fuel, food and porn as they could carry.
worms and spam bots (Score:5, Interesting)
Re:Last Resort (Score:5, Interesting)
Anti-virus is a security last resort. If you've already downloaded or executed malware, then anti-virus might prevent it from running, or might be able to remove it if it already has. But it can't detect everything. It can only detect common malware. Linux doesn't have any common malware, and I'm not sure about Mac. There is clamav, but that's mostly detecting Windows viruses across platforms.
One additional advantage(in institutional setups, home users are screwed) is that the presence of AV requires the designers of viruses to make a choice: Either you attempt to lay low, and take the risk that a future update of the AV package will detect your virus, or you go all cyber-AIDS on the system and attempt to throw a spanner in the AV system or its update mechanism. In the latter case, the client generally stops responding to the AV management server, which throws up a major red flag. At that point, you either pull the system aside for a more detailed chat, or nuke it, depending on your priorities.
It's like trying to scare off ninjas by deploying mall cops. The mall cops are hopelessly outmatched; but they will, on occasion, stumble across a ninja, which forces the ninjas to either passively risk detection or actively start killing the mall cops, which alerts you to their presence.
Re:Last Resort (Score:4, Interesting)
It's like trying to scare off ninjas by deploying mall cops. The mall cops are hopelessly outmatched; but they will, on occasion, stumble across a ninja, which forces the ninjas to either passively risk detection or actively start killing the mall cops, which alerts you to their presence.
That is a beautiful analogy, and you deserve a +5 for that alone.
Still...
Wouldn't a ninja be able to take the mall cops out one at a time, hide the body, steal the uniform, and pretend to be a mall cop, thus avoiding alerting anyone to their presence? That seems like the obvious solution -- completely take over the AV system, continue receiving updates, but rather than implement them, send them back to your botnet's command-and-control so the botnet operator can stay one step ahead.
Of course you should... (Score:1, Interesting)