Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Australia Desktops (Apple) Education Government OS X Security Apple IT Linux

Tasmanian Dept. of Education Wants Anti-Virus for Linux, OS X 396

Posted by timothy from the belt-and-suspenders-and-pants-full-of-glue dept.
An anonymous reader writes "One of Australia's largest government technology buyers, the Tasmanian Department of Education, has gone to market for a security vendor to supply anti-virus software for its 40,000-odd desktop PCs and laptops, as well as servers. But the department's not just running Windows — it runs Mac OS X and Linux as well, and has requested that whatever solution it buys must be able to run on those platforms as well. But have we reached the stage were Mac OS X and Linux even need third-party security software? It seems like most Mac and Linux users don't run it."
This discussion has been archived. No new comments can be posted.

Tasmanian Dept. of Education Wants Anti-Virus for Linux, OS X More

Tasmanian Dept. of Education Wants Anti-Virus for Linux, OS X

Comments Filter:

  • Re:Passing on Viruses (Score:2, Interesting)

    by willy_me ( 212994 ) on Monday May 02, 2011 @06:05AM (#35998090)
    I have also used ClamAV - but it is horrible for finding most viruses. It is probably great for scanning email but it simply is not reliable enough for detecting viruses in downloaded files. I use Windows in a VM and have found numerous occasions when ClamAV would not detect a virus (scanned by the host machine). Scanning the file with most other free Windows anti-virus products results in the virus being found. So while I would love it if ClamAV did the job, it just doesn't.

  • Re:Passing on Viruses (Score:5, Interesting)

    by mjwx ( 966435 ) on Monday May 02, 2011 @06:47AM (#35998288)

    A computer can still pass on a virus even if it cannot directly infect you. It might not be your responsibility but will a child know this? If he forwards an attachment unwittingly or something?

    Linux users and Mac users could accidentally infect a Windows user.

    In my experience, Mac users are even more irresponsible then clueless Windows users. They think they are magically protected, which means they will ignore obvious signs of infection till the very end.

    As we all know, malware is less about doing damage and more about making money these days. Keyloggers, trojans and spambots exist for OSX these days (as well as Linux) but they focus on staying hidden as their job is to make money, not make people annoyed which means they need to stay where they are to collect CC numbers or send spam.

    Linux users should not have a problem with AV. Even if they are smart enough not to need it. Linux users already think with a security focused mind, as an effect using Linux in lieu of a AV client is laziness on our part (granted, we can recognise an infected machine, so we can afford a bit of laziness).

    To use a Zombie virus analogy, Windows users are the ones running about in a mad panic as the Zombie hoard approaches, blocking highways and running to get away. Mac users walk towards them saying, "Zombies dont exist on Mac, I could never get infected". Linux users fled to the hills six months ago with as much fuel, food and porn as they could carry.

  • worms and spam bots (Score:5, Interesting)

    by mathfeel ( 937008 ) on Monday May 02, 2011 @07:17AM (#35998420)
    I was embarrassed recently when the IT department claim a Linux computer in my office was taken over by the Rustock BOT. After checking the ssh log, I realized it was a coworker who uses it for code repository and SOCK5 Proxy as he works abroad from China. He has a compromised Windows machine. To the best of my knowledge, AV doesn't really catch these stuff which are more and more common now a day. Anyone has recommendations?

  • Re:Last Resort (Score:5, Interesting)

    by fuzzyfuzzyfungus ( 1223518 ) on Monday May 02, 2011 @07:53AM (#35998642) Journal

    Anti-virus is a security last resort. If you've already downloaded or executed malware, then anti-virus might prevent it from running, or might be able to remove it if it already has. But it can't detect everything. It can only detect common malware. Linux doesn't have any common malware, and I'm not sure about Mac. There is clamav, but that's mostly detecting Windows viruses across platforms.

    One additional advantage(in institutional setups, home users are screwed) is that the presence of AV requires the designers of viruses to make a choice: Either you attempt to lay low, and take the risk that a future update of the AV package will detect your virus, or you go all cyber-AIDS on the system and attempt to throw a spanner in the AV system or its update mechanism. In the latter case, the client generally stops responding to the AV management server, which throws up a major red flag. At that point, you either pull the system aside for a more detailed chat, or nuke it, depending on your priorities.

    It's like trying to scare off ninjas by deploying mall cops. The mall cops are hopelessly outmatched; but they will, on occasion, stumble across a ninja, which forces the ninjas to either passively risk detection or actively start killing the mall cops, which alerts you to their presence.

  • Re:Last Resort (Score:4, Interesting)

    by SanityInAnarchy ( 655584 ) <ninja@slaphack.com> on Monday May 02, 2011 @10:45AM (#36000198) Journal

    It's like trying to scare off ninjas by deploying mall cops. The mall cops are hopelessly outmatched; but they will, on occasion, stumble across a ninja, which forces the ninjas to either passively risk detection or actively start killing the mall cops, which alerts you to their presence.

    That is a beautiful analogy, and you deserve a +5 for that alone.

    Still...

    Wouldn't a ninja be able to take the mall cops out one at a time, hide the body, steal the uniform, and pretend to be a mall cop, thus avoiding alerting anyone to their presence? That seems like the obvious solution -- completely take over the AV system, continue receiving updates, but rather than implement them, send them back to your botnet's command-and-control so the botnet operator can stay one step ahead.

  • Of course you should... (Score:1, Interesting)

    by ShadowFoxx ( 2015582 ) on Monday May 02, 2011 @11:58AM (#36000962)
    As a system admin and Information Assurance officer I myself run windows, linux ( virtualized) , and OS X. I use 3rd party malware detection on all 3 systems that are signature based. They are very much needed. It's silly for average users to think that just because they are running OSX which is a less targeted operating system that they aren't targeted. In fact... safari the OSX default browser ( which I like just because it's GUI is intutive to me) is probably the least secure of all the major web browsers ( if you look at the stats at each pwn to own competetion it gets busted the fastest). There are known OSX exploits and many of the same things apply. Man in the middle attacks, SQL injections, sneak ack attacks, all forms of malware... still apply. Just because you are using a specific operating system don't get lulled into a false sense of security.

Slashdot Top Deals

Those who can, do; those who can't, write. Those who can't write work for the Bell Labs Record.

Close