• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
OldSchool38

Security for windows 2000 enough?

40 posts in this topic

Yes, but it will scan for threats that affect Linux.

0

Share this post


Link to post
Share on other sites

Hello compatriot! AVG Free for Linux is detecting Linux viruses, not the Windows ones, you must use AVG Free for Windows to check your Windows partitions (by the way I also use AVG Free and I think it is a really good antivirus program).

Yes, but it will scan for threats that affect Linux.

Can you provide *any* documentation to support these statements? :unsure:

Last time I checked the intention of AVG (and most similar antivirus tools for Linux):

https://help.ubuntu.com/community/Antivirus

was to avoid that any "Windows" virus or malware was served through the Linux server.

jaclaz

0

Share this post


Link to post
Share on other sites

Oh, I don't know. It just seemed logical to me that an antivirus for Linux would check for linux viruses (there must be some of them too I suppose).

From the reffered page:

4.BitDefender Antivirus. Limited time trial version available apparently but only after filling in a form. BitDefender checks for Windows viruses. There is a community documentation page about it here.

It doesn't say something like that for AVG.

Edited by HarryTri
0

Share this post


Link to post
Share on other sites

It doesn't say something like that for AVG.

Logical fallacy detected. :ph34r:

You cannot bring up an omission (and particularly an omission by comparison) to support your theory.

The preamble on the given page states:

Why do I need anti-virus software?

Isn't Linux virus-free?

For the most part, Linux is engineered in a fashion that makes it hard for viruses to run (click here for more info). However, there are many reasons you might want a virus scanner on your Linux PC:

  • to scan a Windows drive in your PC
  • to scan a Windows-based network attached server or hard drive
  • to scan Windows machines over a network
  • to protect a Windows virtual machine from within the virtual machine
  • to scan files you are going to send to other people
  • to scan e-mail you are going to forward to other people
  • some Windows viruses can run with Wine.
  • Linux virus infections are theoretically possible.

I asked to provide some source to backup your (repeated) statements , not - in the absence of them - to attempt nitpicking on the source I provided in support of the opposite.

Oh, I don't know. It just seemed logical to me that an antivirus for Linux would check for linux viruses (there must be some of them too I suppose).

What is logical sometimes differs from reality. :yes:

(there must be some of them too I suppose).

See points #7 and #8 in the previous quote, and here:

http://www.howtogeek.com/135392/htg-explains-why-you-dont-need-an-antivirus-on-linux-and-when-you-do/

http://www.dedoimedo.com/computers/linux-security-anti-virus.html

jaclaz

Edited by jaclaz
0

Share this post


Link to post
Share on other sites

You cannot bring up an omission (and particularly an omission by comparison) to support your theory.

Yes, but this omission can be the sheer truth and the other stuff "political" nonesense. Anyway, I don't know...

The only thing that I know by common sense is that there isn't and won't ever be virus-proof OS and noone can persuade me for the opposite.

Edited by HarryTri
0

Share this post


Link to post
Share on other sites

I am not attempting to persuade you of the opposite at all :), I am simply telling you that Linux Antivirus are usually going to scan "files" including (actually mainly targeting) Windows viruses.

Their use is mainly to avoid that "infected files" pass through a Linux server.

If you prefer, the Linux Antivirus programs that you can find will all look for (and hopefully find) Windows viruses, another example, JFYI:

http://www.eset.com/us/home/products/nod32-for-linux/

Uniquely designed for Linux

No Operating System is completely safe. Even though the Linux platform may not have as many threats as other platforms and is targeted directly, it can still act as a malware carrier and cause serious damage to Windows-based systems in the network.

jaclaz

0

Share this post


Link to post
Share on other sites

Well, it may be so, perhaps you are right. Yet I would use an antivirus program for Windows to check a Windows partition, just to be sure.

0

Share this post


Link to post
Share on other sites

Well, it may be so, perhaps you are right. Yet I would use an antivirus program for Windows to check a Windows partition, just to be sure.

Perhaps? :unsure::w00t:

No one ever told that you should use a Linux system to scan a windows partition (though you can ), you stated (twice) that Linux antivirus only look for "linux viruses", you were shown how these statements were inaccurate.

jaclaz

0

Share this post


Link to post
Share on other sites

Allright, you are probably right, it's OK. :yes:

0

Share this post


Link to post
Share on other sites

As linux kernel doesn't support ntfs r/w by default, there are many different ntfs drivers that works quite fine for most of the tasks but i don't find very clever to mess with an ntfs partition from linux especially to find viruses that might sometime hide in alternate datastream.

Taken from lastest kernel source Kconfig file:

bool "NTFS write support"
depends on NTFS_FS
help
This enables the partial, but safe, write support in the NTFS driver.

The only supported operation is overwriting existing files, without
changing the file length. No file or directory creation, deletion or
renaming is possible. Note only non-resident files can be written to
so you may find that some very small files (<500 bytes or so) cannot
be written to.

While we cannot guarantee that it will not damage any data, we have
so far not received a single report where the driver would have
damaged someones data so we assume it is perfectly safe to use.

Note: While write support is safe in this version (a rewrite from
scratch of the NTFS support), it should be noted that the old NTFS
write support, included in Linux 2.5.10 and before (since 1997),
is not safe.

This is currently useful with TopologiLinux. TopologiLinux is run
on top of any DOS/Microsoft Windows system without partitioning your
hard disk. Unlike other Linux distributions TopologiLinux does not
need its own partition. For more information see
<http://topologi-linux.sourceforge.net/>

It is perfectly safe to say N here.

0

Share this post


Link to post
Share on other sites

 

As linux kernel doesn't support ntfs r/w by default, there are many different ntfs drivers that works quite fine for most of the tasks but i don't find very clever to mess with an ntfs partition from linux especially to find viruses that might sometime hide in alternate datastream.

Because the Linux NTFS drivers via FUSE that all the world senselessly uses since several years do not see Alternate Data Streams, right? :unsure:

http://www.tuxera.com/community/ntfs-3g-manual/

http://www.tuxera.com/community/ntfs-3g-manual/#5

http://www.tuxera.com/community/ntfs-3g-faq/

 

jaclaz

0

Share this post


Link to post
Share on other sites

I never said that. Ntfs-3g is the best choice right now to read/write files on a ntfs partition but i still wouldn't use it for AV scanning.

As any malware intend  to protect themselves from being cleaned, there is alway a chance that it could mess with the file system and/or any other thing (mbr/boot sector/bios/uefi), so i wouldn't push the luck as to try cleaning it from another OS unless i don't have any other choice. That's all i wanted to say.

0

Share this post


Link to post
Share on other sites

Well, it may be so, perhaps you are right. Yet I would use an antivirus program for Windows to check a Windows partition, just to be sure.

While not being specific with antivirus, is better to do scans from linux because there is a chance that viruses get hidden for antivirus for windows.

 

I'm going to talk about kaspersky because i have used sometime ago. When it runs installed in windows environment, you can do a live CD/DVD (from the installed kaspersky) to scan your computer in case that "kaspersky for windows" didn't found anything or windows got scr**ed by some kind of virus. Well, this "live CD" runs only in Linux, if you try, you'll notice when it starts loading linux modules.

 

So, as you stated "an antivirus for Linux would check for linux viruses", is not right and the best option to check for virus in windows, is from Linux because the virus can't hide or protect itself in any running process (sometimes these virus are running its own modules as a service to protect itself from antivirus, can't remember a name to tell but there are many of them acting like that).

0

Share this post


Link to post
Share on other sites

I never said that. Ntfs-3g is the best choice right now to read/write files on a ntfs partition but i still wouldn't use it for AV scanning.

As any malware intend  to protect themselves from being cleaned, there is alway a chance that it could mess with the file system and/or any other thing (mbr/boot sector/bios/uefi), so i wouldn't push the luck as to try cleaning it from another OS unless i don't have any other choice. That's all i wanted to say.

Well, yes and no, IMHO.

 

Meaning yes :yes:, it is logical (and practical) to use "native" tools to do "native" work, but no :no:,  in some cases it is needed to use an "alien" tool.

I will even go further, affirming that when you access a NTFS (or more generally *any* filesystem) with "external" tools you usually have the possibilities to access things/parts that would be otherwise inaccessible. (this is more about filesystem/files recovery than actual antivirus)

 

To "clean" an infected system, the "common" and "logical" (and easier) choice is to run a "full scan" from the antivirus installed on the actual system, but you will have a number of things "running in the background" that may prevent you from completely cleaning/repairing it.

The next "common" and "logical" thing would be to scan the disk from a PE of some kind, that already gives an added degree of freedom.

Still, the possibility to do a scan from a "completely alien" OS guarantees that *nothing* on th einfected machine can be executed, not even by chance or by mistake.

I do agree that it is not the "first" thing to do as the other two mentioned ways will work in - say - 98.34% of case - but still it is something that should not be considered as "last chance", but rather like a concrete possibility.

 

jaclaz

0

Share this post


Link to post
Share on other sites
To "clean" an infected system, the "common" and "logical" (and easier) choice is to run a "full scan" from the antivirus installed on the actual system, but you will have a number of things "running in the background" that may prevent you from completely cleaning/repairing it.

The next "common" and "logical" thing would be to scan the disk from a PE of some kind, that already gives an added degree of freedom.

Still, the possibility to do a scan from a "completely alien" OS guarantees that *nothing* on th einfected machine can be executed, not even by chance or by mistake.

I do agree that it is not the "first" thing to do as the other two mentioned ways will work in - say - 98.34% of case - but still it is something that should not be considered as "last chance", but rather like a concrete possibility.

jaclaz

I agree on the order but remember that windows features (like sfc) might be usefull in somecase (of course, most people here don't use it and prefer to even disable it to be able use custom system files).

There is an example of a dangerous usage of a linux AV (of course as it is an example, it happens after a human error):

- the linux antivirus detect a critical windows boot file as a virus (commonly called false positive) and remove or quarantine it.

- your windows won't boot anymore.

- In that case a windows antivirus might not have been able to remove it and/or an event should be logged in the eventlog and in the event it would have been removed an sfc /scannow might solve the problem when you get the removal notification.

So as usual, if you're knowledgeable enough (and have the time), you don't really need an antivirus (either on linux or on windows). But if you want simple way of protecting your computer, a windows antivirus will be a lot easier to handle.

Also, i know very few people that would be able to handle linux and master windows filesystem properly (that isn't a proof or anything in itself).

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.