Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Security for windows 2000 enough?

- - - - -

  • Please log in to reply
39 replies to this topic

#26
HarryTri

HarryTri

    Member

  • Member
  • PipPip
  • 187 posts
  • OS:Windows 8 x64
  • Country: Country Flag

Yes, but it will scan for threats that affect Linux.


I always love Windows XP!



How to remove advertisement from MSFN

#27
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,266 posts
  • OS:none specified
  • Country: Country Flag

Hello compatriot! AVG Free for Linux is detecting Linux viruses, not the Windows ones, you must use AVG Free for Windows to check your Windows partitions (by the way I also use AVG Free and I think it is a really good antivirus program).

 

Yes, but it will scan for threats that affect Linux.

Can you provide *any* documentation to support these statements? :unsure:
 

Last time I checked the intention of AVG (and most similar antivirus tools for Linux):

https://help.ubuntu....unity/Antivirus

was to avoid that any "Windows" virus or malware was served through the Linux server.

jaclaz



#28
HarryTri

HarryTri

    Member

  • Member
  • PipPip
  • 187 posts
  • OS:Windows 8 x64
  • Country: Country Flag

Oh, I don't know. It just seemed logical to me that an antivirus for Linux would check for linux viruses (there must be some of them too I suppose).

 

From the reffered page:

 

 

4.BitDefender Antivirus. Limited time trial version available apparently but only after filling in a form. BitDefender checks for Windows viruses. There is a community documentation page about it here.

 

It doesn't say something like that for AVG.


Edited by HarryTri, 14 August 2013 - 02:35 PM.

I always love Windows XP!


#29
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,266 posts
  • OS:none specified
  • Country: Country Flag

It doesn't say something like that for AVG.

Logical fallacy detected. :ph34r:
You cannot bring up an omission (and particularly an omission by comparison) to support your theory.

The preamble on the given page states:

Why do I need anti-virus software?

Isn't Linux virus-free?

For the most part, Linux is engineered in a fashion that makes it hard for viruses to run (click here for more info). However, there are many reasons you might want a virus scanner on your Linux PC:

  • to scan a Windows drive in your PC
  • to scan a Windows-based network attached server or hard drive
  • to scan Windows machines over a network
  • to protect a Windows virtual machine from within the virtual machine
  • to scan files you are going to send to other people
  • to scan e-mail you are going to forward to other people
  • some Windows viruses can run with Wine.
  • Linux virus infections are theoretically possible.
 
I asked to provide some source to backup your (repeated) statements , not - in the absence of them - to attempt  nitpicking on the source I provided in support of the opposite. 
 

Oh, I don't know. It just seemed logical to me that an antivirus for Linux would check for linux viruses (there must be some of them too I suppose).

What is logical sometimes differs from reality. :yes:
 

(there must be some of them too I suppose).

See points #7 and #8 in the previous quote, and here:
http://www.howtogeek...nd-when-you-do/
 http://www.dedoimedo...anti-virus.html

jaclaz

Edited by jaclaz, 14 August 2013 - 04:45 PM.


#30
HarryTri

HarryTri

    Member

  • Member
  • PipPip
  • 187 posts
  • OS:Windows 8 x64
  • Country: Country Flag

You cannot bring up an omission (and particularly an omission by comparison) to support your theory.

 

 

Yes, but this omission can be the sheer truth and the other stuff "political" nonesense. Anyway, I don't know...

 

The only thing that I know by common sense is that there isn't and won't ever be virus-proof OS and noone can persuade me for the opposite.


Edited by HarryTri, 15 August 2013 - 02:42 PM.

I always love Windows XP!


#31
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,266 posts
  • OS:none specified
  • Country: Country Flag
I am not attempting to persuade you of the opposite at all :), I am simply telling you that Linux Antivirus are usually going to scan "files" including (actually mainly targeting) Windows viruses.
Their use is mainly to avoid that "infected files" pass through a Linux server.
If you prefer, the Linux Antivirus programs that you can find will all look for (and hopefully find) Windows viruses, another example, JFYI:
http://www.eset.com/...od32-for-linux/
 

Uniquely designed for Linux

No Operating System is completely safe. Even though the Linux platform may not have as many threats as other platforms and is targeted directly, it can still act as a malware carrier and cause serious damage to Windows-based systems in the network.


jaclaz

#32
HarryTri

HarryTri

    Member

  • Member
  • PipPip
  • 187 posts
  • OS:Windows 8 x64
  • Country: Country Flag

Well, it may be so, perhaps you are right. Yet I would use an antivirus program for Windows to check a Windows partition, just to be sure.


I always love Windows XP!


#33
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,266 posts
  • OS:none specified
  • Country: Country Flag

Well, it may be so, perhaps you are right. Yet I would use an antivirus program for Windows to check a Windows partition, just to be sure.

 
 
Perhaps? :unsure: :w00t:
 
No one ever told that you should use a Linux system to scan a windows partition (though you can ), you stated (twice) that Linux antivirus only look for "linux viruses", you were shown how these statements were inaccurate.
 
jaclaz

#34
HarryTri

HarryTri

    Member

  • Member
  • PipPip
  • 187 posts
  • OS:Windows 8 x64
  • Country: Country Flag

Allright, you are probably right, it's OK. :yes:


I always love Windows XP!


#35
allen2

allen2

    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,812 posts

As linux kernel doesn't support ntfs r/w by default, there are many different ntfs drivers that works quite fine for most of the tasks but i don't find very clever to mess with an ntfs partition from linux especially to find viruses that might sometime hide in alternate datastream.

Taken from lastest kernel source Kconfig file:

 

bool "NTFS write support"
depends on NTFS_FS
help
   This enables the partial, but safe, write support in the NTFS driver.

   The only supported operation is overwriting existing files, without
   changing the file length.  No file or directory creation, deletion or
   renaming is possible.  Note only non-resident files can be written to
   so you may find that some very small files (<500 bytes or so) cannot
   be written to.

   While we cannot guarantee that it will not damage any data, we have
   so far not received a single report where the driver would have
   damaged someones data so we assume it is perfectly safe to use.

   Note:  While write support is safe in this version (a rewrite from
   scratch of the NTFS support), it should be noted that the old NTFS
   write support, included in Linux 2.5.10 and before (since 1997),
   is not safe.

   This is currently useful with TopologiLinux.  TopologiLinux is run
   on top of any DOS/Microsoft Windows system without partitioning your
   hard disk.  Unlike other Linux distributions TopologiLinux does not
   need its own partition.  For more information see
   <http://topologi-linux.sourceforge.net/>

   It is perfectly safe to say N here.



#36
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,266 posts
  • OS:none specified
  • Country: Country Flag

 

As linux kernel doesn't support ntfs r/w by default, there are many different ntfs drivers that works quite fine for most of the tasks but i don't find very clever to mess with an ntfs partition from linux especially to find viruses that might sometime hide in alternate datastream.

Because the Linux NTFS drivers via FUSE that all the world senselessly uses since several years do not see Alternate Data Streams, right? :unsure:

http://www.tuxera.co...ntfs-3g-manual/

http://www.tuxera.co...fs-3g-manual/#5

http://www.tuxera.co...ty/ntfs-3g-faq/

 

jaclaz



#37
allen2

allen2

    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,812 posts

I never said that. Ntfs-3g is the best choice right now to read/write files on a ntfs partition but i still wouldn't use it for AV scanning.

As any malware intend  to protect themselves from being cleaned, there is alway a chance that it could mess with the file system and/or any other thing (mbr/boot sector/bios/uefi), so i wouldn't push the luck as to try cleaning it from another OS unless i don't have any other choice. That's all i wanted to say.



#38
Maxfutur

Maxfutur

    Member

  • Member
  • PipPip
  • 232 posts
  • OS:none specified
  • Country: Country Flag

Well, it may be so, perhaps you are right. Yet I would use an antivirus program for Windows to check a Windows partition, just to be sure.

While not being specific with antivirus, is better to do scans from linux because there is a chance that viruses get hidden for antivirus for windows.

 

I'm going to talk about kaspersky because i have used sometime ago. When it runs installed in windows environment, you can do a live CD/DVD (from the installed kaspersky) to scan your computer in case that "kaspersky for windows" didn't found anything or windows got scr**ed by some kind of virus. Well, this "live CD" runs only in Linux, if you try, you'll notice when it starts loading linux modules.

 

So, as you stated "an antivirus for Linux would check for linux viruses", is not right and the best option to check for virus in windows, is from Linux because the virus can't hide or protect itself in any running process (sometimes these virus are running its own modules as a service to protect itself from antivirus, can't remember a name to tell but there are many of them acting like that).


Mozilla Firefox http://www.getfirefox.com the best web browser i've used.

#39
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,266 posts
  • OS:none specified
  • Country: Country Flag

I never said that. Ntfs-3g is the best choice right now to read/write files on a ntfs partition but i still wouldn't use it for AV scanning.

As any malware intend  to protect themselves from being cleaned, there is alway a chance that it could mess with the file system and/or any other thing (mbr/boot sector/bios/uefi), so i wouldn't push the luck as to try cleaning it from another OS unless i don't have any other choice. That's all i wanted to say.

Well, yes and no, IMHO.

 

Meaning yes :yes:, it is logical (and practical) to use "native" tools to do "native" work, but no :no:,  in some cases it is needed to use an "alien" tool.

I will even go further, affirming that when you access a NTFS (or more generally *any* filesystem) with "external" tools you usually have the possibilities to access things/parts that would be otherwise inaccessible. (this is more about filesystem/files recovery than actual antivirus)

 

To "clean" an infected system, the "common" and "logical" (and easier) choice is to run a "full scan" from the antivirus installed on the actual system, but you will have a number of things "running in the background" that may prevent you from completely cleaning/repairing it.

The next "common" and "logical" thing would be to scan the disk from a PE of some kind, that already gives an added degree of freedom.

Still, the possibility to do a scan from a "completely alien" OS guarantees that *nothing* on th einfected machine can be executed, not even by chance or by mistake.

I do agree that it is not the "first" thing to do as the other two mentioned ways will work in - say - 98.34% of case - but still it is something that should not be considered as "last chance", but rather like a concrete possibility.

 

jaclaz



#40
allen2

allen2

    Not really Newbie

  • Member
  • PipPipPipPipPipPipPip
  • 1,812 posts
To "clean" an infected system, the "common" and "logical" (and easier) choice is to run a "full scan" from the antivirus installed on the actual system, but you will have a number of things "running in the background" that may prevent you from completely cleaning/repairing it.

The next "common" and "logical" thing would be to scan the disk from a PE of some kind, that already gives an added degree of freedom.

Still, the possibility to do a scan from a "completely alien" OS guarantees that *nothing* on th einfected machine can be executed, not even by chance or by mistake.

I do agree that it is not the "first" thing to do as the other two mentioned ways will work in - say - 98.34% of case - but still it is something that should not be considered as "last chance", but rather like a concrete possibility.

 

jaclaz

 

I agree on the order but remember that windows features (like sfc) might be usefull in somecase (of course, most people here don't use it and prefer to even disable it to be able use custom system files).

There is an example of a dangerous usage of a linux AV (of course as it is an example, it happens after a human error):

- the linux antivirus detect a critical windows boot file as a virus (commonly called false positive) and remove or quarantine it.

- your windows won't boot anymore.

- In that case a windows antivirus might not have been able to remove it and/or an event should be logged in the eventlog and in the event it would have been removed an sfc /scannow might solve the problem when you get the removal notification.

 

So as usual, if you're knowledgeable enough (and have the time), you don't really need an antivirus (either on linux or on windows). But if you want simple way of protecting your computer, a windows antivirus will be a lot easier to handle.

Also, i know very few people that would be able to handle linux and master windows filesystem properly (that isn't a proof or anything in itself).






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN