No need for AV tools on Linux, eh?
Bruno Wolff III
bruno at wolff.to
Sat Feb 12 02:24:27 UTC 2011
On Fri, Feb 11, 2011 at 23:57:44 +0000,
Sam Sharpe <lists.redhat at samsharpe.net> wrote:
>
> Installing AV once you have been notified about a real, working linux
> virus is not an effective countermeasure. The problem could have been
> in the wild for hours/days/weeks by that point and you could already
> be compromised. AV vendors, including the free ones are generally
> ahead of you in the game, even if they are still behind the attackers.
Blacklisting is not the proper way to do this. It is always behind and wastes
enornmus amounts of resources. Better approaches are sandboxing (which is
being actively worked on for linux) and more serious attention being paid
to secure design in the first place (unfortunately not enough is going on
there).
More information about the users
mailing list