Linux uncrackable...?
Fernando Cassia
fcassia at gmail.com
Mon Sep 3 08:04:28 UTC 2012
On Mon, Sep 3, 2012 at 3:33 AM, Tim <ignored_mailbox at yahoo.com.au> wrote:
> The thing is, that anti-virus is always after-the-fact. The damage has
> been done,
>
Huh? No. Most modern anti-virus apps (even for Linux) include "on-access"
scanning so that the file is identified as infected (by signature,
heuristics, whatever) BEFORE being loaded.
So the file is "quarrantined" (renamed or moved to a special folder,
usually) and cannot harm the system, as it´s never executed.
The drawback used to be that on-access scanning required use of the
´dazuko´ kernel module... which back in the 2.4 kernel days** meant lots of
hair pulling and which nowadays was last updated on early 2011 but looks
orphaned since 3/2011 and looking for a new maintainer as per notice on its
wiki*
No idea if newer Linux AVs are using other tricks for on-access file
scanning....
FC
* http://dazuko.dnsalias.org/wiki/index.php/Main_Page
** http://pages.citebite.com/y4w7g6v8looq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20120903/1d5b9d8a/attachment.html>
More information about the users
mailing list