just how much do i need an antivirus?

nucleus · #1 24th August 2005, 12:12 AM

i know there a viruses for linux, but do i really need to secure my computer like i used to do with windows? (ex MS user)
i have installed clamav, but the thing that worries me is that its an on-demand scanner, it doesnt scan my computer until i tell it to, which could be too late in case of a reall virus...
isnt there a constant AV software that will scan new files auto?

plus, i have installed firestarter and every few seconds (right after i connect to the internet) it sais that there has been an attack by a microsoft-ds,DCOM-scm,samba and eDonkey (which i dont use...)
i have been connected for 4/3 hours now and there have been 1808 serious inbond events, what is all this?

RedFedora · #2 24th August 2005, 01:36 AM

Well, the good news is the inbound events are being caught. So don't worry too much about
them. As long as the attacks are being blocked, you can probably safely ignore them. However,
you might want to make sure you aren't running any un-needed services.

As for whether you need anti-virus software, I don't think you will. Most viruses don't
infect Linux boxes. If it makes you feel better, you might want to run your AV software once
a day....maybe via cron in the middle of the night....or whenever you don't use the computer.

niko123456 · #3 24th August 2005, 01:34 PM

i think the idea is that if you run a mail server, you use a virus scanner to detect windows virus'.

Twey · #4 24th August 2005, 03:05 PM

Yes, the only time you really need to use a virus scanner is if you're handling untrusted Windows files - not to prevent damage to you, but to the recipient.

tomcat · #5 24th August 2005, 04:36 PM

Currently there are only four or five viruses for Linux out there and these cannot cause any serious trouble on your system. The security in Linux systems is much higher than in Windows as the kernel is separated from other applications, unlike Windows, where IE is an integral part of the kernel (this is the main reason why Windows is so insecure).

I have firestarter running and no virus scanner since ... well... some years now. No problems ever, even if my machines are connected to the net for several days.

If you want to make your system even safer, take a look at your system services and alter the amount of them that are running (If you do not need server apps or samba, then you can disable quite a lot of services). And if you are paranoid, then run your system with SELinux (but read the guide for it first

)

kg4cbk · #6 24th August 2005, 09:42 PM

Setup and run chkrootkit and rkhunter to run periodically via a cron job. Those two applications look for known rootkits which indicate someone has taken control of your system. Also install and configure tripwire. tripwire takes a snapshot of critical files on your system and then periodically compares the database it creates with what is on the system. Any differences are reported. tripwire is a good way to detect changed files which could indicate an intrusion.

Per the other responses, disable unused services and run iptables. If you have a cable or DSL connection I recommend you get one of the cheap hardware router/firewalls that are out there. Those are very simple and take little or no admin time and will do a fair job of blocking most hostile traffic. Use good passwords.

Selinux is good as yet another layer in your defense. Depending on what you are doing with your system selinux with the targeted policy should be almost transparent to your everyday usage.

And monitor your log files. If you have not done so redirect roots email to your regular email account so you get and read those messages.

w5set · #7 24th August 2005, 10:26 PM

Basically your complaint focuses on attacks from the Internet. This is a place for a firewall--not particularly antivirus stuff running. If your system is taken over--antivirus software won't help much--they just want control and not to trash the system. It's worth more as a zombie then a defunct system.
Run a good firewall and since you already have it i place, run the clamav software once in a while--just for peace of mind. Rkhunter/chkrootkit do not clean the system--merely report the bad news--usually the only remedy is a complete reinstall of the OS.
There are several good firewalls availible--but since yours is doing it's job--just fine tune it a little and just enjoy the Internet and don't sweat the stuff you have happening much--it's there for everyone in this day and age--unfortunately.....
Clam also integrates into most mail programs to scan incoming emails automatically--use it if you just want to see some of the Windows crud floating around.
There are several "addon" programs availible for ClamAV that just might do what you need--google it and read--the ClamAV site has several links for addon's, etc.

jp110 · #8 10th September 2005, 03:41 AM

I would never depend on just a firewall, antivirus programs are a must or "gotcha" now days. It sounds like you are running some services on your box that most hackers scan for, or you have other systems on your network and one of them is infected with spyware or some other trojan. I use F-prot for linux, and Symantec on my MS Boxes. I created a cron job to update and scan every morning. May sound like over kill, but it will save you in the long run.

imdeemvp · #9 10th September 2005, 05:23 AM

I've never been infected by ONE! The existing one's dont even cause a cough!

GarySaved · #10 11th September 2005, 01:44 PM

I just noticed something funny.
That anti-virus jp110 was talking about, f-prot, sounds pretty good.

One thing I have to admire, is it costs 29$ for Windows versions, but is free for Linux users!

I guess they figure Windows users are used to shelling out their hard earned money, and Linux users are not.

Go Figure ...

Gary