Linked by Thom Holwerda on Sun 22nd Oct 2006 22:56 UTC
"The talk lately has centred about Vista's security APIs, but Linux certainly needs improvements in this area, because AV vendors still rely on an external kernel module to implement 'real time' file scanning." The Inq also reviews AVG antivirus for Linux, and concludes it is a must-have
Thread beginning with comment 175207
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-08-11
the original thread was about how you didn't need security software on linux because it was OSS and had the benefit of "many eyeballs" I responded saying that there is too many people that you have to trust, including the repositories and CVS servers. I then posted the links to show that if the distro's servers can be hacked, then that chain of trust is broken. therefore, if you can't trust the distributer's of your flavour of linux, then you need security software.
"The point remains that, despite the odd hacking & break-in here & there of a development server, no-one has yet successfully managed to insert malware whatsoever into any open-source code repository. Not once, in about 15 years of Linux history to date."
No human has been to mars either, but that doesn't mean it won't happen sooner or later. they fact that you have to trust all these different organizations, people and machines is not so different from trusting closed source software providers, as most users can't read source.
"Compared this with the scene for Windows with literally billions of malware-infested Windows machines around the globe, and the point is perhaps underlined even more vividly for your consideration."
None of that code was injected in to Windows source code either, so what is your point? Windows needs AV software mostly because it's users are not geeks like us, and will do most anything, including opening attachements or clicking yes to a dialog, to get back to that Paris Hilton video they were watching. The other half of the coin is the fact that Windows users usually run as admin, and that lets the addmittedly insecure IE/OE combo run anything, if they didn't, most viruses would die in thier tracks, so your argument is moot. It's not malignant code in the source that you have to worry about, it's bad practices and stupidity.
Basically, OSS is distributed by humans, and humans make mistakes, and can be coereced. There is a story about how one of the original Unix developers put a backdoor into Unix, then hacked the compiler to detect when it was compiling Unix, and place the backdoor into the Unix code. The compiler was also hacked to detect when it was compiling itself, and to inject the backdoor code into the new compiler, thereby propogating the hack. I read this in the Jargon File back in the 90s. OSS has the ability to be just as untrustworthy as Windows, the only thing that protects it is the trustworthiness/competence of the devs.