| > What is the difference between a worm and virus or trojans?
They are all malicious programs, but what is different is how they spread.
Trojan - Like the story
of the trojan horse; You purposely install a program onto your
computer, say some email client. But what if the email client itself
chose to contact the author whenever you ran it, and allow him to gain
access to your computer? That is a trojan. You put it there, because
you trusted it and thought it was legitimate, but it wasn't.
Virus - These are
malicious programs you didn't ask for; they find their own way onto
your computer. They can often attach themselves to many different
kinds of programs, or come in word documents, etc. The key here is
that the program that you purposely downloaded was not the culprit; the
virus is a stowaway.
Worm - this pretty much
refers to a program that can 'hack into' machines; ie, you didn't
invite it in any way whatsoever. You just happen to be running a
vulnerable mail/dhcp/other server that listens to internet traffic.
Worms actively search for and expliot systems on the net. Like an
automated script kiddie hacker, it "knows" how to break into a few
types of systems and just does it.
So let's look at how these are addressed in the world of linux:
Trojans: Peer review
helps people pick apps that are legit; it is generally accepted that
evolution is a 'safe' email client (no wisecracks please
). However, it is still possible to get a copy of evolution that was
hacked by someone other than the author; what if someone cracked the
ftp server you downloaded it from? Every so often you hear about this.
How to defend against this? The smart way is to use md5 checksums from
one site, and download your email client from another. Not sure if
anyone is actually doing this; but I have noticed that distros like
gentoo perform md5 checksums on software before it is installed.
Virus: These just don't
seem to happen in the wild on linux, and the reason why is hard to
explain in detail. My best explanation (and I am certainly not an
expert on virii) is that the inherent security at many levels in a
linux system, which is always ON BY DEFAULT. As so many have pointed
out, the majority of the system is read only to any program that
doesn't know the root password. Period. But there are other reasons;
as many as there are viruses. I don't want to make this into a novel,
so I'll just punt and hand you my opinion, which you can take or leave:
I think the jury is still out on whether virii will ever be a serious
problem in linux. But right now it certainly isn't.
Worms/hackers: This is a
more realistic problem for unix, and something that everyone with a
linux machine connected to the internet should be concerned with. I
lumped worms together with hackers because they are really the same
thing, especially if you consider script kiddies. The solution to this
is: keep up to date with security enhcements on all your internet
daemons. If your software is impenetrable by the exploits these
worms/kiddies employ, then they will simply skip to another machine.
matt y: Couldn't have
said it better myself. Penguin: You often see email accounts being
offered with virus protection. These systems are usually unix based,
and they filter the MS based virii out of email as it passes through
the system. I can (and have in fact) copy a windows virus onto my
linux hard drive; outside windows it is helpless.
After a quick check of Vexira, it appears to be this sort of scanner.
> The question is , is it required to provide antivirus software with the desktop or
> not?
Not at this time. But keep an eye on this; if the situation changes, you will find out about it.
As I said above, the #1
thing you should worry about is hackers/worms. There is plenty of
information out there about how to secure a linux machine; it usually
consists of these rules:
- Don't run any services
you don't need; ie don't put web servers on every corporate desktop if
they aren't going to use them. Nmap will tell you what a system is
running.
- If you must run internet daemons (services), run the stable software and keep them up to date with the latest bug fixes.
- For that matter, keep the entire system up to date with the latest bug fixes.
And when I say 'latest
bug fixes' here, I mean something specific. Take RedHat for example.
I absolutely would not run a production system on RH8.0 or RH9.0, ever.
Instead, look at RH7.3; it is currently the 'stable' release from
redhat. It doesn't change, the software is well tested in the field,
and has gone through several incarnations. The automatic updater
(up2date) will fetch the bug fixes and security updates automatically.
If RH releases a 9.1,
then a 9.2, I would then consider upgrading to 9.2 (hypothetically).
Because there are few if any major changes from 9.0 to 9.1 to 9.2;
instead, it is just polish, bug fixes and security enhancements.
Most linux distros have
the concept of a 'stable' branch vs a 'testing'; in debian they
actually call it that. In RH, you have to understand their version
numbering. |