Alan McKinnon wrote:
On Saturday 10 May 2008, 7v5w7go9ub0o wrote:
But I sure acknowledge the majority opinion - almost ALL Linux users,
and many Windows users as well, choose not to run real-time
AntiMalware scanners.
I do this, and I do it for a perfectly obvious reason:
Your suggestion "protects" me from a problem that does not exist.
I can't for the life of me imagine why I would ever do such a thing.
Geezzzzee.... I'm suddenly besieged!!! :-)
What is missing in this conversation is specific context; i.e. what are
the various "threat models" which are the basis for why/what we do in
security-oriented things. Clearly you've analyzed your situation and
determined that you don't need it.
- I happen to mostly use a laptop on public wifi; using
"non-OS-specific" tools such as: Firefox browser and thunderbird mail
client (each with lots of "extensions" - third-party, unregulated, tools
that enhance the operation of the browser/mail client. These extensions
have been found to contain Trojans in the past.
- I often install software directly from the author - or what I presume
is the author's webpage; from what I hope is an uncompromised library.
- I stream both via the browser and directly, a full range of media content.
Seems to me that each of these areas represent a small possibility for
mischief, especially in the case of "extensions"; e.g. everytime I
invoke "check for updated plugins", I run the risk of something I don't
want (e.g. password sniffer) from a compromised distribution, or spoofed
location. An updated heuristic or signature may review that one of the
extensions I installed last week came with what is now a recognized bug.
You've indicated that the problem doesn't exist - true 'nuff for you.
But IMHO -a- problem/potential for trouble does exist for me, and I've -
perhaps unnecessarily - assumed the overhead and complexity of scanning
what I perceive as the "problem" areas in the way I use this box.
I don't run anti-malware on all activity within the box; just on the
browser, lftp, media, and mail client jails, the download and work areas
for portage (and where I compile non-portage software), and the
/home/TaxAct area where I run WINE (using a dedicated, unprivileged
taxact:taxact user:group).
Reviewing my original response, it may seem that I was promoting
real-time Anti-Malware for the masses. No - I definitely do not. Though
I do think that people should, as a rule, review and create a "threat
model" for their setup andhow they do business; and after doing so,
consider AntiVir/Dazuko a potentially useful, possibly cost-effective
addition.
But we can certainly agree to disagree on the potential usefulness of
this tool in my situation. :-)
Tony was not determining "if", but rather, "which" anti-malware. What
really happened is that I'm trying to express the basis for my
enthusiasm about this particular, versatile Windows-and-Linux
anti-malware product to Tony - in response to his original question:
"best" Anti Virus.
--
gentoo-user@lists.gentoo.org mailing list
