Hacker News new | past | comments | ask | show | jobs | submit login

OSS, the order said, “is almost free of virus. Hence loss of information, hacking, phishing can be prevented… there is no need to spend on expensive anti virus software.”

I disagree with that statement.




The general threat model for Linux systems is outdated installations with extant security holes, often remotely exploitable. This is in contrast with Windows in which a huge class of exploits are by way of content placed by users on their own systems, more often technically trojans than viruses.

This isn't to say that Linux is wholly immune to security exploits. It's not. But it's hugely more manageable and securable than Windows is, even in more recent versions. Which, though they've addressed much of the problem, still leave huge classes of vulnerabilities open.

The ability to configure minimal systems on Linux (principle of least privilege) with only the software and services required for functionality helps hugely in this.


To be honest, it is possible to configure windows (starting from XP) with a minimal set of enabled capabilities. The system policies mechanism is quite featurefull, and you lock a system down to minimal rights. It is also possible to deploy system patches and updates locally to a domain from the server (what they call a domain controller) comfigured to do so. In fact you can pretty much control any client associated to a domain relotely with the right access token.

Imho, the main issue is more in:

- setting up the right set of policies, it's a difficult task. On a unix system, the problem is probably easier to tackle because the first (simpler) layer of security implemented through the file system (linux for instance provides a more elaborated capability mechanism, many others unix also each have their own implementations of a policy/capability mechanism).

- letting end users having too much control on their computer, because often time they wish to install all sort of products on their own (this is especially true of developpers, but usually computer literates are more security minded than the lambda user). With web apps, this problem is nowadays shifted toward the browser, so maybe this problem isn't as much of an issue as it was 10 years ago for system wide policy enforcement (but as I said it is now one at the browser level).


I agree with you. Using OSS doesn't mean that you will have no software vulnerabilities, but when was the last time you heard a major news story about a Linux based virus?


The sad thing is, more widespread, high profile (eg government) deployment will likely increase the amount of those news stories. Until now attacking desktop Linux with viruses was simply not worth it.


Is there any evidence of credible/useful proprietary anti-virus software for Linux?


I don't know about credibility but I use clamav and it was able to detect a (windows?) virus on my USB stick when I plugged it in while running Linux and removed the virus as well. That was useful.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: