Real time defenses while online

mehmeh12

Hi

Im using firefox online with web of trust and linkextender but these do not provide real time scans like avg linkscanner or maccaffee siteadvisor. Do the paid versions of linux antivirus products do this?

dioltas

AVG do a linux version of their scanner. Don't know if it would integrate with firefox or not though. It's free though so might be worth a try.

mehmeh12

No according to the linkscanner website its only usable with windows, and while avg linux version can detect viruses it will not remove them. Im using avast for linux now but its only on demand protection, no real time protection.

Johnboy1951

What is the purpose of real time protection from Windoes viruses when running Linux?

dioltas

If you're sharing files with windows users? Or if you are running a server that is accessed by windows users I suppose.
Maybe real time protection is overkill though, I don't know really...

Mathiasb

dioltas wrote: »

If you're sharing files with windows users? Or if you are running a server that is accessed by windows users I suppose.
Maybe real time protection is overkill though, I don't know really...

If the virus can't execute under your OS then it can't spread

bman

Mathiasb wrote: »

If the virus can't execute under your OS then it can't spread

It can execute on the users Windows machine that is accessing the file share on your machine though. There'd probably be no need for this precaution on a desktop machine, home server, etc. but for a production server with many Windows users accessing files on your Linux box this precaution could be very important. Depends on the deployment.

Johnboy1951

Just wondering .....

Linux is not susceptible to Windows viruses therefore there is no need for 'real time' virus scanning for Windows viruses when on line in Linux. Yes?

If files are shared with Windows machines then those Windows machines will be protected by their own anti-virus software. Also scanning of the shared files would seem more than adequate. Yes?

If we are talking about an enterprise server then the OP would not be going on line from it. Yes?

On the other hand I have no Windows OS here so I have no practial knowledge ....... just questions

mehmeh12

To be honest i just using this single pc to access the net.

The thing is i dont want to get scammed while shopping online-how can i avoid clicking on bad sites/sites with linux malware?

Blowfish

mehmeh12 wrote: »

The thing is i dont want to get scammed while shopping online-how can i avoid clicking on bad sites/sites with linux malware?

You won't get scammed from Linux malware. Period.

About the only thing that could affect you are the usual phising 'you need to update your account details, click <insert link to random website in russia> to continue'. Spam filter + good old fashioned common sense will cover you for those, so really there isn't anything to worry about.

mehmeh12

Ok but what about cross platform viruses-for example i read one of the ubuntu homepages about the use of the Bad Bunny virus for open office in 2007-could something similar happen to active x/script content on websites? im already using noscript for firefox but still-i dont want to get pawned this xmas.

matrim

i think the op is talk more about url blacklisting software that warn of plishing sites. Isn't there a firefox plugin for that?

Mathiasb

All you need is a sane brain, adblock and noscript.

djmarkus

If you are using samba to share files to windows users, use on access file scanning like the vscan module or scannedonly. These use clamscan as backend.

Snowbat

matrim wrote: »

i think the op is talk more about url blacklisting software that warn of plishing sites. Isn't there a firefox plugin for that?

It's built in to Firefox 3 and later:
http://www.mozilla.com/en-US/firefox/phishing-protection/

mehmeh12

Snowbat wrote: »

It's built in to Firefox 3 and later:
http://www.mozilla.com/en-US/firefox/phishing-protection/

Yes ive got this turned on but i dont know how reliable it is though.

Question:is open dns usable for ubuntu os?

aidan_walsh

OpenDNS is usable for any device capable of using DNS.

mehmeh12

aidan_walsh wrote: »

OpenDNS is usable for any device capable of using DNS.

Ok ive using open dns now but ive got a dynamic ip address and their is no client update software for ubuntu..so where does this leave me?

Mathiasb

mehmeh12 wrote: »

Ok ive using open dns now but ive got a dynamic ip address and their is no client update software for ubuntu..so where does this leave me?

Client update software? What do you mean? Just change the network settings for your network card, wether it's wireless or ethernet. Change to DHCP (address only), fill in the rest. (gateway (run route), dns..)

mehmeh12

Mathiasb wrote: »

Client update software? What do you mean? Just change the network settings for your network card, wether it's wireless or ethernet. Change to DHCP (address only), fill in the rest. (gateway (run route), dns..)

Ok i dont know why but for some reason my isp changes my ip address twice every day. Basically from about 12pm to 1am its one address, but for 1am to 12pm its another address. The open dns website has windows and apple programs for automatically changing to new addresses but not for linux. I'll see whether or not open dns works tonight after 1 i guess.

Mathiasb

mehmeh12 wrote: »

Ok i dont know why but for some reason my isp changes my ip address twice every day. Basically from about 12pm to 1am its one address, but for 1am to 12pm its another address. The open dns website has windows and apple programs for automatically changing to new addresses but not for linux. I'll see whether or not open dns works tonight after 1 i guess.

It doesn't matter if your ISP's DHCP server gives you a new IP address every now and then, since you'll be configuring your OS to just receive a new IP address for the NIC, not new DNS servers.

mehmeh12

Mathiasb wrote: »

It doesn't matter if your ISP's DHCP server gives you a new IP address every now and then, since you'll be configuring your OS to just receive a new IP address for the NIC, not new DNS servers.

What is NIC?

aidan_walsh

mehmeh12 wrote: »

What is NIC?

Network card. You ISP will not be changing your DNS values. Once you set them to use OpenDNS, it will keep them at that. The OpenDNS software is purely optional, I use several devices on my network without it.

Snowbat

As far as I can see, an Open DNS updater client is only needed if you want them to track statistics for your account or use the custom blacklist feature. Privacy alert - do you really want Open DNS to be able to log all your lookups and tie them to your account?

Interestingly, Google just launched a public DNS resolver (one that does *not* redirect you to ads for a failed lookup):
http://tech.slashdot.org/story/09/12/03/1814238/Google-Launches-Public-DNS-Resolver

The phishing/malware blacklist in Firefox is quite effective. Theres' a study from late last year here comparing it to IE, Netcraft, McAfee and Symantic blacklists.

mehmeh12

But how reliable is firefox/open dns against phishing? Ive been using both with windows for the last 2 years and bar the sample test pages they provide ive never been notified about a potentially malicious site.

Oddly enough the ucd website was flagged down by google saferbrowsing via the firefox addon linkextender as being malicious.

Herbal Deity

Your brain is your protection against phishing...

Snowbat

Blocked phish, fresh from my spam folder:
http://chaseonline.chase.com.refdtzscote.co.uk/Secure/webform/OSL.aspx

Blocked malware (actually the fake AV scan here is pretty funny to watch in Linux if you ignore the warning as it immitates an XP explorer session and app - obviously you don't want the install.exe that it offers)
http://unitedsafetysupply.com/

mehmeh12

Blocked malware (actually the fake AV scan here is pretty funny to watch in Linux if you ignore the warning as it immitates an XP explorer session and app - obviously you don't want the install.exe that it offers)
http://unitedsafetysupply.com/[/quote]

Im not going to do this but just out of curiosity even if was running root level privileges on ubuntu what damage could a exe file do? i thought exe files could only run on windows.

Snowbat

No damage - it won't run. The funny part is what the page shows before it offers the exe file for download.

There's no point in downloading the exe file unless you want to submit it to an AV vendor, but that's already been done via virustotal.com. If you dual-boot Windows and have an ext3 filesystem driver installed (like Ext2 IFS), your Windows antivirus may pick it up, or maybe it'll sit there for a year and you or another user won't remember what it was, and try to run it in Windows.

djmarkus

WINE will run the file, and if you have some binfmt magic going on ./virus.exe will actually run(as opposed to wine virus.exe)

Wine will refuse to run as root (i think).

Snowbat

Only if Wine is installed. Does any distro install Wine by default? Can you double-click an exe to launch it in Wine with no further action required? (I've never used Wine).

aidan_walsh

Snowbat wrote: »

Only if Wine is installed. Does any distro install Wine by default? Can you double-click an exe to launch it in Wine with no further action required? (I've never used Wine)

IIRC, Linspire was the last one I heard of that had it installed by default - and even at that it may only have been while it was branded Lindows.

Nichololas

Hehe I can imagine - "I'm having trouble running obviousvirus.exe under WINE, can anyone help?".

And on a related note; there was a story on slashdot yesterday about a bit of malware inserted in a gnome screensaver (on gnome-look.org iirc). Even then it wasn't a 'virus', as it required the user to actively install it .. And it was removed from the site within 24 hours.

mehmeh12

Enlil_Nick wrote: »

Hehe I can imagine - "I'm having trouble running obviousvirus.exe under WINE, can anyone help?".

And on a related note; there was a story on slashdot yesterday about a bit of malware inserted in a gnome screensaver (on gnome-look.org iirc). Even then it wasn't a 'virus', as it required the user to actively install it .. And it was removed from the site within 24 hours.

Is there a link to where i can find a report on this virus? worst case scenario i let the virus into ubuntu by giving it sudo access-what happens with a linux 'virus'?

Mathiasb

mehmeh12 wrote: »

Is there a link to where i can find a report on this virus? worst case scenario i let the virus into ubuntu by giving it sudo access-what happens with a linux 'virus'?

What virus?

The malware has been taken down from the site. You can't give something sudo access - you are the user, you have sudo access. If you run something via sudo, that process being run is run with root credentials = bad (if not intended).

You can't get automatically infected.

mehmeh12

Mathiasb wrote: »

What virus?

The malware has been taken down from the site. You can't give something sudo access - you are the user, you have sudo access. If you run something via sudo, that process being run is run with root credentials = bad (if not intended).

You can't get automatically infected.

What are the symptoms of the a linux infection?

Blowfish

mehmeh12 wrote: »

What are the symptoms of the a linux infection?

There are no defined symptoms, because it's almost unheard of.

BopNiblets

I imagine that even if you run a Windows virus under Wine the most harm it could do is limited to your Wine directory?
Viruses do what? Delete Windows files? There can't be too many (or any) common files because of the different filesystem/directory structure! So your Wine might get borked, or I suppose if you had a Windows partition mounted it might do some damage?