AVG - Suse

This is a discussion on AVG - Suse ; Peter wrote: > PWB wrote: >> "Peter" wrote in message >> news:13rhu4eoink3pe3@corp.supernews.com... >>> PWB wrote: >>>> "Timfy" wrote in message >>>> news:jo1uj.2059$Ef1.172@newsfe6-win.ntli.net... >>>>>> Why? Linux isn't Windows. It is not a magnet for viruses like MS >>>>>> products. >>>>>> >>>>>> ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 29 of 29

Thread: AVG

  1. Re: AVG

    Peter wrote:
    > PWB wrote:
    >> "Peter" wrote in message
    >> news:13rhu4eoink3pe3@corp.supernews.com...
    >>> PWB wrote:
    >>>> "Timfy" wrote in message
    >>>> news:jo1uj.2059$Ef1.172@newsfe6-win.ntli.net...
    >>>>>> Why? Linux isn't Windows. It is not a magnet for viruses like MS
    >>>>>> products.
    >>>>>>
    >>>>>>
    >>>>> Whilst this is a valid point, I use AVG to check that files that
    >>>>> I'm forwarding on to MS using friends and colleagues do not contain
    >>>>> virii that may affect them.
    >>>> and thats the reason i d/l it , but I find it says now I found where
    >>>> it is that it says I have no permission to use it to update so where
    >>>> do I get the permissions as there is no where I can see to input a
    >>>> password
    >>> Updating is allowed under root by the following command: avgupdate -o
    >>> I am using avg and can test from gui or console mode.
    >>>
    >>> A couple of useful Console commands:
    >>> avgupdate --help
    >>> avgscan --help
    >>>
    >>> avgscan home
    >>> avgscan media

    >> Thanks but where do I put the password as it doesnt give a window for it.

    > Command: konsole
    > Console box opens (eg xxxx@linux-5tp5:~>)
    > Command: su -
    > Passwordyou enter your password and you are root)
    > (this is my root) linux-5tp5:~ #
    >
    > linux-5tp5:~ # avgupdate -0

    Typo above should read: avgupdate -o

  2. Re: AVG

    noi ance wrote:

    > On Sun, 17 Feb 2008 17:01:30 -0500, Darrell Stec typed this message:
    >
    >> Timfy wrote:
    >>
    >>
    >>>
    >>>> Why? Linux isn't Windows. It is not a magnet for viruses like MS
    >>>> products.
    >>>>
    >>>>
    >>> Whilst this is a valid point, I use AVG to check that files that I'm
    >>> forwarding on to MS using friends and colleagues do not contain virii
    >>> that may affect them.

    >>
    >> I am of the opinion that if somebody in this day and age is stupid
    >> enough to still use an operating system fraught with malware they
    >> deserve any and all infections somebody else is sending them.
    >>
    >> Your approach is contributing to the virus problem in that until MS
    >> users are so stymied by malware that their computers are useless, they
    >> will never look for a better solution. Similarly, when gasoline reaches
    >> a $100 a gallon, it will be good for the world as it will force them to
    >> look for better solutions or everyone will start walking again.

    >
    > Flawed assumptions. Linux AVG found malware in some of the .jar class of
    > my SuSe 10.1 system:
    >
    > Found virus 'VBS:Malware-gen' in file '/home/noi/.java/deployment/cache/
    > javapi/v1.0/jar/count.jar-6c3329ad-75eb48ce.zip/VerifierBug.class'
    >
    > Of course, while 85-90% of PC still run Windows variant OS it's prudent
    > for to run an A-V programs on Windows files on those systems.
    >
    > FWIW, AVG for Linux is 1000x better than Clamscan.


    How does what you wrote demonstrate a flawed assumption. How do you know
    the anti-virus found anything real and did not just issue a false positive?
    You know they do not necessarily check for a virus but with heuristics
    check for a type of behavior characteristic of a virus or malware, don't
    you? What a module is trying to accomplish might be completely legitimate.

    Besides what damage could it do to you? How could it operate and how could
    it be passed on? From everything I've seen, that exploit assumes Windows is
    running. Besides, some websites indicate that VerifierBug.class is a
    legitimate file but a multitude of variations mascarading as the legitimate
    file are Trojans.

    --
    Later,
    Darrell Stec darstec@neo.rr.com

    Webpage Sorcery
    http://webpagesorcery.com
    We Put the Magic in Your Webpages

  3. Re: AVG

    On Tue, 19 Feb 2008 14:48:24 -0500, Darrell Stec typed this message:

    > noi ance wrote:
    >
    >> On Sun, 17 Feb 2008 17:01:30 -0500, Darrell Stec typed this message:
    >>
    >>> Timfy wrote:
    >>>
    >>>
    >>>
    >>>>> Why? Linux isn't Windows. It is not a magnet for viruses like MS
    >>>>> products.
    >>>>>
    >>>>>
    >>>> Whilst this is a valid point, I use AVG to check that files that I'm
    >>>> forwarding on to MS using friends and colleagues do not contain virii
    >>>> that may affect them.
    >>>
    >>> I am of the opinion that if somebody in this day and age is stupid
    >>> enough to still use an operating system fraught with malware they
    >>> deserve any and all infections somebody else is sending them.
    >>>
    >>> Your approach is contributing to the virus problem in that until MS
    >>> users are so stymied by malware that their computers are useless, they
    >>> will never look for a better solution. Similarly, when gasoline
    >>> reaches a $100 a gallon, it will be good for the world as it will
    >>> force them to look for better solutions or everyone will start walking
    >>> again.

    >>
    >> Flawed assumptions. Linux AVG found malware in some of the .jar class
    >> of my SuSe 10.1 system:
    >>
    >> Found virus 'VBS:Malware-gen' in file
    >> '/home/noi/.java/deployment/cache/
    >> javapi/v1.0/jar/count.jar-6c3329ad-75eb48ce.zip/VerifierBug.class'
    >>
    >> Of course, while 85-90% of PC still run Windows variant OS it's prudent
    >> for to run an A-V programs on Windows files on those systems.
    >>
    >> FWIW, AVG for Linux is 1000x better than Clamscan.

    >
    > How does what you wrote demonstrate a flawed assumption. How do you
    > know the anti-virus found anything real and did not just issue a false
    > positive? You know they do not necessarily check for a virus but with
    > heuristics check for a type of behavior characteristic of a virus or
    > malware, don't you? What a module is trying to accomplish might be
    > completely legitimate.
    >
    > Besides what damage could it do to you? How could it operate and how
    > could it be passed on? From everything I've seen, that exploit assumes
    > Windows is running. Besides, some websites indicate that
    > VerifierBug.class is a legitimate file but a multitude of variations
    > mascarading as the legitimate file are Trojans.


    Yes, what you wrote could be true but my point is AVG found something
    that met its criteria of a various. FWIW, since this is a java api its
    valid for Winblows and Linux, it may or may not be a valid but at least
    one knows to check it.

    Its better to be safe than sorry.

  4. Re: AVG

    noi ance wrote:
    > Found virus 'VBS:Malware-gen' in file '/home/noi/.java/deployment/cache/
    > javapi/v1.0/jar/count.jar-6c3329ad-75eb48ce.zip/VerifierBug.class'


    It may be in a Java class, but it is a VBS virus and as Linux doesn't
    run VBS (Visual Basic Script) it _still_ is a Windows-only virus.
    --
    ************************************************** *****************
    ** Eef Hartman, Delft University of Technology, dept. SSC/ICT **
    ** e-mail: E.J.M.Hartman@tudelft.nl, fax: +31-15-278 7295 **
    ** snail-mail: P.O. Box 5031, 2600 GA Delft, The Netherlands **
    ************************************************** *****************

  5. Re: AVG

    Eef Hartman wrote:
    >> Found virus 'VBS:Malware-gen' in file '/home/noi/.java/deployment/cache/
    >> javapi/v1.0/jar/count.jar-6c3329ad-75eb48ce.zip/VerifierBug.class'

    >
    > It may be in a Java class, but it is a VBS virus and as Linux doesn't
    > run VBS (Visual Basic Script) it _still_ is a Windows-only virus.


    Yes, but if you use your PC as some kind of server (to store your mail,
    files or whatever) and you connect with a Windows machine to it, you
    still *might* be able to infect your winders machine.

    houghi
    --
    Personally, I think most sports fans are a little "gay". They'd
    rather watch a bunch of sweaty guys jumping all over eachother,
    than, say fashion TV - where hot models walk down the runway.

  6. Re: AVG

    Eef Hartman wrote:
    > noi ance wrote:
    >> Found virus 'VBS:Malware-gen' in file '/home/noi/.java/deployment/cache/
    >> javapi/v1.0/jar/count.jar-6c3329ad-75eb48ce.zip/VerifierBug.class'

    >
    > It may be in a Java class, but it is a VBS virus and as Linux doesn't
    > run VBS (Visual Basic Script) it _still_ is a Windows-only virus.


    Actually, openSUSE in particular can do some vbs... and some others
    now as well.

    Also, wine brings in the whole vbs potential as well... so an
    Excel spreadsheet (for example) might actually open with Excel
    even on Linux.

    Just some things to bear in mind...

    Virus signature checking is a LAST resort... it's prone
    to failure and false positives. Good security has to come
    before that.

  7. Re: AVG

    Chris Cox wrote:
    >Eef Hartman wrote:
    >> noi ance wrote:
    >>> Found virus 'VBS:Malware-gen' in file '/home/noi/.java/deployment/cache/
    >>> javapi/v1.0/jar/count.jar-6c3329ad-75eb48ce.zip/VerifierBug.class'

    >>
    >> It may be in a Java class, but it is a VBS virus and as Linux doesn't
    >> run VBS (Visual Basic Script) it _still_ is a Windows-only virus.


    >Actually, openSUSE in particular can do some vbs... and some others
    >now as well.


    >Also, wine brings in the whole vbs potential as well... so an
    >Excel spreadsheet (for example) might actually open with Excel
    >even on Linux.


    >Just some things to bear in mind...


    >Virus signature checking is a LAST resort... it's prone
    >to failure and false positives. Good security has to come
    >before that.


    Never turn your computer on?

    :-)

    --
    --- Paul J. Gans

  8. Re: AVG

    Paul J Gans wrote:
    ....
    > Never turn your computer on?


    Very true. I love talking to the corporate security "gurus"....

    I usually tell them that the only way they'll be secure is if
    they cut the wire.... they laugh at first and by the end
    of my presentation, they start looking for the scissors.

  9. Re: AVG

    Chris Cox wrote:
    >Paul J Gans wrote:
    >...
    >> Never turn your computer on?


    >Very true. I love talking to the corporate security "gurus"....


    >I usually tell them that the only way they'll be secure is if
    >they cut the wire.... they laugh at first and by the end
    >of my presentation, they start looking for the scissors.


    Gee.

    In reality if one wants security at a mid to large sized
    outfit (size in number of computers) one way to really
    help is to have two networks. Machines carrying corporate
    stuff goes on the private network. Any link to off-site
    branches goes through a VPM.

    That's not all that need be done, but that network should
    not be accessible to anybody outside. That leaves only
    the idjits and sabateurs on the inside to worry about.

    Connections to the outside world can be done via a "normal"
    network with the usual security controls.

    For example, I keep hearing about attacks on Pentagon computers
    that are supposedl "secure". Why are they on any public net
    at all? For years they had their own private military phone
    network. Surely a private computer net shouldn't cost more
    than a couple of toilet seats?

    --
    --- Paul J. Gans

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2