Friday, July 9, 2010

I've got a fever- it must be a virus!

I used to be an anti-malware expert when I used Windows- I could tell you the relative merits of anti-virus programs, anti-spyware programs, anti-Trojan programs, rootkit detectors and firewalls.
I now run Linux with no anti-virus, or indeed any sort of security suite, scanner or intrusion detection program.
This is not actually because I discovered Linux is much more secure, rather because, coincidentally around the time I started using Linux, I realised that anti-malware programs aren't really necessary in Windows, or perhaps more accurately, aren't that effective.
I was reminded of this by a post on KrebsonSecurity, written by one of the best reporters on malware and cybercrime. The gist of the report is: don't rely on anti-virus software to protect you from Windows malware. There are lots of comments on the page questioning the value of the research cited in the post, but I have to say it jibes with my experience of Windows malware: any anti-virus has only about a 20-60% chance of catching new malware, and only a 40-90% chance of catching old malware. The graphic below doesn't reveal the best and the worst of anti-virus programs, but honestly, it doesn't matter that much.

There are also several comments on the blog post about how malware can now persist even after an operating system reinstall, so basically, if you get a "virus", you're going to be buying a new computer, which, although they carry a grain of truth, are basically tin-foil hat paranoid nonsense.
There's no guarantee that an anti-virus program will protect you from malware, indeed, a 10-80% chance that it won't. What you need to do in Windows is learn to recognise and avoid viruses. Now a long article on how to do this is beyond the scope of this post, but for a start, make sure all web-facing software is up to date. (Secunia can help here.) Honestly, armed with up-to-date software and a knowledable user, your computer is going to laugh in that face of malware!
This is not to say that I wouldn't use an anti-virus program in Windows- I'd always have one running. My personal choice would be avast!, Avira, maybe Panda- because they are free. I wouldn't pay for an anti-virus (for private use) because they are really only a second or third line of defence. (Of course, in a commercial/institutional environment, where you have all and sundry using your system, this doesn't apply.)
Linux can have a big advantage here, in that assuming your distro of choice has a package manager, it will tell you about any web-facing software that needs updating for security reasons. A old version of Flash, Adobe or Firefox allowing a drive-by download is less of a risk. (Not to mention zero-day exploits in Internet Explorer.)
Malware is not an issue Linux users can ignore, as this report proves. But Ed Bott's report also illustrates how the paranoia of Windows users tries to infect Linux users. Are Linux repositories infected? Should Linux users now be scouring their machines for malware? No. This was an issue with one distro. Most Linux distros insist on package signing, which would have prevented this attack.
Relax! Don't panic! It's still possible to connect a computer to the internet without getting pwned, Linux or Windows.

No comments:

Post a Comment