big deal [LWN.net]

big deal

Posted Apr 9, 2006 2:48 UTC (Sun) by lutchann (subscriber, #8872) [Link]

It's also required by my liability insurance, which isn't surprising. I'm sure that's to reduce the risk of me being unable to meet contractual obligations for a client due to a virus infection that destroys data, ties up my time fixing things, etc.

The more surprising requirement for the insurance was to maintain a firewall that not only blocks unauthorized inbound connections but unauthorized outbound connections from both servers and workstations. Since that's how all my internal networks are already set up it wasn't a big deal for me, but it was nice to see my insurer paying attention to things like that.

egress filtering?

Posted Apr 9, 2006 23:21 UTC (Sun) by man_ls (subscriber, #15091) [Link]

You block unauthorized outbound connections? This means that you have to "authorize" outbound connections to every new port? For me this is a waste of time; malware can connect via port 80 to whatever server it wants, and I may want to connect to remote ports for new protocols, server administration, etc. My internal networks are definitely not set up like that.

egress filtering? yes!

Posted Apr 11, 2006 15:51 UTC (Tue) by lutchann (subscriber, #8872) [Link]

You're right, which is why I don't allow connections via port 80 to just any server. All allowed outbound connections from my internal networks are fully specified by source host, destination host and destination port; for the most part this is limited to allowing only connections to a client's servers or VPN endpoint, plus my local DNS and NTP servers. This reasonably well isolates all my internal networks from each other and the Internet, which conveniently solves a lot of problems that IT departments tend to bring up when you request VPN access to their network.

a bit excessive

Posted Apr 11, 2006 16:06 UTC (Tue) by man_ls (subscriber, #15091) [Link]

So, what do you do when you have a problem in the network and need to look something up on the web?

a bit excessive

Posted Apr 11, 2006 16:34 UTC (Tue) by lutchann (subscriber, #8872) [Link]

I have other networks here besides those I consider "internal"--everything with Internet access is in a DMZ-type network, so laptop+wireless works fine for web and IM. But from the perspective of the internal networks where all the real work goes on, the DMZ is as untrustworthy as the open Internet.

McAfee makes a Linux AV product

Posted Apr 9, 2006 22:31 UTC (Sun) by pr1268 (subscriber, #24648) [Link]

Being a University student, I get the privilege of using the campus-wide license for McAfee Antivirus. Since I only use Linux, I was thrilled to discover that not only does McAfee make a Unix version (works on Linux, FreeBSD, HP-UX, AIX, and Solaris), but also that the University I attend provides this version alongside their Windows/Mac offering.

I suppose the only down side is that this is presumably a corporate/enterprise version. It's not like I could walk into $COMMERCIAL_RETAILER and pick up a Linux copy... :-(

McAfee makes a Linux AV product

Posted Apr 10, 2006 15:49 UTC (Mon) by rickmoen (subscriber, #6943) [Link]

pr1268 wrote:

I suppose the only down side is that this is presumably a corporate/enterprise version. It's not like I could walk into $COMMERCIAL_RETAILER and pick up a Linux copy... :-(

Something for you to ponder: One of the glories of running Linux is that you can avoid the need to run unauditable code with significant privilege (and can avoid running it at all, in many cases).

But here, you're pretty much proposing to run with root-user authority a proprietary, binary codebase from a proprietary-software vendor whose business integrity, along with almost all of its competitors, is already specifically subject to question, concerning the Sony rootkit scandal (a point Schneier made quite eloquently, at the time). And you're thrilled about this? Me, I'd go to great lengths to avoid exercising that option.

Rick Moen
rick@linuxmafia.com

McAfee makes a Linux AV product

Posted Apr 11, 2006 0:50 UTC (Tue) by drag (subscriber, #31333) [Link]

Exactly!

All of these products seem to me to have a proven security track record.. A bad track record, that is.

These things have openned up holes in root in the past for potential attackers.

If I worked somewere that required certain types of anti-virus stuff to be installed, I'd install it... in a chroot'd environment seperate from everything else and do my best to figure out how to make it work as a regular user through trickery or some VM or whatnot so that I could have it functional, yet seperate.

Although I doubt that would be to popular among management...

In light of the threats that viruses can pose I think that Gnome and KDE should look at integrating open source, passive, antivirus protection.

Things like having email scanning with Evolution similar to how it supports anti-spam scanning. Files being downloaded could be then scanned.

Or maybe integrate it with the FAM support so that files being added to the home directory will be scanned automaticly irregradless of their source. I don't think that this should be hard to do and ClamAV will probably work very well.

This should, I figure, be optional and turned off by default.

This should provide assurance to new users and also prevent situations were Linux user "A" finds funny picture and text and sends it to Linux user "B". Linux user "B" thinks it's funny and sends it to Windows user "C". Windows user "C" then becomes infected from virus sent to them from Linux user A and B, which then goes on to infect everybody else's windows PC including customer's. Of course the virus doesn't affect the Linux users at all, but that's not realy that wonderfull that they sent a Windows user a attatchment that does.