Posted Aug 28, 2008 12:47 UTC (Thu) by skitching (subscriber, #36856)
Parent article: TALPA strides forward
People have been very scathing about the need for providing traditional windows-style virus-checking on Linux.
I would certainly agree that "privilege escalation" problems are less common on Linux, and that the correct way to deal with these is through architectural fixes rather than trying to block programs that exploit a flaw. However it seems (in my uninformed view) that there are a large number of security issues that do not rely on privilege escalation at all.
Case 1: A user visits an evil webpage. That webpage then exploits some browser flaw to drop a .so file on the local system and modify the user's .bashrc file to specify that file in LD_PRELOAD or similar.
Case 2: A user downloads and runs a trojaned "game" of some sort that has been emailed to them. Yes they shouldn't, but there are more and more "innocent" users of Linux these days.
Even without privilege escalation, an attack of this sort can do significant damage, including:
* sending spam (when that user is logged in)
* capturing user private data
Won't a "virus scanning" solution help here, where the traditional Linux security approach will not?