[kwlug-disc] so ... what's your opinion on linux anti-virus software?

[unsolicited]

Chris Frey wrote, On 02/05/2009 6:57 PM:
> On Wed, Feb 04, 2009 at 03:26:09PM -0500, Robert P. J. Day wrote:
>>   a (sort of) acquaintance is asking about my recommendations for
>> anti-virus software for both linux servers and workstations, and is
>> admitting that he's already been told that viruses aren't that big an
>> issue with linux and, coming from a windows world, he's finding that
>> hard to believe.
> 
> You probably know all this already, but I'll write it anyway... :-)

I think you have many things wrong here. Playing devils advocate ...

> I think that it needs to be explained to new Linux users that their
> world view of computers will have to change slightly.

Nope. Sit down at a keyboard, get things done. The computer is the 
means not the end.

> Instead of viewing
> security as something you buy and run in the background, security
> is now a process, and they are now in full control of it.

Security is something for someone else to worry about. Even if I'm the 
user. I'm not going to think about it, I have other things to do.

It had better be perfect, out of the box.

> Do they run random software from sources they don't trust?

Yes. They do, and will. Deal with it. (See - out of the box.)

You will never convince them otherwise.

Think of it this way:
- when you flick the light switch ... you're done.
- when you pick up the phone, you get dial tone. You're done.
- when you put a piece of toast in the toaster ... if you're REALLY 
LUCKY, they might know to not stick a fork in it to fetch the toast.

	I don't know if it's true or not, but there was a Boston Legal 
episode where the lawyer had to ask something like 'Do you think it's 
reasonable that you stuck a fork in the toaster ...'

   Their security
> experience on Linux will be the same as on Windows.

"What's security?" (i.e. don't care, foreign term, so ignore it and 
get on with your day.)

> Do they run all programs as root?

They don't know. They don't care. They sit down and ...

That's it.

>  Or do they learn how it works to
> create and use multiple accounts on a machine?

They do not.

> Do they install the OS and then forget about updates?

Yes. Unless updates are turned on automatically / for them.

e.g. Rogers and other vendors frequently come with Symantec 
anti-virus. They blindly install it and get on with their day.

After a year, when signature updates stop doing so, they just click on 
the warning to get it out of their way without reading it.

Then wonder how they got a virus, they have anti-virus software 
installed, after all.

> After pointing out all the changes they will have to make, then point out
> how Linux makes those changes easier:

They don't care. If I wander around with the mouse, clicking things, 
can I figure out what to do to make it do what I want?

FULL STOP.

> 	- Almost all the software they will ever need is already available
> 	  in a repository they can trust.  No need to search the internet
> 	  for a utility to do some task... search the free repository first.

Sure. And which of the 500 choices they have for any given thing will 
they chose? And what's a 'pidgin' anyways?

And after trying the first dozen, all of which don't work, are for a 
different version / library, are no longer maintained, and so on and 
so forth, they'll give up and go watch the latest game on TV.

This is why the *buntus are so compelling and needed - try to narrow 
the choices down closer to the 'one true way'. Which inevitably isn't, 
or, more likely, is incomplete. (i.e. does most of what they want to 
do but is missing a something they're looking for.)

Take IM's for example. There are lots out there. Convergence is 
happening, so you have a moving target. Video live calling anyone? 
(Don't ask me how you go from _instant_ _messaging_, i.e. one time, 
one off, non-confirmed / replyable, to live video calls, but, well, 
there you go.) Not much different than blackberries bastardizing 
e-mail into instant messaging.

> 	- Trusted security updates are part of the "Linux DNA" and easy to do.

See security above.

> 	- Linux is built with user accounts in mind.  Most daily operations
> 	  do not need administrator access.

What's an account?

> 	- While switching to a new operating system makes it harder to run
> 	  your favourite Windows applications, it also makes it harder to
> 	  run Windows viruses.  ...

What's an operating system? I sit down and move the mouse and ...


DON'T YOU PEOPLE GET IT ... IT'S THE APPS, NOT THE OS, THAT MATTERS.

IF I DON'T HAVE A COMPELLING REASON TO SIT DOWN AND DO X, I'M NOT 
GOING TO SIT DOWN. WHEN I DO SIT DOWN, I'M NOT LOOKING AT AN OS. I'M 
LOOKING AT AN E-MAIL MECHANISM, OR A WAY TO SEE THE PICTURES ON MY 
CAMERA. FULL STOP.

> If after all this, they insist on paying someone to scan their Linux files
> for Windows viruses, you can start going through the list of AV providers.

No. Full time, on the fly, fire and forget. I have this software, I'm 
protected. Get on with my day.


You may think I'm kidding here. I am not. I am on Chris' side of the 
computer learning curve depicted here. I understand his points, and 
that someone (preferably the os developer / installer) needs to get 
this done.

But the users are not.

Why do you think Linux had not blown windows off the desktops? Why 
have we not all blown away MS Office for Open Office? Read above. 
Think 'Outlook.'

When I pick up the phone, do I get dial tone. When I punch those 
button thingies, can I talk to the person I'm calling?

NOTHING else matters.

It's the apps that matter.

For purposes here, anti-virus is not an app. It's a necessary evil 
that I'm not going to think about - it's in the way. ... and why is my 
mouse so slow now???

Full time, on the fly, behind the scenes, scanning, that takes care of 
/ updates itself. Nothing else matters, is relevant, or useful.

For the admin, the only next step is ... centralized reporting and 
alerting.

Some twit is going to invent something that will kill you faster than 
you can discover, acquire, install, and implement, defences. It goes 
in now, full time on the fly scanning, self-updating.

Consider it as 'CPU overhead.'

It's not just the idiot user I have to worry about ... it's the idiot 
user's son in the office waiting for Mom or Dad, or that passerby 
wanting to make a quick check of their e-mail as their laptop 
battery's dead.

It's the ... which computer did I miss (to which this will happen) 
that keeps me up at night. As well as the 'and how many stupid hours 
am I going to have to waste remediating things after the fact' when 
I've got better things to do.

Admins need to be able to go in, push a button, get a big green 
"EVERYTHING'S OK" light, and get on with improving user's live, not 
just having to tread water faster to keep their heads up. (False 
positives should take care of themselves too! <sigh>) Even better, 
every morning, 6 AM, the printer spits out a piece of paper - "Your 
world is all clean as of 6 AM this morning." I pick it up along with 
my morning coffee on the way to my desk.


So, Windows equivalent to anti-virus, Mr. User says, I'll just install 
klamav, as it says, life will be taken care of, and good.

If they do a bit of reading, they'll recognize it's not on the fly. 
That's what I want! That's what I have with Windows, that's what I 
want here. OK ... it says I have to recompile the kernel ... here are 
the steps ...

BOOM!

Ba bye now. Back to the game the user goes!

<sigh>

This is all going to change only with time. Most of us see that 
already - most kids grew up with computers now (MS Word), heck many 
entry level positions require it. Along the way, they will probably 
encounter a virus and get educated along the way. In the mean time, 
this is our real world.

Yes, users need to be educated. No, they don't want to be educated. 
No, they shouldn't need to be educated. (Better software / fewer hackers.)

Anyone got some good drugs?