[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tue, Jul 19, 2011 at 9:57 AM, simon wrote: > Since this will clearly not be of any benefit to me, and I have no > intention of installing proprietary software on my machine, can anyone > point me in the direction of some evidence or other article that I can > give to the management to convince them that it's not in anyone's interest > to bother? (Disclaimer: I work in computer security. What I write below might sound boringly pedantic. Apologies in advance for that.) I think the question one should ask is: why would I not run security software? Do I have really good reasons for that. Given that there are several options available (including at least one that is free and open source) I don't think you have a good reason not to. Unless you are running very important software where performance is essential, I think 'it slows things down a bit' is something your employer should care about. There are actually several reasons why you should be concerned about 'viruses' (the correct and more general term is 'malware'). Firefox plugins are an example. Even if you only download plugins from trusted sources, there is a small but real possibility someone manages to replace a plugin by a newer 'version' that does something malicious inside the browser (making it platform independent) or that a security hole is found in an existing plugin you are running. (The former happened to WordPress recently.) Not having root access does not help you either. True, the nastiest malware for Windows uses all kinds of root permissions to hide itself, but on Windows as on Linux something like a keylogger doesn't need to have root permissions to register everything you type. You wouldn't fall for the 419 scams (the 'Nigerian' stuff mentioned by someone) but you don't need to have Windows to fall for them. And Linux software, like software for any platform, does have vulnerabilities. They aren't abused very much but if there is any reason why someone would have a reason to attack your company in particular, I wouldn't want to rely on the bad guys not bothering to use our Linux box as an attack vector. Targeted attacks can be, well, very targeted. If that makes you scared of all the risks, it shouldn't. The chances to be infected using Linux are still significantly smaller than if you were using Windows, or even a Mac. But even so, since it doesn't hurt, it is a nice insurance against the case that something does happen. And it's always good to remember the Mac community who "didn't need anti-virus because they were using a Mac". Then every man and his dog started using Macs. And then the viruses came... Martijn PS assuming you share files (via email, samba or something else) with other people inside or outside your company, it would also be nice if your machine could send them. Even if you received the file as it was and have nothing to do with its maliciousness, and even if the receiving side runs anti-virus, it would still look bad if you shared the file. PPS I don't mean to suggest that anti-virus, regardless of the operating system, solves all problems. It is a good first step though. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq