so you're saying popularity has NOTHING to do with it, huh?? if 50% of the world's desktops ran linux, we would still have the same linux virus statistics as we do today, right?? don't kid yourself...

like i said, i don't believe that popularity is the only reason we don't have so many virus troubles on linux - but note that you immediately dismiss it as FUD...

that said, there really isn't any way to determine the "definite" reason (although i think there's isn't "one", i think it's more of a combination), so it's pointless to enter into deep debate about it... perhaps you're right and it's only due to linux's "superior filesystem setup"...

regarding viruses, the "40% of all the servers in the world" thing is beside the point as servers have to deal with completely different types of users, and you know this...

you are trying to make it seem as if i've said that virus/malware scanners are some kind of foolproof security mechanism - i've said no such thing...

and that's totally cool... but what is NOT cool is to make posts here in the security forum which make linux newcomers believe that linux is some kind of panacea that guarantees them some sort of immunity to viruses as long as they "keep their system up to date"... gnu/linux is a great operating system and we don't need to lie in order for people to see that...

neither do i, but clamav only *scans* for viruses, at the moment it has no way to "go back" or fix anything when it finds one... i agree that once you are hit (by a virus/worm/trojan/rootkit/whatever), you're done... but scanning stuff before using it *lowers* the possibility of you getting hit in the first place...

well, i assume this is directed at someone else as i haven't even mentioned email... i will say this much, though: the non-homogeneous condition is not an excuse for not adding additional layers of security when possible...

well, yeah, but that was only one of the reasons i had in mind... besides, there's nothing wrong with helping people out, is there??

hmmm...

no, it's not... most of the time it's a totally PREVENTIVE measure...

i have no idea... maybe google it or something... the reason i posted the list was to show you that your linux immunity argument is built on a lie...

and even if you keep your system completely up-to-date you are still vulnerable to zero-day exploits and the like... this is where things like grsecurity, apparmour, selinux etc. come-in - additional layers, preparing for the unknown, etc...

and yes, i also i feel myself veering off-topic...

which would prove that even with a system updated to the minute you still have a chance of getting hit... so you are willing to take the 0.1% risk, while others would be happy to reduce it to 0.01% by using a virus scanner...

hehe...

because it's not the same thing no matter how many times you tell yourself it is... if they *were* the same thing, then having your antivirus updated would mean you could forget about any security updates... and we all know this isn't true...

good for you, but do you really think this sort of over-confident behaviour is worthy of being imitated?? do you really think that the "invincible" image you are projecting in your posts is proper for a Security forum?? i mean, you are basically teaching people that it's okay to let their guard down, and that really sucks IMHO... look at it this way: any system administrator that would act the way you've posted would get fired immediately for negligence (unless the management in his company is clueless, of course)...

thank you for illustrating one of the symptoms of the "linux is invincible" virus... not sure if clamav has that one in it's definitions database, though...

Moderator note: I'm 100% fine with a public debate over the merits of AV for linux, but let's keep this friendly, clean, and avoid a pissing match or this thread will be closed.

This is assuming that a virus scanner can catch zero-day viruses. I doubt they can, but I will admit that I have read little about that subject.

I also admit that you make a lot of good points, so I'll leave it up to the readers discretion on whatever they decide.

Finally, it be must conceeded there is one undoubtly good reason for AV software, and that is to help prevent spread to other Linux users who may have outdated systems.

PS.
You make a good debate, win32sux. I like that. I'm glad we had this discussion, and hopefully it helps others. Though, never fall for the "popularity = more viruses" myth. That is pure FUD. Just read up on Apache vs IIS.

I must thank all for the quality discussion we had here. Overall as a new user of Linux, I feel though Linux may be less prone to virus attacks but still as per the saying "Prevention is better that cure", I will install an antivirus. Surprisingly there are Linux versions for many populer Windows Antivirus program like Bitdefender, Panda, aVast and of course ClamAV. Thanks again to all concerned.

thanks, and right back at you... it's pretty cool that even though we disagree on a lot of stuff, we never let this turn into a flamewar...

actually, i used to feel exactly the same way as you a while back - so i know exactly where you are coming from...

but nowadays, i have a different view than i did before... the apache argument is one that i too would throw out there when confronted by one of these "annoying windoze fanboys" (cuz that's what they usually were, unfortunately) when they claimed that the only reason linux didn't have a virus epidemic was because it wasn't popular on people's desktops... so yeah, i would explain to them how linux boxes running Apache are so popular on the Web yada yada yada...

but after giving it some thought, i came to the conclusion that it's not a proper comparison, the desktop and server boxes (apples and oranges)... i mean, generally speaking, servers aren't anywhere near being as vulnerable to viruses as desktops are IMHO... servers are, however, very vulnerable to worms - and we've seen what happens when Apache gets hit (Slapper, for example), etc...

desktops, on the other hand, don't usually have any need to have any listening processes, which greatly reduces the attack vector for a worm... just look at Ubuntu for example, it leaves your firewall unconfigured by default because of the fact that they make sure NOTHING is listening on the network after a default install...

that said, the main attraction for writers does indeed seem to be *desktops*... the point being that in this respect, desktops are drawing much more fire than servers... to illustrate this, allow me to click on the "last 10 virus alerts" link at secunia.com... these are the 10 viruses i got at the time of this post (actually they only provided 8, but whatever):

-- Sober.X - HIGH RISK Virus Alert
-- Sober.X - MEDIUM RISK Virus Alert
-- SOBER.AC - MEDIUM RISK Virus Alert
-- Sober.r - MEDIUM RISK Virus Alert
-- RBOT.CBQ - MEDIUM RISK Virus Alert
-- RBOT.CBQ - MEDIUM RISK Virus Alert
-- IRCBot.es - MEDIUM RISK Virus Alert
-- TROJ_SMALL.AHE - MEDIUM RISK Virus Alert

the first thing we notice is that there's no linux viruses in there...

hehe, no, but the main thing i wanted to show was that the vast majority of those threats are desktop-centric, requiring a user to get an attachment in an email or something like that... in other words, the great majority of these cases don't represent any direct security threat to windows *servers* at all... of course, servers might be crippled by the load a worm drops onto the network, but that's a different story...

so this basically shows why i feel that comparing desktop virus statistics with server virus statistics, or using servers statistics as an argument against someone professing the ubiquitous desktop popularity "FUD" isn't fair game...

most viruses are targeted at desktops, and most desktops run windoze (by far)... if, however, there were and equal number of viruses aimed at server and desktops, then the apache argument might have more merit when used against the "desktop popularity" argument...

ok, so i've explained why i personally don't feel comfortable comparing desktop virus stats with server stats... but what about comparing Apache to ISS??

that is a whole different ballgame... although i know that according to netcraft.com apache runs about 60% of web servers while "microsoft" (i assume they mean ISS, etc.) runs on something like 30%, i'll be the first to admit that i'm not too familiar with the current server infection statistics (could you provide some links?)... but for discussion's sake, i'll assume it goes something like this: "even though apache has twice as much web presence as ISS, it's infection rate is less than half of what ISS's is..." is that about right?? i believe this is how it was a while back IIRC...

considering that, i would be expected to explain how the "popularity FUD" plays into this - and i would be hard-pressed to do so because, even though "popularity" has never been the core of my argument (i've always said it only plays a PART) i do find myself with circumstances completely opposite to what the desktop market shows...

so i'll say this: at first glance, the statistics do seem to indicate the technical superiority of Apache over ISS... it's a far bigger target, and even though it probably draws as much or more fire than ISS, it maintains a lower infection rate... and yes, i'll even go as far as adding that it might have to do with gnu/linux also, which was after all designed as a server operating system from the start (unlike windoze)...

but could there be any other variables involved?? or is the "technical superiority of Apache" the absolute conclusion?? here's where you and i might start once again to disagree... i have a feeling that this conclusion might provide the necessary satisfaction to you, because it would have done so for me too in the past... but i currently believe that it is quite healthy to look into the matter a little deeper than that... i think it's a good idea to look at some other variables and stuff - not in an attempt to disprove that apache is more secure than ISS (i have no doubt that it is), but instead in an effort to determine if there could be other factors involved behind the drastic "usage vs. infection" statistical differences between Apache and ISS...

i am in no way an expert, but i do believe that one of these variables might be gnu/linux's rock-solid stability, reliablity, scalability, and cost benefit... what i mean is that these characteristics have made gnu/linux the favorite OS of datacenters, hosting providers, and the like... so in reality, when one hosting provider puts gnu/linux on a box/blade/whatever, and they are providing virtual hosting on that box, that means that right away there will be hundreds or thousands more "linux hosts" added to the statistics - per box... so if that box is properly secured, that means there's hundreds or thousands of sites which are, well, properly secured... at an operation hosting so many sites, you are bound to have a qualified network administrator taking care of things...

whereas microsoft's solutions aren't nearly as attractive to people setting-up data-centers and huge hosting providers, etc... they seem to be more attractive to small and medium businesses that are setting-up servers only for their companies, etc... (yes, there are exceptions - of course)...

plus with windows, experience has shown (me at least) that windows system administrators tend to stay far behind their linux counterparts when it comes to system administration knowledge... perhaps it's cuz they are so dumbed-down by the pointy-clicky nature of windows, or whatever... i don't know, and i don't really care...

in summary, i think that the types of deployment and the quality of the administration could be considered too when comparing Apache vs. ISS... statistics are a very interesting thing, but they are very open to all kinds of interpretation by their very nature...

so yeah, i mostly agree with you on "Apache vs. ISS", but i'll stand by my "mystical FUD" regarding desktops... hehe...

Hi! I am back again. As I will make full use of this opportunity to learn.

I have loaded aVast antivirus. Why aVast because I have the same in Windows and it works quite good in Windows environment. If you suggest any other I will go for that also.

While going for a Full scan I got a virus found message in
/usr/share/locale/pa/LC_MESSAGES/redhat-artwork.mo/Part No_)#xxxxxxx

xxxxxx = certain no.

Should I worry about it, I tried to move the file without success, the program closed down. I would like to get your views on that.

Thanks and Happy New Year to all.

not sure, but i have a feeling it's a known false-positive:

http://www.linuxquestions.org/questi...75#post1459275

http://www.fedoraforum.org/forum/sho...d.php?t=109385

aridom, go back and read posts number #7 and #8 in this very same thread.
Then uninstall avast. If you must use AV software, use clamav.

My mistake. Thanks Sepero. aVast removed. Will load ClamAV. Thanks again for your help. Thanks also to Win32sux for your help. As you must have noted here it is a problem in aVast. So I have to use ClamAV.

I think you said you were unable to find the update function.
I am using FC6 and KDE and found the system updater here:
Start > System > Software Updater; as the menu is alphabetical, Add/Remove Packages is at the top, and Software Updater near the bottom. I also am enjoying Firestarter and am using KlamAV for antivirus.

Oh thank you rdWinders. I have already found that since this was some time back, I had the problem. Now it's ok. Thanks for replying.

On MS everyone uses Outlook? I know one who doesn't. It's like saying all Linux users think they know everything, when only a few believe they do.

Just want to add (and this may well be out of context, but thought I would add it anyway). My server was exploited through php. It managed to get 2 different "viruses" on there.

Linux.BST.B
Trojan.Linux.Small.I

This was only picked up by clamav when I installed and ran AFTER I knew something was up. I had not being running any sort of AV on my server (nor my desktops/media boxes) as I too was very confident that Linux had no virus issue. But had I been running clamAV on a regular cron job then I would of been alerted that little bit sooner.

What I am saying is that I have had an eye opening experience and the concept that Linux is virus free is not 100% accurate unless you want to claim a technicality (are said viruses actually viruses or worm's or ...)

Well just adding me experience to this.

My server was exploited through php. It managed to get 2 different "viruses" on there.
In case of GNU/Linux there are aprox 10 viruses known.
Only one can be encountered "In The Wild".
The others are "Proof of Concept".

AV vendors just give different threats different names.
The fact these got a name don't mean they're viruses.

Hence my 'technicality' comment

I figured they probably aren't "viruses" as such but an AV scanner still picked them for me which is a good thing, in my opinion.