jaclaz Posted August 16, 2013 Share Posted August 16, 2013 I am not attempting to persuade you of the opposite at all , I am simply telling you that Linux Antivirus are usually going to scan "files" including (actually mainly targeting) Windows viruses. Their use is mainly to avoid that "infected files" pass through a Linux server. If you prefer, the Linux Antivirus programs that you can find will all look for (and hopefully find) Windows viruses, another example, JFYI: http://www.eset.com/us/home/products/nod32-for-linux/ Uniquely designed for Linux No Operating System is completely safe. Even though the Linux platform may not have as many threats as other platforms and is targeted directly, it can still act as a malware carrier and cause serious damage to Windows-based systems in the network. jaclaz Link to comment Share on other sites More sharing options...
HarryTri Posted August 17, 2013 Share Posted August 17, 2013 Well, it may be so, perhaps you are right. Yet I would use an antivirus program for Windows to check a Windows partition, just to be sure. Link to comment Share on other sites More sharing options...
jaclaz Posted August 17, 2013 Share Posted August 17, 2013 Well, it may be so, perhaps you are right. Yet I would use an antivirus program for Windows to check a Windows partition, just to be sure. Perhaps? No one ever told that you should use a Linux system to scan a windows partition (though you can ), you stated (twice) that Linux antivirus only look for "linux viruses", you were shown how these statements were inaccurate. jaclaz Link to comment Share on other sites More sharing options...
HarryTri Posted August 17, 2013 Share Posted August 17, 2013 Allright, you are probably right, it's OK. Link to comment Share on other sites More sharing options...
allen2 Posted August 17, 2013 Share Posted August 17, 2013 As linux kernel doesn't support ntfs r/w by default, there are many different ntfs drivers that works quite fine for most of the tasks but i don't find very clever to mess with an ntfs partition from linux especially to find viruses that might sometime hide in alternate datastream.Taken from lastest kernel source Kconfig file:bool "NTFS write support"depends on NTFS_FShelp This enables the partial, but safe, write support in the NTFS driver. The only supported operation is overwriting existing files, without changing the file length. No file or directory creation, deletion or renaming is possible. Note only non-resident files can be written to so you may find that some very small files (<500 bytes or so) cannot be written to. While we cannot guarantee that it will not damage any data, we have so far not received a single report where the driver would have damaged someones data so we assume it is perfectly safe to use. Note: While write support is safe in this version (a rewrite from scratch of the NTFS support), it should be noted that the old NTFS write support, included in Linux 2.5.10 and before (since 1997), is not safe. This is currently useful with TopologiLinux. TopologiLinux is run on top of any DOS/Microsoft Windows system without partitioning your hard disk. Unlike other Linux distributions TopologiLinux does not need its own partition. For more information see <http://topologi-linux.sourceforge.net/> It is perfectly safe to say N here. Link to comment Share on other sites More sharing options...
jaclaz Posted August 18, 2013 Share Posted August 18, 2013 As linux kernel doesn't support ntfs r/w by default, there are many different ntfs drivers that works quite fine for most of the tasks but i don't find very clever to mess with an ntfs partition from linux especially to find viruses that might sometime hide in alternate datastream.Because the Linux NTFS drivers via FUSE that all the world senselessly uses since several years do not see Alternate Data Streams, right? http://www.tuxera.com/community/ntfs-3g-manual/http://www.tuxera.com/community/ntfs-3g-manual/#5http://www.tuxera.com/community/ntfs-3g-faq/ jaclaz Link to comment Share on other sites More sharing options...
allen2 Posted August 18, 2013 Share Posted August 18, 2013 I never said that. Ntfs-3g is the best choice right now to read/write files on a ntfs partition but i still wouldn't use it for AV scanning.As any malware intend to protect themselves from being cleaned, there is alway a chance that it could mess with the file system and/or any other thing (mbr/boot sector/bios/uefi), so i wouldn't push the luck as to try cleaning it from another OS unless i don't have any other choice. That's all i wanted to say. Link to comment Share on other sites More sharing options...
Maxfutur Posted August 19, 2013 Share Posted August 19, 2013 Well, it may be so, perhaps you are right. Yet I would use an antivirus program for Windows to check a Windows partition, just to be sure.While not being specific with antivirus, is better to do scans from linux because there is a chance that viruses get hidden for antivirus for windows. I'm going to talk about kaspersky because i have used sometime ago. When it runs installed in windows environment, you can do a live CD/DVD (from the installed kaspersky) to scan your computer in case that "kaspersky for windows" didn't found anything or windows got scr**ed by some kind of virus. Well, this "live CD" runs only in Linux, if you try, you'll notice when it starts loading linux modules. So, as you stated "an antivirus for Linux would check for linux viruses", is not right and the best option to check for virus in windows, is from Linux because the virus can't hide or protect itself in any running process (sometimes these virus are running its own modules as a service to protect itself from antivirus, can't remember a name to tell but there are many of them acting like that). Link to comment Share on other sites More sharing options...
jaclaz Posted August 19, 2013 Share Posted August 19, 2013 I never said that. Ntfs-3g is the best choice right now to read/write files on a ntfs partition but i still wouldn't use it for AV scanning.As any malware intend to protect themselves from being cleaned, there is alway a chance that it could mess with the file system and/or any other thing (mbr/boot sector/bios/uefi), so i wouldn't push the luck as to try cleaning it from another OS unless i don't have any other choice. That's all i wanted to say.Well, yes and no, IMHO. Meaning yes , it is logical (and practical) to use "native" tools to do "native" work, but no , in some cases it is needed to use an "alien" tool.I will even go further, affirming that when you access a NTFS (or more generally *any* filesystem) with "external" tools you usually have the possibilities to access things/parts that would be otherwise inaccessible. (this is more about filesystem/files recovery than actual antivirus) To "clean" an infected system, the "common" and "logical" (and easier) choice is to run a "full scan" from the antivirus installed on the actual system, but you will have a number of things "running in the background" that may prevent you from completely cleaning/repairing it.The next "common" and "logical" thing would be to scan the disk from a PE of some kind, that already gives an added degree of freedom.Still, the possibility to do a scan from a "completely alien" OS guarantees that *nothing* on th einfected machine can be executed, not even by chance or by mistake.I do agree that it is not the "first" thing to do as the other two mentioned ways will work in - say - 98.34% of case - but still it is something that should not be considered as "last chance", but rather like a concrete possibility. jaclaz Link to comment Share on other sites More sharing options...
allen2 Posted August 19, 2013 Share Posted August 19, 2013 To "clean" an infected system, the "common" and "logical" (and easier) choice is to run a "full scan" from the antivirus installed on the actual system, but you will have a number of things "running in the background" that may prevent you from completely cleaning/repairing it.The next "common" and "logical" thing would be to scan the disk from a PE of some kind, that already gives an added degree of freedom.Still, the possibility to do a scan from a "completely alien" OS guarantees that *nothing* on th einfected machine can be executed, not even by chance or by mistake.I do agree that it is not the "first" thing to do as the other two mentioned ways will work in - say - 98.34% of case - but still it is something that should not be considered as "last chance", but rather like a concrete possibility.jaclazI agree on the order but remember that windows features (like sfc) might be usefull in somecase (of course, most people here don't use it and prefer to even disable it to be able use custom system files).There is an example of a dangerous usage of a linux AV (of course as it is an example, it happens after a human error):- the linux antivirus detect a critical windows boot file as a virus (commonly called false positive) and remove or quarantine it.- your windows won't boot anymore.- In that case a windows antivirus might not have been able to remove it and/or an event should be logged in the eventlog and in the event it would have been removed an sfc /scannow might solve the problem when you get the removal notification.So as usual, if you're knowledgeable enough (and have the time), you don't really need an antivirus (either on linux or on windows). But if you want simple way of protecting your computer, a windows antivirus will be a lot easier to handle.Also, i know very few people that would be able to handle linux and master windows filesystem properly (that isn't a proof or anything in itself). Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now