[clug] Anti-Virus Software

Sam Couter sam at couter.id.au
Tue Jun 22 04:49:42 MDT 2010


Alex Satrapa <grail at goldweb.com.au> wrote:
> I remember at one point in the past I tries running a FireHOL firewall - anything not explicitly allowed is denied. It was an amazing learning experience, I can tell you :) To make such a firewall work you really need to be aware of every protocol in use by every machine on you network. Have a friend come to visit? Have fun configuring all the appropriate rules for their system, too!

You're doing it wrong.

I use FireHOL, I leave most outgoing rules wide open. I block port 80 so
I can run it through a proxy for filtering purposes (I hate ads and it
won't be long before my kids are old enough to need some controls) and
port 25 for obvious reasons.

Incoming traffic I have heavily restricted, also for obvious reasons.

I don't need to mess with the rules very often. If you want to block
outgoing traffic, you're making a much harder job of it for yourself.

> And then you get through setting up the firewall, only to find that some machine has been infected by a virus taking advantage of a zero day exploit in your web browser's JPEG decompression.

Yeah, unfortunately a firewall isn't going to help there. AV software
and signed software components are also useless. A fancy compiler with
buffer overflow protection helps, along with selinux or some other scheme
that reduces the privileges your browser runs with. Windows has the
fancy compiler, it has nothing like selinux.
-- 
Sam Couter         |  mailto:sam at couter.id.au
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/linux/attachments/20100622/157616df/attachment.pgp>


More information about the linux mailing list