Re: Begs a question: AV in Linux

Out of curiosity, what was the situation around a hacker actively arp 
spoofing on your net targetting your boxes? It takes a certain level of 
sophistication to set up a DNS server, the necassary port forwards from 
the "router", and the trojan file server for the package. I have always 
espoused that security should be balanced with the potential motivation 
for a skilled hacker to target you, why did a hacker target you? Note that 
I am not saying using the dsniff package or even manually sending the 
arp replies takes skill but it does (AFAIK) take a human.

On Wed, 18 Jan 2006, Sergiy Michka wrote:

> Alexander Klimov schrieb:
> >  On Tue, 17 Jan 2006, Benson, Sean M wrote:
> >
> > > Should you run an anti-virus on linux for non-work issues?
> > > (Just home Workstations, Laptops, etc.. not mail servers.)
> >
> >
> >  Just answer the following question: have you ever seen a virus which
> >  has infected your linux box? If the answer is no (and I guess this is
> >  the case) then it is pointless to install an anti-virus for internal
> >  use.
>
> I didnt had any virus on my linux boxes but I got a rootkit vie arp spoofing 
> from internal network on 2 debian boxes (ignored the warning from apt-get, 
> that the checksum from one package was wrong.. after that I got SIGSEGV with 
> aptitude and got kernel based rootkit installed).
>
> Maybe it wouldnt happen to me, if I would have a good and working Antivir on 
> the boxes or would have more brain to stop installation from such one 
> package..