我在Linux上需要安装反病毒软件吗?


我在Linux上需要安装反病毒软件吗?

如果你在运行Linux的话(例如Ubuntu),已经有非常多的讨论关于要不要在你运行的Linux上安装反病毒软件。我在论坛上看到了许多误解,特别是关于 反病毒软件在Linux上可以做些什么 和 它们是否是必须的。我希望澄清一些关于Linux系统上反病毒软件的困惑。

想到反病毒软件,多说Windows世界的人首先想到的是那种在后台运行的、扫描每一个正在运行的程序的文件以检测出是否哪些文件有病毒的特征。这是一条在桌面电脑上有效地检测和移出病毒的方法;而对于安装了Windows的机器来说,它们受到来自互联网的诸多威胁而不得不采用这种方法。

Linux平台的反病毒软件并不是安这种方式来工作的,它们不是为了保护电脑免受Linux平台病毒的威胁,而是为了解测Windows平台的病毒以防止Linux用户无意间将其传播给其他的Windows用户。

那么,干嘛在Linux下关心Windows平台的病毒?

如果你运行的是Linux,你对Windows病毒有免疫能力,你干嘛还费事地扫描文件去找那些在你的机器上不起作用的所谓的病毒呢?答案是:你确实没必要这么做。但事情还是有一点复杂,下面我来解释一下。

邮件服务器

Linux反病毒软件运行在邮件服务器上。你的邮件客户端就连接在邮件服务器上以收发电子邮件。因为邮件是特洛伊木马的主要传播方式,所以邮件服务器就成了防止木马传播的战斗前线。并且,那么多的邮件服务器都运行Linux,在Linux上运行一个能检测到Windows平台病毒的需求是显而易见的。

文件服务器

(文件服务器的情形也有些类似,想想FTP或者纳米盘一类的服务吧)

现在你明白了Linux反病毒软件是用来做什么的,决定要不要在你的Linux上安装应用反病毒软件应该比较简单了。如果在你的本地网络有window机器,并且你们之间共享了文件,安装一个类似ClamAV的软件来保证其他机器的安全应该是个不错的主意。

让我来说明一下我是怎么在我的机器上运用反病毒软件的。我使用ClamAV,但并不使它老是在后台运行(这会消耗不必要的资源,因为我没有运行一个邮件服务或传输大量的文件)。每当我遇到一个可疑的文件的时候,我从命令行调用ClamAV来检测它。这也是我可以向我的使用Windows的朋友提供的一个很好的服务。

结论

我希望我解释清楚了关于linxu反病毒软家的一些疑惑。对于那个经常被问道的问题“我在linxu上否需要反病毒软件?”对于大多数人的回答是:不需要。

译者愚见:

目前在针对Linux桌面平台的恶意软件相对较少,这是建立在Linux桌面的用户人数相对较少的基础上的。由于Linux的用户相对较少,可用于Linux上的网上银行、游戏、虚拟货币等等,这些东西对恶意入侵者有吸引力,也较少。也就说说,目前的情况是,那些所谓的骇客也知道攻入Linux系统是困难的,即使成功攻陷一台Linux桌面,也是无利可图的。(注意:这里讨论的不是安装了Linux服务器系统)

但如果Linux桌面进一步流行,那么情况也许就会变的不同了,想想苹果的Mac OS 吧。

附:

背景知识:1、我们通常所说的病毒一般是Windows平台的病毒,它们在Linux下是无害的;Linux平台下的病毒也类似;

2、确实存在跨平台的病毒,但种类极少。第一个跨平台的病毒是一个实验性质的软件,没有危害,大约出现在2003年。

还有一个比较好玩的东西,就是用Linux主机检测U盘是否中毒。方法很简单,将一个有中毒风险的U盘(例如你刚刚拿它去了一次打印点)插到Linxu主机上,看看里面时候有autorun.inf文件和若干个以.com结尾的文件,有时候也会产生几个和文件夹名字相同的exe文件。如果上述三个特张有两个的话,那么恭喜你,你的U盘中肯定有毒了。杀毒的方法也很简单,直接将那几个文件删掉。

下为原文:

Do I Need an AntiVirus Program on Linux?

By Jonathan DePrizio

Introduction

There has been a lot of debate recently over whether or not it’s a good idea to run an anti-virus program if you’re using Linux. Reading the forums, I see a lot of misunderstandings, particularly around what exactly it is that these anti-virus programs do and whether or not they’re necessary. I hope to clear up some of the confusion regarding the anti-virus situation on Linux.

What a Linux anti-virus is NOT

When you think of an anti-virus program, especially if you’re coming from a Windows world, you think of a program that runs in the background and scans files as they are accessed (or, perhaps you have your entire system scanned on a regular basis) to see if anything is infected with a virus. This is an effective way of detecting and removing viruses on a desktop computer; and for a Windows machine, it’s all but a necessity given the vast amount of threats circulating on the Internet.

Linux anti-virus programs don’t work this way, because Linux anti-virus programs aren’t meant to protect the desktop machine from Linux viruses. An anti-virus program running on Linux is designed to detect Windows viruses, so that they aren’t spread, unknowingly, by the Linux user.

So why care about Windows viruses on Linux?

If you’re running Linux, you are, in a practicality, immune from a Windows virus. So why would you want to bother scanning your files - files that won’t work on your computer, anyway (except, for example, through Wine) - for viruses that have no effect on you? Well, the simple answer is, you wouldn’t. But it is more complex than that. I’ll explain.

Mail servers

The vast majority of Linux anti-virus programs run on mail servers. These are the computers that your mail client connects to when you want to send or receive an email. Since email is one of the main way viruses and trojan horses spread, these servers are the “front-line” in the battle to stop computer viruses. And, since so many of these servers run Linux, it’s clear to see the need for a Linux program to detect Windows viruses. If you’re running a mail server, whether it be for your home or office, you should definitely be using an anti-virus program to intercept any naughty files that might be trying to move in or out of your network via email.

File servers

Another place where you’d want to run an anti-virus program is on a file server shared my multiple users, even if you trust all of these users. File servers are basically repositories for data; some of that data might come to exist on your server through legitimate sources, but there’s no way for you to know where each and every file originated. Running an anti-virus ensures that if someone uploads an infected file, say, downloaded from a Peer-to-Peer network, your file server will detect the threat and stop any other users from becoming infected.

So what about Linux on the desktop?

Now that you understand what exactly these anti-virus programs for Linux do, it’s up to you to decide whether or not you want to implement them if you’re just running a standard Linux desktop machine. If you have Windows computers on your network, and you’re sharing files, it’s probably a good idea to run something like ClamAV, to keep those other machines safe.

Let me explain how I use my Linux Anti-Virus program on my desktop. I use ClamAV, but I don’t keep it running in the background (this uses up resources, and since I’m not running a mail server or transferring lots of files, it really isn’t necessary). I only use it from the command line when there is a specific file of questionable legitimacy I want to test; this is a great service I can provide to Windows-using friends. Since I’m immune to these viruses, I can check out files before they download them.

Conclusion

I hope I’ve cleared up some of the confusing around Linux anti-virus programs, and that I’ve answered the oft-repeated question, “Do I need to run an Anti-Virus on Linux?” In reality, the type of setup you have, and the quantity of your paranoia dictate the answer to this question; but for most people, it simply isn’t necessary to run an anti-virus in Linux.

 

本文章为译文,原作见于http://www.techthrob.com/2009/03/02/do-i-need-an-antivirus-program-on-Linux/
Do I Need an AntiVirus Program on Linux?
By Jonathan DePrizio

欢迎转载,但请注明作者及出处 无名氏之民http://blog.sina.com.cn/gnippasc

相关内容