Is antivirus really necessary?

czerdrill

Silver Member
Joined
Jan 2, 2010
Messages
4,825
Reaction score
12
My 2 cents:

I'm currently researching AV/malware protection for my Droid and plan to deploy as soon as I find a product that meets my needs and comes from a source that can be verified as being legitimate.

Konstructa mentioned that "some of the first root kits were Unix based". Actually, the very first root kits were Unix based.
Speaking of root, how did we get root access on our device? Someone found a vulnerability that we have exploited to run code of our choice. Guess what - malware writers do the same thing.

Many have stated that Android doesn't need AV because it is Linux based. I've even heard a number of colleagues state the same thing when approached by management asking about AV on Unix servers.
But a common flaw in that thinking is this: most malware anymore doesn't even target the OS. Rather, it targets the applications such as the web browser, email client, Java, Acrobat, Quicktime, etc. Anyone out there avoiding those apps?
Anyone stating we won't ever need protection is just burrying their head in the sand.

My bottom line:
Just because there are no known viruses or malware targeting our beloved platform at the moment is no reason not to research and support tools to protect our platform and the data stored therein.

I don't think (or at least I hope) that anyone's contention is that Linux can't get viruses or can't be compromised somehow. Any computer, any OS, anything in the world that connects to the Internet can be compromised. However, the odds of your Linux system being compromised are almost slim to none and to be honest, you'd almost have to allow it to get infected. You left off some important things:

Sure, malware targets applications such as browser, acrobat etc, but most (not all) binaries which are downloaded to a linux system wont be executable by default. In other words, if you link to some binary on the net, or if some rogue application downloads a binary, it's not going to result in an automatic execution on your system (unlike Windows), hence the "This application uses" screen before you install an app, and the "Trust 3rd party" checkbox.

Second, even if you do run a package from an attachment and even if you do put in your sudo password (or in this case run as root), you're still going to be told that this is from an untrusted/unsigned source and you have to make the decision to proceed. Again, you'd have to essentially try to infect your system if you download some rogue app from a third party that you know nothing about.

Third, most linux targeted viruses can't self-replicate so again it's essentially you attempting to infect your system.

If you download a binary from www.removedlink.com called "GetPeoplesCreditCardInformation.apk", run it at root, trust it, and install it and your system gets infected, that's a user flaw and not a Linux flaw.

I have no intention to install any antivirus on my Linux systems, or my phone as it is unnecessary. Can Linux/Android be compromised? Absolutely. Is it likely that you're going to get compromised by downloading an app from a malicious coder? Yes, if you agree to all the security warnings that are presented to you before you install. There are far too many checks done before something actually executes, and I would honestly blame the user if he/she managed to somehow mess up their system.

If I'm completely wrong about this, someone please correct me, but I'm pretty sure I'm not haha...
 

bearman

New Member
Joined
Jun 7, 2010
Messages
2
Reaction score
0
I don't think (or at least I hope) that anyone's contention is that Linux can't get viruses or can't be compromised somehow. Any computer, any OS, anything in the world that connects to the Internet can be compromised. However, the odds of your Linux system being compromised are almost slim to none and to be honest, you'd almost have to allow it to get infected. You left off some important things:

Sure, malware targets applications such as browser, acrobat etc, but most (not all) binaries which are downloaded to a linux system wont be executable by default. In other words, if you link to some binary on the net, or if some rogue application downloads a binary, it's not going to result in an automatic execution on your system (unlike Windows), hence the "This application uses" screen before you install an app, and the "Trust 3rd party" checkbox.
...
If I'm completely wrong about this, someone please correct me, but I'm pretty sure I'm not haha...

Malware that targets the apps doesn't have to be a system executable binary. For example, quicktime and PDF files are not system executable but can still have nasty surprises.

Also, you don't necessarily have to allow an app to have root access in order for the app to receive root access. We have heard of vulnerabilities in various authentication and crypto modules (isc.sans.org mentions an Ubuntu PAM vulnerability just this morning). Applications can exploit these vulnerabilities to gain root access just as we did. Such an app can easily come from visiting a web page with malicious javascript or java or flash.
You may say don't visit malicious sites. Better stay away from most of the Internet then, as any site that takes input such as comments can be infected with XSS.

I agree that a 'Nix based OS is more resilient and currently not heavily targeted, but I still believe that we would be foolish to not investigate and prepare some defenses now.
 

Backnblack

Premium Member
Premium Member
Joined
Nov 18, 2009
Messages
11,104
Reaction score
28
Current Phone Model
iPhone 7+ 256gb
I agree that a 'Nix based OS is more resilient and currently not heavily targeted, but I still believe that we would be foolish to not investigate and prepare some defenses now.

At this time the only thing an AV app would do is use battery and resources.
Totally not needed.
 

Waveraider

Member
Joined
May 3, 2010
Messages
32
Reaction score
0
Location
Indy
OK, i'm new to this and have a stupid question. I'm using an exchange server to get work email on my Droid Inc. Can I send a virus to my computer from my droid through Outlook?
 

czerdrill

Silver Member
Joined
Jan 2, 2010
Messages
4,825
Reaction score
12
I don't think (or at least I hope) that anyone's contention is that Linux can't get viruses or can't be compromised somehow. Any computer, any OS, anything in the world that connects to the Internet can be compromised. However, the odds of your Linux system being compromised are almost slim to none and to be honest, you'd almost have to allow it to get infected. You left off some important things:

Sure, malware targets applications such as browser, acrobat etc, but most (not all) binaries which are downloaded to a linux system wont be executable by default. In other words, if you link to some binary on the net, or if some rogue application downloads a binary, it's not going to result in an automatic execution on your system (unlike Windows), hence the "This application uses" screen before you install an app, and the "Trust 3rd party" checkbox.
...
If I'm completely wrong about this, someone please correct me, but I'm pretty sure I'm not haha...

Malware that targets the apps doesn't have to be a system executable binary. For example, quicktime and PDF files are not system executable but can still have nasty surprises.

Also, you don't necessarily have to allow an app to have root access in order for the app to receive root access. We have heard of vulnerabilities in various authentication and crypto modules (isc.sans.org mentions an Ubuntu PAM vulnerability just this morning). Applications can exploit these vulnerabilities to gain root access just as we did. Such an app can easily come from visiting a web page with malicious javascript or java or flash.
You may say don't visit malicious sites. Better stay away from most of the Internet then, as any site that takes input such as comments can be infected with XSS.

I agree that a 'Nix based OS is more resilient and currently not heavily targeted, but I still believe that we would be foolish to not investigate and prepare some defenses now.

haha, well yeah if you want to preach gloom and doom then yes by all means stay away from the Internet. The reality is, your phone is not going to get a virus, and antivirus apps on android are about the most useless apps on the market.

of course, it is your phone so you can install whatever app on it that makes you happy :)
 

czerdrill

Silver Member
Joined
Jan 2, 2010
Messages
4,825
Reaction score
12
OK, i'm new to this and have a stupid question. I'm using an exchange server to get work email on my Droid Inc. Can I send a virus to my computer from my droid through Outlook?

Yes. If you send an infected file from your Droid to an email address and open it on a Windows computer, the windows computer can be affected. Because the virus/infection would have been written for a windows machine. Your droid won't be affected because it can't run that code, but the windows machine will.

To clarify...this is a file that contains a Windows infection. There are no Droid viruses out in the wild.
 

Waveraider

Member
Joined
May 3, 2010
Messages
32
Reaction score
0
Location
Indy
Czerdrill, Can the droid send a virus to Outlook from surfing the internet?
 

czerdrill

Silver Member
Joined
Jan 2, 2010
Messages
4,825
Reaction score
12
Czerdrill, Can the droid send a virus to Outlook from surfing the internet?

That I dont' know. You mean like automatically send a file while you're surfing? I doubt it. But if you're on some site that you can send files to an email address I guess it would work. Although why wouln't you just use your email client to do that haha...
 

AVanover5

New Member
Joined
Dec 26, 2010
Messages
18
Reaction score
0
Location
Yuba City, CA
Linux isn't hack-free for everyone that thinks that. I can create a virus on the computer that copies a worm tailored to the modified Android Linux OS which spreads to other phones through bluetooth if I wanted to. It's not that hard. So I use anti-virus...

Source: use to be a black hat hacker.
 
Top