anti-virus with dual boot

Asked by Jean

Hello,
I understand that Linux does not need an antivirus (Clam at the most) because most (about 120 000) viruses are windows viruses and only 40 are Linux viruses.
However, I have 2 internal hard drives, one running vista and the other Ubuntu.
When the computer boots, I press F12 (boot menu) and select the hard drive according to which operating system I want to work in.
Question: when I work in Ubuntu, my Win Vista hard drive is automatically mounted.
If I do not use an anti-virus when I run Linux, is there any risk that a Windows virus would enter my system while running Linux, not affect Linux but pass onto my Windows internal hard drive?
If the answer is yes, I assume that I should therefore install AVG for Linux?
Thanks very much in advance, jean

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Bhavani Shankar
Solved:
Last query:
Last reply:
Revision history for this message
Sharar Ravitz (jewfro-macabbi) said :
#1

I'm not familiar with any virus that clever. The main purpose of AV for Linux is to scan any email and attachments you download - so you don't forward or transfer any virus.

Revision history for this message
Best Bhavani Shankar (bhavi) said :
#2

Linux as it is is safe because of the following reasons:

Since its open source thousands and millions of experts around the world look at the code and run the code and test it out for vulnerabilities and fix those vulnerabilities and release new updated packages.. So Its always recommended that to keep your system updated to the latest to keep your system secure....

Next up is viruses and malicious codes:

Let us take the case of a virus first...

Viruses arent easy to program in linux because of Ubuntu/Linux has very CLEAR definitions of groups and users, file ownerships and permissions.. So In ubuntu/linux if at all a virus is there it can affect only the user who ran the program.. And because of the file ownerships and permissions the USER will have a control over the system unlike in windows where the OS has control over the machine.. This makes Virus development in linux difficult to say the least..

Ref this article for more info:

http://www.securityfocus.com/columnists/188

Next up through Email:

Most viruses and malware in Windows computers come in email or as voluntary or involuntary downloads from web sites.

I don't think anyone would be likely to be transferring email files between Linux and Windows because you can't read Linux email files in Windows, or Windows email files in Linux.
If someone used Ubuntu to take a backup from Windows and store it, that might re-infect the Windows operating system if the email was restored again from a backup but that could happen from any backup no matter where it was stored.

If you downloaded an infected file such as an .exe file for a game from a website in Linux and copied it into your Windows file system and clicked on it to install the game it would probably infect Windows alright.
On the other hand, if you downloaded an .exe file for Windows using Linux you would be a lot safer if you're smart. You could download the .exe file and scan it with AVG in Linux or any other virus scanner you can install in Ubuntu. You could also copy it into a shared data partition first instead of directly into Windows. Then you could boot Windows and scan the shared data partition with your antivirus in Windows before you copy the file into Windows and install it.
Therefore, I would say that by using Linux you would be increasing the safety and security of your Windows installation.

Next we shall take up malicious code:

To prevent running malicious code you can use an IDS (Intrusion Detection System)

snort is widely used as an IDS.. (IDS basically is just a trap sort of thing)

Snort on ubuntu here:

http://www.howtoforge.com/intrusion_detection_base_snort

You can also use prelude to achieve the same purpose:

http://www.prelude-ids.org/

Prelude is now an industry standard in IDS...

Next up there are various tools like nmap ettercap nessus netstat netcat cheops and so on to test the vulnerability of your system (Nessus is the best vulnerability scanner I found with all the deadly plugins)

One thing that is to be taken care of is avoiding physical access to unauthorised persons

Because in security Physical access = Root access we can do almost anything like

Use a live CD and getting admin access

In the case of ubuntu boot up in recovery mode and gain root access..

Booting from a removable disk will skip the hard disk's bootloader completely.

and social engineering like email bombing impersonating so on is the human element of security and it can be overcome by sufficient awareness

So at the last to summarise:

Linux is secure without physical access to unauthorised persons

To get started with linux security.. I suggest you to go through Hacking Linux exposed by McGraw hill publications..

Hope it clears your doubts...

Regards

Bhavani Shankar.

Revision history for this message
Jean (jlette) said :
#3

Thank you very much Bhavani for your most inteligent and detailed reply. I
will get the Hacker book you suggest. jean

On Tue, Jul 29, 2008 at 1:02 AM, Bhavani Shankar <
<email address hidden>> wrote:

> Your question #40551 on Ubuntu changed:
> https://answers.edge.launchpad.net/ubuntu/+question/40551
>
> Bhavani Shankar proposed the following answer:
> Linux as it is is safe because of the following reasons:
>
> Since its open source thousands and millions of experts around the world
> look at the code and run the code and test it out for vulnerabilities
> and fix those vulnerabilities and release new updated packages.. So Its
> always recommended that to keep your system updated to the latest to
> keep your system secure....
>
> Next up is viruses and malicious codes:
>
> Let us take the case of a virus first...
>
> Viruses arent easy to program in linux because of Ubuntu/Linux has very
> CLEAR definitions of groups and users, file ownerships and permissions..
> So In ubuntu/linux if at all a virus is there it can affect only the
> user who ran the program.. And because of the file ownerships and
> permissions the USER will have a control over the system unlike in
> windows where the OS has control over the machine.. This makes Virus
> development in linux difficult to say the least..
>
> Ref this article for more info:
>
> http://www.securityfocus.com/columnists/188
>
> Next up through Email:
>
> Most viruses and malware in Windows computers come in email or as
> voluntary or involuntary downloads from web sites.
>
> I don't think anyone would be likely to be transferring email files between
> Linux and Windows because you can't read Linux email files in Windows, or
> Windows email files in Linux.
> If someone used Ubuntu to take a backup from Windows and store it, that
> might re-infect the Windows operating system if the email was restored again
> from a backup but that could happen from any backup no matter where it was
> stored.
>
> If you downloaded an infected file such as an .exe file for a game from a
> website in Linux and copied it into your Windows file system and clicked on
> it to install the game it would probably infect Windows alright.
> On the other hand, if you downloaded an .exe file for Windows using Linux
> you would be a lot safer if you're smart. You could download the .exe file
> and scan it with AVG in Linux or any other virus scanner you can install in
> Ubuntu. You could also copy it into a shared data partition first instead of
> directly into Windows. Then you could boot Windows and scan the shared data
> partition with your antivirus in Windows before you copy the file into
> Windows and install it.
> Therefore, I would say that by using Linux you would be increasing the
> safety and security of your Windows installation.
>
> Next we shall take up malicious code:
>
> To prevent running malicious code you can use an IDS (Intrusion
> Detection System)
>
> snort is widely used as an IDS.. (IDS basically is just a trap sort of
> thing)
>
> Snort on ubuntu here:
>
> http://www.howtoforge.com/intrusion_detection_base_snort
>
> You can also use prelude to achieve the same purpose:
>
> http://www.prelude-ids.org/
>
> Prelude is now an industry standard in IDS...
>
> Next up there are various tools like nmap ettercap nessus netstat netcat
> cheops and so on to test the vulnerability of your system (Nessus is the
> best vulnerability scanner I found with all the deadly plugins)
>
> One thing that is to be taken care of is avoiding physical access to
> unauthorised persons
>
> Because in security Physical access = Root access we can do almost
> anything like
>
> Use a live CD and getting admin access
>
> In the case of ubuntu boot up in recovery mode and gain root access..
>
> Booting from a removable disk will skip the hard disk's bootloader
> completely.
>
> and social engineering like email bombing impersonating so on is the
> human element of security and it can be overcome by sufficient awareness
>
> So at the last to summarise:
>
> Linux is secure without physical access to unauthorised persons
>
> To get started with linux security.. I suggest you to go through Hacking
> Linux exposed by McGraw hill publications..
>
> Hope it clears your doubts...
>
> Regards
>
> Bhavani Shankar.
>
> --
> If this answers your question, please go to the following page to let us
> know that it is solved:
>
> https://answers.edge.launchpad.net/ubuntu/+question/40551/+confirm?answer_id=1
>
> If you still need help, you can reply to this email or go to the
> following page to enter your feedback:
> https://answers.edge.launchpad.net/ubuntu/+question/40551
>
> You received this question notification because you are a direct
> subscriber of the question.
>
>

--
Jean Lette
<email address hidden>

Revision history for this message
Jean (jlette) said :
#4

thanks Yeshara, jean

On Mon, Jul 28, 2008 at 9:44 PM, Yeshara Ravitz <
<email address hidden>> wrote:

> Your question #40551 on Ubuntu changed:
> https://answers.edge.launchpad.net/ubuntu/+question/40551
>
> Status: Open => Answered
>
> Yeshara Ravitz proposed the following answer:
> I'm not familiar with any virus that clever. The main purpose of AV for
> Linux is to scan any email and attachments you download - so you don't
> forward or transfer any virus.
>
> --
> If this answers your question, please go to the following page to let us
> know that it is solved:
>
> https://answers.edge.launchpad.net/ubuntu/+question/40551/+confirm?answer_id=0
>
> If you still need help, you can reply to this email or go to the
> following page to enter your feedback:
> https://answers.edge.launchpad.net/ubuntu/+question/40551
>
> You received this question notification because you are a direct
> subscriber of the question.
>
>

--
Jean Lette
<email address hidden>

Revision history for this message
Jean (jlette) said :
#5

excellent and detailed reponse. congratulations to Bhavani for his clarity of thought.