digg

Facebook Connect Join Digg About

Is Antivirus Ready for Open Source?

itjungle.com ClamAV claims that the open source process enables it to respond to new malware threats quicker than the commercial antivirus vendors. In fact, on any given day, the group will publish a dozen or so new definitions protecting its users against the latest viruses, worms, and Trojans.

Who dugg this? Made popular Sep 19, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

67 Comments

show profanity settings
expand all
  • Langford, on 10/12/2007, -0/+14ClamWin ain't perfect, but something nice that results from it, is ClamWin-Portable. It is pretty handy to be able to carry a virus scanner around on a usb drive.
    http://portableapps.com/apps/utilities/clamwin_portable
  • hurtz, on 10/12/2007, -0/+14That article is way too wordy, let me summarize for the uninformed:

    Yes.
  • nOOBert, on 10/12/2007, -0/+14I run clamav on my windows box, yes there is a windows version winav or clamwin... something like that.. Never had a virus, works great, and has a small foot print then norton or pretty much anything else.

    Yes I feel safe. I know that if a hole is found it will probably get patched faster then a retail product.
  • Rosco, on 10/12/2007, -1/+14I'd love to see how this stacks up compared to other Free AV programs such as AVG and Avast instead of a comparison to Norton or McAfee. Open source programs are almost always better at being updated for certain, just look at how frequent Mozilla products are updated.
  • apotropaic, on 10/12/2007, -0/+12I'd use some of the commercial ones if they didn't eat up 20% of my cpu and 250mb of memory at all times! What a waste of my resources... I'd rather have the virus!
  • DoubtingThomas, on 10/12/2007, -0/+11@GMorgan:

    This is completely false. While many viruses require user ignorance to infect a PC, others bypass the user entirely by exploiting security flaws in the OS itself. Just being on a network can endanger your PC. Look at the number of viruses that have exploited holes in the RPC service on Windows machines. Remember Blaster?
  • DickBreath, on 10/12/2007, -0/+9Remember the Sony Rootkit fiasco? (summary: insert audio CD from sony into computer, rootkit gets installed into computer, you can never copy/rip audio CD's on the computer. Can't uninstall rootkit. Can't detect that rootkit is present.)

    Sony had announced that they had "worked with" the commercial antivirus vendors in developing their rootkit.

    I wonder of commercial malware developers (i.e. Sony, or other RIAA/MPAA) would try to "work with" open source antivirus software projects?

    I suspect that open source antivirus would not have any motive to participate in hiding Sony's rootkit from you.
  • Aiwanei, on 10/12/2007, -0/+9See the only problem I've ever had with people saying I use X and don't have any viruses, is that unless you scan with something else, you will never know if you don't have any viruses (and yes it is viruses not virii.)

    Not saying it hasn't worked for you, but most viruses can be avoided by smart computing anyways.
  • nofxjunkee, on 10/12/2007, -0/+8meh, mcafee and norton aren't going to give you any guarantee either.
  • drag, on 10/12/2007, -4/+12"it isnt as good with compressed virii as say nod or kaspersky"

    Viruses. Virus is a ENGLISH word, not latin.

    The latin word for Virus rougly means 'poison', there is no plural version of that word. The word Virii is non-existant in Latin. Howerver there is a word Viri, which means 'men' which is the plural of Vir which means 'man'. Virii would be the equivelent of saying 'mens' or the plural of men, which is just stupid. Virii is a made up word devised by people to make themselves look smart without actually being smart (for example: people who write and sell commercial antivirus software). Don't fall for it.
  • GMorgan, on 10/12/2007, -0/+6Same thing with anti-malware. The corperate Adaware misses a lot of corperate spyware yet the Spybot S&D freeware app doesn't (though you have to fiddle definitions slightly to enable all spyware to be found).
  • inactive, on 10/12/2007, -0/+6I keep it on my flash drive, as well. VERY handy for fixing an infected computer that can't access the net to download any sort of AV.
  • masamunecyrus, on 10/12/2007, -1/+7The moment people stop using Anti-Viruses, and I mean for any OS that is popular enough to warrant the investigation of the development of viruses, is the moment that virus making becomes big, again.
  • tazamore, on 10/12/2007, -0/+5Thanks for the tip: http://www.clamwin.com/
  • dukeinlondon, on 10/12/2007, -1/+6That article pointedly speaks of corporate computing (server et al) where OSX is inexistant.
  • iAlex, on 10/12/2007, -0/+4Definitely for Windows, Yeah!
  • GMorgan, on 10/12/2007, -1/+5Stats very depending on who pays you the most money.
  • nOOBert, on 10/12/2007, -0/+4Thats just it. It can be patched faster because it is open source because when people outside of the project see somthing fishy they can also look at the code and tell the clamav project how/why/where/what to fixing the issue.

    (IMHO) - Also you have to play with the stats. Most virus come out for windows becuase?? Mainly because of market share. If you want to write somthing that could have a big impact and get your name out there, you afect as many users as possible. So if you write an work around for clamav you will efect a very limited number of users, where as if you make a work around for norton you efect a high number of users.
  • Eccohawk, on 10/12/2007, -1/+5security through obscurity only works so long. if ever this became a mainstream product like the nortons or mcafees, then the cracking crowd would come out of the woodwork to write code to bypass it's protection algorithms. And that's not to say that the open source wizs that are working on this wouldn't get it back up to protecting again soon, it's just that much easier for someone to write a program or rootkit to subvert an open source project because they know everything that's going on. It would end up being a painful case of Bugs Bunny vs Yosemite Sam...each one starts pulling out a bigger and better weapon to combat the other until they've got giant cannons faced at one another, with us as consumers stuck in the middle. And let's face it, in real life, the bunny doesn't always win...and neither would we.
  • GMorgan, on 10/12/2007, -3/+7AV can't be bypassed as such (they can but its not really relevant to protection). It's just a matter of what you download. Despite public belief Viruses don't just magically appear. You'd have to install some crap to get one, its not like robbery viruses require your consent to work. In all likelyhood ClamAV users don't actually need an antivirus since they are just less stupid that joe public in general.

    This is why Linux is far better on the exploit count. We tend to use repositories which become known safe houses. With just about everything in the repos we are safe from worrying about viruses. Yes the system is tougher as well but its personal habits that make the real difference. By always utilising vetted safe sources rather than having our free stuff scattered across the web its possible to avoid the worry altogether.
  • IceDog, on 10/12/2007, -1/+5I wonder about this too, but some say you don't need AV at all anymore. Who knows.. I think it's only as good as the locks on our houses.. even the best can be easily bypassed. So, it just keeps the honest people honest.. that's it.
  • totorototoro, on 10/12/2007, -1/+5Seems like anti-virus definitions would be a logical open-source project, similar to bug and security fixes. Hope they can pull it off. (the fact its available for OS X just makes it that much better)
  • garoo, on 10/12/2007, -0/+3Last time I looked at Clam for Win it didn't have realtime scanning. Have they fixed this up?

    The DATs are lightening fast on the server side anyway
  • Leadhyena, on 10/12/2007, -1/+4I've used clamav on every mail server that I've ever configured, and ClamWin on every Windows system that I've cleaned. One of the hallmarks of this system is its automatic update; in fact both systems can be configured to email you if it DOESN'T update correctly. There's probably something wrong with your configuration Kale, because I've never once had issues with the auto-update.
  • msgyrd, on 10/12/2007, -1/+4http://www.netapplications.com is supposed to be even more reputable for statistics? It's a marketing and advertising company for, and I quote, "the Small to Medium Enterprise (SME)." I also can't find any statistics on their site that were claimed by the OP. It's a company selling something, most pages are advertising their products or are filled with self-praise.

    I'm still skeptical of the statistics, and the blog link you posted is completely irrelevant. That's about brower usage and has nothing to do with what OS is the second most used.
  • Goner, on 10/12/2007, -0/+3I have used Clamwin on my server (win2k) for a year now.. True, it doesn;t have realtime scanning, but it does have nightly scanning, e-mail notification, update checking/downloading, etc. Combined with winpooch (http://sourceforge.net/projects/winpooch/) it's basically a realtime scanner. It's kept my server nice and clean.

    The only incidents have been a couple of false positives where it quarantined a large SQL database file and my remote access software... Adding exceptions for those things corrected the problem...
  • inactive, on 10/12/2007, -0/+3In ClamAV's case I know they're quite good because I've been using them on several hosting servers for over a year now.

    I have it scan individual files that are uploaded as well as scheduled scans and am yet to get a virus. One of the servers it helps protect gets several thousand uploads a day.
  • nOOBert, on 10/12/2007, -1/+3Mine works fine. So does my parents. :) Nothings perfect.
  • inactive, on 10/12/2007, -2/+4Well ... I for one would be ***** annoyed. lol.
  • msgyrd, on 10/12/2007, -1/+3heh, that made me laugh.
  • GMorgan, on 10/12/2007, -1/+3True maybe but you should have a firewall anyway. A firewall is much more important than a virus scanner and RPC are massively overused.
  • msgyrd, on 10/12/2007, -2/+4http://www.netapplication.com is a temporary search portal ***** site. Your 'stats' from that are obviously made up.

    Anywho, you can't measure desktop linux usage by marketshare, as most desktop installs were never sold on the market, they were downloaded for free. Any statistics claimed about linux desktop marketshare should be regarded with a high amount of doubt, as the site that gathers the data may be biased or misrepresentative of the overall internet population.
  • inactive, on 10/12/2007, -2/+3geez i hope you didnt digg me down for incorrect use of the plural for virus.
    but thanks for the wiki quote.. i didnt check wiki for the proper use of virii... oppps i mean viruses..
    Point is AV-Test.org gave it 85% on detection of viruses.. i personally have scanned viruues with it that it did not detect(most missed it, even avg and norton)
    it also gets a 35% for malware.
    SUre you can correct my spelling and grammer, but that isnt the point of my comment. avasts and avg beat out clamav in detection rate

    And i am talking clamav win.. i use clamav on my mailserver.
  • u8myfoood, on 10/12/2007, -0/+1open source can be both good and bad for antivirii'
    good:
    more avaible info on virii, cheaper/free FULL VERSIONS of antivirus
    bad:
    reverse engineering, malicious coding in antivirus programs.
  • jtjdt, on 10/12/2007, -2/+3They are coming at viruses all wrong, they need to develop better heuristic detection instead of releasing a def everytime something new comes out. This is why NOD32 can detect over 92% of in the wild viruses based on Heuristics alone.

    Here, read this report

    "Report Validates Even Hourly Signatures No Match for Heuristics"

    http://www.eset.com/company/article.php?contentID=1667

    And here is a graph so you can compare Anti-Virus comapanies detection rates

    http://www.av-comparatives.org/seiten/ergebnisse_2006_08.php
  • jtjdt, on 10/12/2007, -2/+3And this graph compares Pro-Active detection rates

    http://www.av-comparatives.org/seiten/ergebnisse_2006_08.php
  • inactive, on 10/12/2007, -0/+1"Viral problems are for the peasants and technology slaves."
    http://www.cleancomputerhelp.com
  • V1ncent, on 10/12/2007, -1/+2I use Avast myself but I think there are many products out there freeware / open source wise that do provide great protection compared to commercial programs.

    As to some who asks on a Windows box who needs A/V - well, at a previous job we set up a bunch of laptops as a test and surfed the web willy nilly - in under 3 minutes 2 of the laptops had to be rebooted due to a virus infection. Under 3 minutes.

    Gotta love Ghost :)
  • stevetures, on 10/12/2007, -1/+2For a while there, ClamAV was the easiest AV to set up on BART-PE windows live cds (useful for tech support, data recovery, etc; I'm using it right now on a non-bootable laptop right now to backup the data and run chkdsk /r on the drive in question)

    However, the full disk scanner seems very slow. It took 1-3 hours on some machines depending on the number of files. I have since tried the command-line version for McAfee and Sophos and found it much faster (but a little more difficult to set up on the BART-PE windows live cds).

    The regular windows installation seems to work alright, though the realtime scanner can make the machine a little slow. I like the idea of open-source antivirus. It leaves the door open to community-driven updates which can be much faster, kinda like Snort. Hopefully they have a good method of checking for false-positives before the updates go out.
  • inactive, on 10/12/2007, -2/+3@n00bert
    Which is the problem here. If ClamAV wants to stay on the top, that means that they have to stay on the bottom at the same time, and it just doesn't work that way.
  • Plastic3D, on 10/12/2007, -0/+1Maybe a silly question, but is there anything wrong with copying definitions from McAffee's list of definitions to the open source versions?

    They are afterall, *definitions*... the dictionary has definitions, but they are free for all to use.

  • inactive, on 10/12/2007, -0/+1on windows: Clamwin + Winpooch is an awesome combination for spyware and anti-virus (both open source, and winpooch turns clamwin into a resident scanner).

    on linux: clamwin, either the Clamtk or KlamAV front ends.
  • xenuxenuts, on 10/12/2007, -0/+1I use clamAV and a commercial scanner on our work email server. Both seem to work about as well as the other (though clamav catches the phishing mail). Both miss some viruses when they're brand new (they are all blocked anyway since I dont allow executables).

    The windows version of ClamAV is just a scanner, it doesn't run in the background, so, I'd say it's is fine for educated users, but not for everyone. Personally, for home, that's what I prefer.
  • inactive, on 10/12/2007, -0/+1If you are a The Bat! user, I have made a free AV plugin to use ClamWin as a scanner for the mail sent & received.

    http://mark0.net/plugins-tb-tbclamwin-e.html

    Hope someone will find it of some use.

    Bye!
  • drag, on 10/12/2007, -0/+1Being open source is no disavantage. For closed source apps virus writers just install the antivirus on their own machine and modify the virus until it can't be found anymore. Its a pretty simple but effective brute force technic that works effectively on all forms of antivirus.

    It would be easier to do that to clamav then to look at the source code and it works irregardless weither or not the source code is hidden.
  • V1ncent, on 10/12/2007, -0/+1The ISP servers should have a/v forget the end user
  • mywindow, on 10/12/2007, -0/+1Viral problems are for the peasants and technology slaves.

    I use clam and avg on a squid proxy server for mail only.

    Protect yourself and office users by upgrading your security policies with current technology. Here is some tips for small and medium office users.

    Have a secure and organized enforced password policy.

    Insure you have a external firewall that blocks TCP/IP (Internet) traffic.

    Force all Internet usage threw proxy filter server over non standard ports.

    Kill all VNC road warrior access. This has to be one of the most abused networking technologies. Replace with SSLexplorer or SSH tunneling with private keys.

    Only provide windowz access threw virtual machine or PE boot CD

    Encourage use of Customized Windowz or Linux LiveCDs or Virtual Machines for Internet access.

    Properly set up user and group rights. Always encrypt your data. Your emails too for that matter. CA keys are cheap and easy to access these days.

    Kill all wireless access unless absolutely needed. One rouge wifi enabled laptop acting as a router can bypass almost any security system. Do wifi sweeps and shut them down. If you must have wifi understand that WPA and WPA2 are insecure. You need to use a local name server like ldap, Radius, pppoX and connect to the network properly according to current need use.

    Typical Windowz networks are meant to easily connect with every other Windowz at any cost including security. Good security by nature is not transparent and should never be expected to. You must always be concerned with every piece of software no matter how common or benign.

    I spent over three months planning and working on the system and in return have received over a year of freedom so far. Compared to our old Cisco, Netgear, Citrix combination and the daily reboot of one of the pieces all for two business and 32 office users is a thing of the past. Now it feels like I'm on an extended vacation.

    All thanks to open source projects like:
    debian (woody)
    LFS
    knoppix
    ubuntu
    squid
    clamAV
    nx & freenx
    openssh
    openssl
    ssl-explorer
    truecrypt
    openldap
    apache2
    mysql
    pxes
    vmware
    webmin
    zope
    and the many others the above apps depend on...

    The fact is open-source and ClamAV are here to stay despite 70%+ of the American network administrators are to ignorant to implement a true mixed secure environment.
  • digdug2020, on 10/12/2007, -0/+1How the hell can a free program provide a guarantee.? The only thing the others guarantee is that they'll refund your money if you aren't satisfied. ClamAV works quite well as a backup scanner. I use the version for windows as a backup to Symantec (I wish they were using something else at work, but that's what they have and that's what we live with :) )
  • drowelf, on 10/12/2007, -1/+1If I'm not missing something, this report says that ClamAV sucks:

    http://www.virus.gr/english/fullxml/default.asp?id=82&mnu=82

    What did I miss?
  • inactive, on 10/12/2007, -4/+4I found clamav lacking
    it isnt as good with compressed virii as say nod or kaspersky
    it also missed many virii i threw at it.
    looks like it could develop into a cool app though.. they just need to get that detection rate up a bit.
  • Fetching more discussions...
    Show 51 - 67 of 67 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.