The Linux 2.6.36-rc2 Kernel Is Out With An Announcement
Phoronix: The Linux 2.6.36-rc2 Kernel Is Out With An Announcement
The Linux 2.6.36-rc2 kernel has been released this Sunday afternoon and this time around there's an announcement of the release by Linus Torvalds (he lacked announcing 2.6.36-rc1; Phoronix was one of the few places reporting on it). The 2.6.36-rc2 kernel release brings mostly bug/regression fixes, but compared to the Linux 2.6.35 kernel, Linus has accepted some pull requests after the -rc1 release in the Linux 2.6.36 kernel while denying other requests...
My first reaction to this article was, "Pah! Virus scanners on Linux? That's all they could come up with?"
Then I realized two things:
1. A better (faster, more reliable) file access monitor workalike could be used in GLib to improve the file monitoring facility there. That would instantly help programs like Rhythmbox, which sometimes struggle with not noticing that files have been added or deleted from the library directory (to no fault of Rhythmbox; the underlying library is wrong).
2. Virus scanners may be needed on Linux if you are accepting a lot of untrusted uploads and may potentially make them executable and then execute them (although this is already sounding like a very bad design for any software system). Or, if you are accepting user submissions and then handing them back out to Windows users, there's an even stronger case for a virus scanner on Linux; but here you need to check for Win32/Win64 viruses, not GNU/Linux+ELF.
Problem is, every virus scanner I've ever run (on Windows, admittedly) has been both proprietary and a significant resource hog, especially in terms of disk space and CPU usage when first reading a file. For a Linux server, I'd find this extra resource usage patently unacceptable. Usually, on a free platform, when you encounter a security vulnerability, you fix it in the source, even redesigning APIs and interfaces if necessary. We are adaptable and agile; we can change to make exploits harder or impossible. Therefore I think most Linux servers and desktops today don't run a virus scanner (I have both, and I don't).
I really hope that this doesn't change in the future. I hope that there is not a point 10 years from now when someone would look at you like you're crazy if you say that you run Linux without a virus scanner (consider that, today, most people would look at you like you're crazy if you say you run Windows without a virus scanner, particularly XP or earlier, or Vista/7 with UAC off). Unlike firewalls, NATs, hardware SPI, and software that is secure by design, virus scanners are an extremely wasteful form of security. They consume countless untold megawatts of electricity every year, by increasing CPU load, disk activity, and FSB/QPI activity. They grind endlessly on busy servers, bringing services to a barely-tolerable speed (or worse) for users, and killing venerable, high-quality SAS disks in only a couple of years. Virus scanners are destructive to hardware in the long run, and destructive economically as well.
That's why I think virus scanners on Linux are, for the most part, bogus. And if you are a system administrator who is responsible for the security of Windows desktops that send or receive untrusted files to your *NIX server, I sympathize with you. This is probably the only situation where I could see a Linux virus scanner being justified. I hope that the future will not prove me wrong.