Maybe there could be a couple. Say, a buffer overflow bug in OOo, so that people could get infected if they open a seemingly innocuous document. There’s a few other instances. But why update the virus definition when you could just update the application? On Linux the applications are being updated as soon as holes are found, long before there’s any exploits to search for. Once there’s an exploit to search for it’s too late, it means someone has been infected.

Sure, not everyone updates their applications. Let’s work on that instead.

However, I’m glad to see ClamAV getting some press, as I do think it is vital to be able to say to people “No, there aren’t any Linux viruses, but Yes, we can provide you with free virus protection”

Updating the application is not the best solution, especially for something as big and complex as OOo. If they come up with a patch, it goes into CVS, but there’s no immediate release: the Debian security team, say, will backport that patch to their current version of OOo, but in a large environment you’ll have to download that patched version and test it to make sure that the patch hasn’t broken any of your other applications or things that rely on OOo…and all the time you’re doing that, your users might be downloading viral documents. I’m generally in agreement that people need to update their applications more, but a virus checker can be set to download and test for new viral definitions automatically—applications cannot. Well, they can, but who do you know who runs apt-get update out of a cron job? Not many people, i bet.

The lack of a virus checker is a real problem to me – sure users don’t run as root, but it still doesnt stop a virus from taking out the home directory – which contains items far more valuable to me than the underlying OS.

Oh, and I do run apt-get update in a cronjob via cron-apt; I also apt-get upgrade on a daily basis (cron-apt downloads the packages, and then I install manually later in the day)

If I can work out how to get it to install the stuff which doesn’t ask questions, and then ask me the questions later, then I might.

Generally, I’ve only had problems with a couple of packages in Debian, and these have always resolved themselves within a couple of days.

I agree with the post about email clients being more secure now, and as Aq says, they are in windows now but –
“theres no patch for stupid users”

Its a bit of a harsh quote but not to far from the point.

Built in AV would be cool (even if there is liitle to look for at the moment). As more people start using Linux desktops, so the number of “less technical” users increase – and therefore so does the risk.

Also it would be nice to see something along the lines of Microsofts SUS, that can centrally manage patches – and yes I do realise you can do this with a script but I mean something with a nice GUI