[tclug-list] Closed source BitDefender - best anti-virus on Linux?

Fri Aug 26 15:48:02 CDT 2005

It all depends if you want realtime scanning or not.  There are only a
few products out there currently for Linux that feature realtime
scanning for AV, currently Trend Micro ServerProtect for Linux (SPLX),
Sophos, and McAfee I believe.  With Symantec's product in beta right
now.  The problem with realtime scanning on Linux is that it requires a
kernel hooking module (KHM) in order to properly scan in realtime.  What
this means is that for EVERY new kernel (no matter how small the
variation) a new KHM must be released in order for realtime to continue
to function properly.  This is pretty ridiculous...and could be solved
if Red Hat (and other vendors) offered some kind of API like Microsoft
offers with Windows to accomodate this.  But they refuse (I manage the
SPLX product on a Red Hat corporate desktop soon to be on 300K+
workstations) access to this or the creation of this (at least to Trend
Micro - who is a big 3 vendor in AV).

If you want on-demand scanning only (as BitDefender offers) - then
surely BitDefender rates highly.  I, myself, would choose Kaspersky for
Linux.  It is updated quite often and it supports the most packers.

On the Windows side, AVG and ClamAV are just terrible.  Even ClamAV on
*nix is not a true AV product...but it works (well) and it is free.  It
lacks heuristics and only goes on file by file based detection.  Whereas
"standard" AV will actually be able to detect variants in some cases
because they don't have quite a simplistic scanning methodology.

If you want more info on what is good and bad on Windows, drop me a line
off list.  I have a paper that will be published in October for Virus
Bulletin 2005.  My research was using XP honeypots with only AV for
protection...before the whole MS "honeymonkey" term was coined I had a
similar setup running (albeit for a different purpose).

-----Original Message-----
From: tclug-list-bounces at mn-linux.org on behalf of Ken Fuchs
Sent: Fri 8/26/2005 3:06 PM
To: tclug-list at mn-linux.org
Subject: [tclug-list] Closed source BitDefender - best anti-virus on
Linux?

I ran across a PC magazine on-line article
<http://www.pcmag.com/article2/0,1895,1850851,00.asp> that reported
AV-Test <http://www.av-test.org/> rating BitDefender as the best and
ClamAV as the worst anti-virus software running on MS Windows.

I thought ClamAV was the best anti-virus system.  Could cygwin be part
of the problem?  Any comments?

Anyone have an opinion about AV-Test.org?

BitDefender has a free, closed source, version for Linux:
<http://www.bitdefender.com/PRODUCT-63-en--BitDefender-Linux-Edition.htm
l>
Is BitDefender on Linux as good as BitDefender on MS Windows?

Does anyone have experience with BitDefender on Linux?

Sincerely,

Ken Fuchs <kfuchs at winternet.com>

P.S. I posted something similar thrice yesterday.  Probably due to the
     lame Subject line and the repetition, most people ignored it.
     I apologize for wasting your time yesterday, but hope you will
     respond to this more carefully crafted post.  Thank you!

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
tclug-list at mn-linux.org
http://mailman.mn-linux.org/mailman/listinfo/tclug-list