Bitdefender revisted

Share your how-tos and guides with other users

Moderators: ChrisThornett, LXF moderators

Bitdefender revisted

Postby RichardKweskin » Sun Mar 04, 2012 1:27 pm

Hi

Ever since reading Mayank Sharma's review (lxf119 pg23) and Nick Veitch's roundup (lxf128 pg30) I have been using Bitdefender from Linux to check both Windows partitions and Linux partitions. More recently I added this antivirus tool to Lubuntu 11.10 64bit but found it seg faulting. Looking for info on the net I came across two handy places, both setup by Bitdefender. The first is a forum

http://forum.bitdefender.com/index.php?showtopic=31694

which I joined and asked for help. The second place is a blog which one of their support team referred me to.

http://unices.bitdefender.com/2011/11/0 ... or-unices/

Create this script as root, chmod 0755 and run it on an existing installed version of bitdefender scanner.

#!/bin/bash
cat /opt/BitDefender-scanner/var/lib/scan/versions.dat.* | \
awk '/bdcore.so.linux/ {print $3}' | \
while read bdcore_so; do
touch /opt/BitDefender-scanner/var/lib/scan/$bdcore_so;
bdscan --update;
mv /opt/BitDefender-scanner/var/lib/scan/bdcore.so \
/opt/BitDefender-scanner/var/lib/scan/bdcore.so.old;
ln -s /opt/BitDefender-scanner/var/lib/scan/$bdcore_so \
/opt/BitDefender-scanner/var/lib/scan/bdcore.so;
chown bitdefender:bitdefender \
/opt/BitDefender-scanner/var/lib/scan/$bdcore_so;
done

The above steps can be executed one by one on the commandline by root or run as a script. The first step filters out the version name to be appended
to bdcore.so.linux- (which in my case creates bdcore.so.linux-x86_64 as I am running a 64 bit system.) In the second step the while statement creates
an empty file with the command touch with the name created in the first step. The third step invokes a simple update of the antivirus scanner from
the Internet. The fourth step renames the original file bdcore.so to bdcore.so.old so it no longer is used. The fifth step creates a symbolic link with
the name bdcore.so which points to the file created in the second step (the file bdcore.so.linux-x86_64 in my case.) The last step changes the ownership
of this same file created in the second step to the bitdefender user. The result is that the antivrus scanner can now run and does not seg fault.

One more time here is a company that not only plays nice with Linux but has an ongoing support system.

In my opinion a new roundup might be helpful and a particular plug for such companies that go the extra mile (or miles) for Linux users.

Richard Kweskin
RichardKweskin
 
Posts: 13
Joined: Thu Jun 28, 2007 12:08 pm

Postby stuart_c » Wed Apr 11, 2012 12:55 am

Thanks for the update.

I too read Nick's round-up; although I am completely new to Linux. I simply have some old x86 boxes and am assessing what I will need to install in order to carry out my online activities under Linux. My current thinking is that openSUSE will be the distro for me, (a 'Live' version for the time being).

Do you feel that Bitdefender would offer the best security solution for a new user to carry out online banking and, if so, is it the 'Mail Servers' version of the s/w I would need? - this seems to be the only one on their site which mentions Linux.

Thanks again.
stuart_c
 
Posts: 7
Joined: Tue Mar 20, 2012 5:20 pm

Postby wyliecoyoteuk » Wed Apr 11, 2012 8:53 am

The reason it is the "mail server" edition is probably because it scans emails for Windows viruses.
We have a Linux firewall that scans all of emails in and out of our compAny network in like manner.
After all, there are literally millions of Windows viruses, and a handful of "proof of concept" Linux viruses, none of which are found in the wild, and are actually pretty hard to install.

I must admit that although Linux is so far virtually malware free, I am starting to wonder how long that will last.

For online banking, the main risk are rootkits or cross-scripting attacks.
The first usually need physical or at least network access to the machine in question, and active intervention by an attacker, unlike windows, where they can be a payload delivered by a virus. The latter are best guarded against by something like Firefox's Noscript browser plugin.

A live CD is fairly proof against trojan attacks, simply because the root partition is read only.
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
User avatar
wyliecoyoteuk
LXF regular
 
Posts: 3454
Joined: Sun Apr 10, 2005 10:41 pm
Location: Birmingham, UK

Postby RichardKweskin » Thu Apr 12, 2012 10:57 am

Hello again

I feel compelled to stress the whopping big advantage of using Linux with a virus checker to scan the windows partitions! Look at it this way if you will. Imagine you are a vet and need to treat a sick wild animal. The only way to even approach it is to knock it unconscious first. Well when you a fire up the pc with Linux, whether by live cd/dvd/usb or a dual boot configuration you simply mount the windows partitions and all the files are layed open for scanning while at the same time any malware lurking therein is "unconscious" because the code depends on a windows environment which is absent!

I have lost count of how many pc users who had been "struck" by malware problems were so impressed by the effective and thorough "cleaning" their windows partitions received using the above mentioned method that they were persuaded to get "dual booted" by having Linux installed side by side with their previous windows only configuration. I refer here to users who had no idea of Linux or indeed the concept of alternative operating systems for a pc.

Yes, I have used and continue to use Bitdefender for Linux to do the scanning. I will post a step by step howto in a separate thread for those interested.

Richard
RichardKweskin
 
Posts: 13
Joined: Thu Jun 28, 2007 12:08 pm

Postby stuart_c » Tue Apr 17, 2012 6:11 pm

Hello Richard,

I really appreciate all the useful info you have posted on this subject, which I have read with interest.

My interest in computing predates affordable HDD's so, as I say, I am absolutely fine with 'live' media in principle and it sounds as though I am good to go with that option.

Many of my earlier computers also predated the internet, however, so I need make sure I understand the implications of booting from specific types of media:

wyliecoyoteuk wrote:The latter are best guarded against by something like Firefox's Noscript browser plugin.


I use Firefox in Windows so, again, I'm fine with the principle. Is the Linux version included in SUSE's live distros, only these would max out a CD by themselves, (Most PC's in our house don't have DVD, so that would be a less versatile option)?

wyliecoyoteuk wrote:A live CD is fairly proof against trojan attacks, simply because the root partition is read only.


Can I take that to mean that the media it is written on doesn't have to be physically write-protected, ie. thumb drive/+RW disc would be OK; or would these be unsuitable for online banking?

wyliecoyoteuk wrote:I will post a step by step how to in a separate thread for those interested.


Again, I read this with interest. I am also fine with the principle of running s/w from RAM; however most of the PC's I currently have access to have only 128-256mb of RAM.

What I have already learned from that post is that I would need to look into remastering or 'Persistence' in order to use Bitdefender. If I understand correctly, CD media would be of insufficient capacity for this and I will need a thumb drive, or SD card if there is any advantage to having a write-protect switch.

Thanks again,


Stuart.
stuart_c
 
Posts: 7
Joined: Tue Mar 20, 2012 5:20 pm

Postby RichardKweskin » Thu Apr 19, 2012 11:41 am

Hi Stuart

I understand your concern for security. Using Linux instead of Windows, in and of itself, goes a long way toward that. The computers with only 128MB of ram are not very suitable for today's use but would certainly benefit from a replacement of an ancient version of Windows with a light but up to date Linux. Almost any distro can be trimmed and remastered but it is a lot of work. SUSE is a heavy weight in its "out of the box" form. I would suggest Lubuntu which Linux Format has written about. It has several "light" replacements for the desktop (lxde instead of gnome or kde) and for heavy suites (abiword and gnumeric instead of libreoffice) etc.

I advocated the live versions where a temporary Linux use for a one off scan was the topic. Someone who brings their pc which has a probable infection puts me in just such a position.

In your case you can consider a proper installation.

The only 100% security is never to plug-in to the Internet, read-only media like non-rewritable optical media are also tricky and (imho) not a good option for repeated use.

Usb sticks have often let me down (almost like the old floppy) by not always being bootable (I keep two or three close by to deal with that.) Again I consider this medium to be less desirable in repeated use.

So, looking again at this security issue: Linux instead of Windows, up to date software (security updates especially) "good practice" by limiting what ports are open, how long is each password, understanding file system permissions, curtailing scripted addons in browsers and elsewhere. Linux Format has written many good pieces.

Richard
RichardKweskin
 
Posts: 13
Joined: Thu Jun 28, 2007 12:08 pm

Postby stuart_c » Thu Apr 19, 2012 3:12 pm

Thanks, as ever for your continued support.

RichardKweskin wrote:Hi Stuart

I understand your concern for security. Using Linux instead of Windows, in and of itself, goes a long way toward that. The computers with only 128MB of ram are not very suitable for today's use but would certainly benefit from a replacement of an ancient version of Windows with a light but up to date Linux. Almost any distro can be trimmed and remastered but it is a lot of work. SUSE is a heavy weight in its "out of the box" form. I would suggest Lubuntu which Linux Format has written about. It has several "light" replacements for the desktop (lxde instead of gnome or kde) and for heavy suites (abiword and gnumeric instead of libreoffice) etc.


The current brief for this/these PC's was an all-round internet box,ie:

HTML, etc,
Secure shopping/banking,
iplayer desktop - to negate the need for fast broadband as rurally located.

The main attraction of Linux was indeed its lightness.

I was drawn to open SUSE by:
Linux Distibution Chooser, http://www.zegeniestudios.net/ldc;
BBC system recommendations: http://www.bbc.co.uk/iplayer/install
The fact that I had printed literature on SUSE.

However, I am mindful of your obvious experience of Linux.

RichardKweskin wrote:I advocated the live versions where a temporary Linux use for a one off scan was the topic. Someone who brings their pc which has a probable infection puts me in just such a position.


I apologise, it must have been somebody elsewhere who mentioned using 'live' as an alternative to a virtual machine, to "sandbox" Firefox for online banking.

I can only hope this tangent will serve to broaden others understanding of the topic and not to it's detriment.

Not sure of my windows problem, (no context switching of mouse pointer, (resolved only by Ctrl-Alt-Delete) and decreasing speed).

RichardKweskin wrote:In your case you can consider a proper installation.


I plan to review my "fixed" hardware in the summer, (I might aim to build something equivalent to a P4 by then).

If there is a 'live' distro which would go anyway towards my current brief/removable media advisable to boot it from, I would be very grateful for your thoughts.

Thanks again.
stuart_c
 
Posts: 7
Joined: Tue Mar 20, 2012 5:20 pm

Postby RichardKweskin » Thu Apr 26, 2012 10:26 pm

Hello Stuart

May I invite you to continue this new topic in security using updated Linux? See you there.

Richard
RichardKweskin
 
Posts: 13
Joined: Thu Jun 28, 2007 12:08 pm


Return to Hints and tips

Who is online

Users browsing this forum: No registered users and 0 guests