How secure are downloads from unix.com, linux.com, etc? Not talking about off the wall individual user sites, but sites like unix.com, download.com, tucows.com? We've been inundated at work lately from viruses, and I want to make sure that for things like work related downloads, that those kind of sites are secure. Not talkig about downloading music files, movies, I mean things like gcc, gzip, etc off these main sites. Any feedback/opinion appreciated as to this question?
Thanks, kym
UNIX.COM does not have any downloads....... we are technical info exchange forums only......
Personally, I often download files from download.cnet.net and install them without any problems. Normally, download sites have user comments, popularity numbers, rankings, etc. Hundreds of thousands of happy users downloading a utility or program is a good endorsements.
I normally do not install 'brand new stuff'..... that has not been in the public domain for some time. Last week I downloaded two or three things from download.cnet.net.
On Windows, my favorites are:
On UNIX/LINUX systems, I don't worry much about viruses.... (search the boards for previous discussions on why).
One of my friends owns a business and gets tons of email and he uses Outlook on Windows .. AND he opens every attachment.
I was drinking wine at his bar and he told me he could not boot his computer anymore and was going to reinstall the entire OS, wiping out all this files.
I said, "HOLD ON", pour a glass of your best wine for free and I'll fix it! He said.... 'yea, right'... here is the wine, but no one can fix this.
I booted this system in 'step-by-step' mode and found that his automatic antiviral program was causing this system to hang on start up.... he was one of those guys that has everything 'autostart'.... so I turned off these 'autostart applications' using msconfig and then rebooted.
Now, he could manually run his antiviral program. I went home to sleep off the wine and Thai food.
I stopped by a few days later and my friend showed me a list of about 100 infected files with many, many viruses. I say, 'perhaps you will stop opening all those attachments and executable programs from strangers'...... (before, he said he loved to open everything to 'see what it was!!!')... well, you gotta love it 
He now tells me he never opens attachments from strangers
So, the moral of the story is that you and your company staff are at much higher risk from email attachements than a reputable download site...
Here is the advise about viruses.... !!!!
NEVER OPEN OR CLICK ON EMAIL ATTACHMENTS FROM STRANGERS !!!!
The problem I've seen at many businesses is that these curious user do download stuff a lot - and not always from reputable sites. If you have a user that likes to download (take advantage of his/her "free" bandwidth for music / programs, etc), then there's a good chance that they're running non-company-authorized applications.
Yes, we have a fairly tolerant site manager and lan admin (i'm backup company lan administrator and the manager/administrator of the unix/linux/gould systems). WE've gotten a few backdoor viruses and lots of email ones, one was attached to an internal web site for some reason, can't figure that one out yet, on our main server but the ip is open only to internal users!. We are slowly educating ppl on viruses, attachments. We use lotus notes and winxp but we have a few bad apples in teh bunch that are constantly downloading movies, music, games etc. So far the boss has been pretty tolerant but he's about at the point he's going to cut off internet to most workers. I wish he would, would cause less headaches for some of us. We've had a couple of hard drives wiped out just this last month supposedly thanks to viruses. Irritating and definitely causes downtime and problems. Most of our browsing/internet is all on XP computers, the unix/linux is internal and for development, needs to be secure from viruses and safe so no access out, so its more that I use the windows to get the proper files i need for unix/linux and then move them over to the unix/linux boxes as needed. SO just wanted a warm fuzzy on security of some of the main/official web sites. I appreciate the comments, thanks!
Yeah, look out for bandwidth abusers - they might not know not to execute something they found lying around the internet. And as for attachments, I have seen more than one company not allow any through the mailserver in either direction. I have also seen some that only allow stuff like .txt, .html, and .doc though - although Macro virii aren't as popular as they used to be, it's still a very real threat.
As far as the internal webserver, that could be any one of a dozen or so variants... CodeRed, Nimda, etc... Those hit a lot of Windows-heavy companies quite hard. There were also some viruses that would infect the web server (IIS of course) and try to server out infected binaries by incuding an automatic redirect in a transparent image (or something like that).