SUMMARY:about virus

From: Lee Young Koo (yklee@handel.kaist.ac.kr)
Date: Sat Nov 14 1992 - 06:23:20 CST

My original question is
>
>My system SS2 running 4.1.2 often does malfunction. Somebody suggests
>that it is caused by the virus. But I have never heard that there is a
>virus on the workstation.
>
>Is there any information about virus running on workstation?
>

Answer:
Everyone says that there is *no* UNIX virus.
My system's malfunction may be caused by another reasons: sun bugs, SW/HW problem, etc. There are many bugs in sun OS and you can the corresponding patches from anonymous ftp.

For more information I include the following replys.

-----------------------------------------------------------------------------
eclipse!chungj@uu2.psi.com (Jae Chung) wrote:

  There is no such thing as virus in SS2 that I know of...
  If there is any, it should be "worm"...

  In any case, I think you need to have certain patches for
  your system. Since you did not explain your SS2's behavior,
  I do not know which patches you need for your Sun OS 4.1.2...

  Be more specific about your symptoms... you can probably look
  at the file called /var/adm/messages...

-----------------------------------------------------------------------------
dcornwel@iguana.mitre.org (Donna L. Cornwell) wrote:

I don't think the term virus applies to the sort of tricks taht
are played on workstations. A computer break-in on UNIX
workstations was well documented in The Communications of
the ACM in 1989. The title of the article had the term
"Wiley Hacker" in it. If you think that someone has done
malicious tampering with your system, you should read this
article. You should also read the UNIX System Administration
Handbook by Nemeth, Snyder & Seebass. It contains some
scripts to run to check for suspicious things like programs
that are setuid to root. You can get a pretty thorough
PD program called COPS that does a system check for the
kinds of things that would allow intruders.

You didn't describe your malfunction. There are alot of bugs
in Sun OS that only manifest themselves in certain circumstances.
You may have a problem that could be fixed by an OS patch
or by tuning your system. You should post your exact problem
to sun-managers including the model and configuration of
your workstation, the OS level, and software in use at the
time of the malfunction. Also include error messages from
the system that indicate the problem.

-----------------------------------------------------------------------------
<maclean@binkley.cs.mcgill.ca> (Matthew SAMS) worte:

    Unix is wonderful in that there are almost no viruses which affect
it. This is due to a number of reasons which include protected memory,
restricted acces to system calls,... The only way that a virus could
affect a unix workstation is if a person running as the superuser were
to execute a 'trojan horse' program planted by someone else. But planting
this program is difficult as well. This reason is why I do not include
'.' in the PATH variable of my root login shell, all commands I wish to
execute must be in directories to which only root has write access.

    I have few ideas as to your problem. The most common error I see
with SS2 are with the disc. Usually after a power-off/on the disc refuses
to spin giving a variety of errors including 'bad checksum *!=*'. I would
need more details including any error messages you receive and a description
of what you are doing when the system crashes.

-----------------------------------------------------------------------------
bernards@ECN.NL (Marcel Bernards) worte:

Only Worms and trojan horses will function on UNIX platforms
(Self)modifiing code like viruses are practically impossible to program
and CPU platform related.
Modified binaries will probably core dump. ( I tried this myself )
So, don't expect a virus on your UNIX box.
Flaky machine behaviour will be related to flaky hardware or software
or bad or noisy power sources. ( How about add on memory simms being too
slow for the SS2 clocking rate ? )

There have been several messages about SS2's crashing now and then, so
i think this is no news for the list. We have 2 of them running 4.1.1
and have never seen problems so far.

What messages are seen on console or /var/adm/messages ?

-----------------------------------------------------------------------------

Thanks to:
abcc@DIALix.oz.au (Adrian Booth)
c3314jcl@mercury.nwac.sea06.navy.mil (Johnson Lew)
ifarqhar@laurel.ocs.mq.edu.au (Ian Farquhar)
jeff@erie.irc.nrc.ca (Jeffrey Marans)
poffen@sj.ate.slb.com (Russ Poffenberger)
kwthomas@nsslsun.nssl.uoknor.edu (Kevin W. Thomas)
eclipse!chungj@uu2.psi.com (Jae Chung)
mdl@cypress.com (J. Matt Landrum)
dcornwel@iguana.mitre.org (Donna L. Cornwell)
bogart@bpb.it (Max Lanfranconi - R and D)
ups!kevin@fourx.Aus.Sun.COM (Kevin Sheehan {Consulting Poster Child})
<maclean@binkley.cs.mcgill.ca> (Matthew SAMS)
bernards@ECN.NL (Marcel Bernards) 

-- 

+----------------------------------------------------------------+
| E-mail: yklee@handel.kaist.ac.kr(143.248.11.203)               |
| Voice:  +82-42-869-3562                                        |
| FAX:    +82-42-869-3510        ooooooo      oo        ooooo    |
|                                o    o      o  o      o     o   |
| Lee, Young-koo                     o      o    o      ooooo    |
| Computer Science Dept. KAIST      o       o    o         o     |
| 373-1 Kusung-dong Yusung-gu     oo         o  o         o      |
| Taejon KOREA                   ooooooo      oo         o       |
| ZIP : 305 -701                                                 |
+----------------------------------------------------------------+

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:53 CDT