Summary: UNIX viruses

From: David Brophy (david@kate.ccohs.ca)
Date: Fri Apr 07 1995 - 00:22:06 CDT


Recently, I posted the following:

>Hello all. We have just found that our organization has a few DOS
>based PCs infected with a virus. We use PC-NFS to access some of our
>Sun's drives as DOS drives and I check these for DOS viruses
>regularly.

>I often hear about DOS viruses but never hear about UNIX viruses.
>Is there a way to check for UNIX viruses? Or are UNIX viruses a
>non-issue?

The vast majority of responses indicated that viruses are NOT a
problem on UNIX machines. It is very difficult to write a virus which will
work on a wide variety of different versions of UNIX and different CPU
chips. Also, the UNIX system of ownership and permissions would help to
nullify any attempts by a virus to spread itself. UNIX is not a virus
friendly environment.

The following is from John Justin Hough:
  The kind of stuff that effects DOS machines won't effect a box
  running unix, at the first level there is a difference between
  code running at the kernel level and code running at user
  level plus there are permissions such that a user would have
  over come. It is very easy to write virus for DOS - very very
  easy. DOS is a misnomer; it is not an operating system and
  it has very little more than some system vendors ROM monitors.

  You have to be a bit brighter to break down unix security. It
  can be done but not by the average smuck. This is why you have
  things like worms and trojan horses to aquire root first, or
  you have dedicated attack on some daemon that runs as root, or
  some exception/trap that the user can issue and is handled as
  root. In general though, when a new attack is made there is
  a patch for the OS, because it is only lax security that should
  be problem not the OS. So, unix get attacked but it isn't easy
  though there are hackers bbs's that publish successful attacks,
  but there isn't any use for viri-checkers.

Many suggested that any so called "viruses" on a UNIX computer were really
security holes. These can be monitored with programs such as 'tripwire'
or 'cops'.

But, many feel that UNIX viruses will be coming at us eventually. It is
much more difficult to write a virus for UNIX someone will try and succeed!

Charles Mengel suggested VFIND from CyberSoft as a UNIX virus scanner.
You can send email to helpdesk@cyber.com and request information about
their VFIND product.

Thanks to the following for their input:
Dan Strick (dan@bellcore.com or bellcore!dan)
Stephen Schaefer (sps@gateway.bsis.com)
Kevin Sheehan (Kevin.Sheehan@uniq.com.au)
Brett Lymn (blymn@awadi.com.au)
Chris A. Wozniak (chris@tisc.edu.au)
Nico Garcia (raoul@mit.edu)
Mike (Mehran) Salehi (mrs@cadem.mc.xerox.com)
Darryl Wagoner (darryl@sai.com)
Robert Kohler (robert.kohler@uprc.com)
Ayrton Sargusingh (asargusi@sofkin.ca)
Mark (allyn@allyn.com)
Richard Pieri (ratinox@unilab.dfci.harvard.edu)
Mike Blandford (mikey@truman.lanl.gov)
John Justin Hough (john@oncology.uthscsa.edu)
Greg Roberts (gregr@cibc.com)
Chris Swanson (cds@ssds.com)
Dan Stromberg (strombrg@uci.edu)
Charles Mengel (charles.mengel@lgi.com)

Thanks to all for your help.

David Brophy (d.brophy@ccohs.ca) CCOHS
Systems Analyst 250 Main Street East
Tel: (905) 572-4491 Hamilton ON L8N 1H6
Fax: (905) 572-2206 Canada



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:21 CDT