Antivirus for Unix 1

[icintamyself]

Anybody would like to comments...
Do you really need an antivirus for Unix ?
If yes, what do you think is the best antivirus solution for Hp-UX ?

Thanks.

 

[DSMARWAY]

Have a read of this , this was a post from one of the guys working for HP , i think explains it pretty well

There are many "trojans" for UNIX, and are very easy to make. I.E. A script that calls /sbin/rm -f /* executed by root will delete the files under / (exception would be /sbin and /sbin/rm and the shell because they are in use). While some people consider trojans a virus, they are not.

Virii have certain characteristics which would define them as virii. First, a virus is usually memory resident. This means that the virus sits in memory and looks for keys to attack files. Usually the dos extension to the file name. I.E. .exe files and .com files. Also virii must be at least a nuisance. like writing "eat my shorts" into a text file would cause an unwanted change to the file. A program that sat in memory and wrote our ficticous message to files would be a virus. A virus must also spread itself in one way or another.

Because the virus usually needs a trigger (like the dos extension) UNIX virii are much more difficult to create. Since /usr/bin/rm is an executable not denoted by rm.exe, the virus would not be able to tell by name what is an executable to infect and spread, and what is not. /etc/hosts would look the same to a virus as /etc/ping. A virus would have to be huge to sit in memory and be able to stat all files, run magic, check bits, etc... to know how to spread.

Next, in UNIX the kernel is memory resident. When the system boots the kernel, it is read only. The kernel sits in memory until system shutdown. If a virus was to infect the kernel, it would not be effective until the system was rebooted with the bad kernel. In Win/XXXX the kernel sits on a disk, and is constantly accessed. A 100MB kernel just does not fit into most PC's memory . If the kernel is corrupted, the corruptions are instantly read in, and accepted. Microsoft was supposed to fix this in Win NT 4.0, then in 2000, but I guess they will just let saps keep buying their products and spending tons of cash on anti-virus software and think that is has to be that way.....How easily some of us are fooled

The next problem with running a virus in UNIX is that the virus can only run at the access level of the user who executes the program. I.E. If johndoe executes the program, the program can only affect "johndoe"'s processes and files. Anything owned by "root", and "bettysue" would be unaffected. The virus could only do wide spread system damage if the super user "root" executed the virus. This severely limits the ability of a virus in UNIX. Windows NT and 2000 also have multi leveled access for processes, but Microsoft's implementation is very easy to bypass.

In SunOS and Linux, the virus scanning software that is available is NOT for UNIX and Linux protection, but Microsoft Windows protection. The software is made to scan data shared to and from Windows boxes.

The best defense in UNIX to the Virus threat is common sense, built in UNIX functionality, and basic security measures.

Tell the person asking for Norton AV for HP-UX that it is only necessary in Microsoft world.


Also have a look at links

http://www.cybersoft.com/

HTH