UNIX should be virus check?

UNIX should be virus check?

Post by David C. Mesch » Mon, 07 Feb 1994 16:32:26



: All:

:    My boss do not want all sharewares and unauthorized softwares on
: Sequent and Prime system. He asked me to check any virus on Unix system.
: I am looking for Unix-version of Virus Scanning but I can't find them. :(

:    I was surprised that GNU stuffs should not on Sequent with brain-damaged
: DYNIX/ptx 1.4.0. Why? Are my boss or employees idoit? I did not understand
: what they mean.

:    Can you give a pointers to Virus checking software  for Unix system?

First of all, I don't think there is a virus scanner for UNIX...
Secondly, viruses (if there are any UNIX viruses) (ask the folks at comp.virus)
  can't work nearly as nicely on a UNIX system w/ all the file permissions and
  the like.  
Third, the viruses can work on DOS-emulator stuff, but I think they are limited
  to the DOS area.
Fourth, UNIX machines can harbor viruses (You can download an infected DOS file.  It won't run, but it still has the virus when you run it on a DOS machine.)
Fifthpirated software should be eliminated (where you don't have a site
  license, etc.) but shareware stuff is legal especially if you've registered
  it if the author wants it registered.
Sixth, I think your boss is an idiot.  He appears to know little about UNIX
  machines and the architecture of the UNIX system.  Also about the
  availability of virus scanners on UNIX machines...

 
 
 

UNIX should be virus check?

Post by Tim Sta » Mon, 07 Feb 1994 10:33:40


: All:

:    My boss do not want all sharewares and unauthorized softwares on
: Sequent and Prime system. He asked me to check any virus on Unix system.
: I am looking for Unix-version of Virus Scanning but I can't find them. :(

:    I was surprised that GNU stuffs should not on Sequent with brain-damaged
: DYNIX/ptx 1.4.0. Why? Are my boss or employees idoit? I did not understand
: what they mean.

:    Can you give a pointers to Virus checking software  for Unix system?

: Thank you!

: -- Tim Stark
:    System Admin of Sequent and Prime at IRS.

I appericate your all replies. Thanks you! I think that my boss can't do
that because GNU software are legal and no such virus in all Unix systems.
Managers in IRS do not know advanced technology like this internet and
GNU softwares, etc well. However they might perform poorly. :(

Thanks for your pointers to good ORA books. I have alot of ORA books today.

-- Tim Stark

--

6130 Edsall Rd. #301            TDD: (703)212-9731  FAX: (703)212-7598
Alexandria, Va. 22304-5859      Voice: Via VA Relay Center (800)828-1140
"God bless you! - My friend, Washington DC. - The Most Deaf Population City!"

 
 
 

UNIX should be virus check?

Post by Fridrik Skulas » Mon, 07 Feb 1994 19:40:58


Quote:>Sixth, I think your boss is an idiot.

Well, I wouldn't exactly say that, but there is a lot he doesn't know....

Regarding viruses and Unix, there are really three different issues to
consider:

   1)  Dos emulation and viruses.  If an Unix box offers DOS emulation that
       is good enough to run most DOS programs, it will also be good enough
       to run most DOS viruses.   However, the viruses can only spread inside
       that box, and can be handled perfectly with a normal DOS virus scanner.

   2)  Viruses on Unix file servers for DOS.  Those viruses do not run on the
       Unix system itself, but can spread from one DOS machine to another
       through the Unix system.  This can be handled by scanning the file
       server from DOS with a DOS-based scanner, but it would be better to
       have a DOS-virus scanner running on the Unix box itself.  Such scanners
       exist, but they may not be as up-to-date as the current DOS scanners.

   3)  "True" Unix viruses.  Forget about detecting those with scanners. Any
       anti-virus tools to handle true Unix viruses should really be based
       in integrity checking - not virus specific signature search.

-frisk

Fridrik Skulason      Frisk Software International     phone: +354-1-617273

 
 
 

UNIX should be virus check?

Post by Bruce Edig » Tue, 08 Feb 1994 02:03:53


        [...]

Quote:>   3)  "True" Unix viruses.  Forget about detecting those with scanners. Any
>       anti-virus tools to handle true Unix viruses should really be based
>       in integrity checking - not virus specific signature search.

Can you elaborate on reasons for this assertion?  The most popular virus
checking programs for other platforms do signature checking of one form
or another.  I'm not sure I understand why unix would require a different
approach, especially considering how very few "true" unix viruses there have
been.

Sincerely,
Bruce Ediger
--

 
 
 

UNIX should be virus check?

Post by Kriston Rehbe » Wed, 09 Feb 1994 17:21:48


Before I start, I've played with a product called "Fortress" for AIX
version 3.2.x.  It's a security scanner for AIX UNIX which scans all
the major and minor security problems you might find on a UNIX system,
from NFS exports to Set-UID.

And it does virus checking and trojan horse checking, too.

[...]

Quote:>   1)  Dos emulation and viruses.  If an Unix box offers DOS emulation that
>       is good enough to run most DOS programs, it will also be good enough
>       to run most DOS viruses.   However, the viruses can only spread inside
>       that box, and can be handled perfectly with a normal DOS virus scanner.

Yes, and you will see that SoftPC comes with a virus checker, like
IBM's Anti-Virus scanner.

Quote:>   3)  "True" Unix viruses.  Forget about detecting those with scanners. Any
>       anti-virus tools to handle true Unix viruses should really be based
>       in integrity checking - not virus specific signature search.

Fortress does exactly this!  It will handle both signature search (as
unlikely as it may be) but it is really big with integrity checking
with cryptographically sound file checksums, filesystem databases, and
the like.

I don't think it's available in the commercial arena, but we use it
here as (I believe) a prelim. project and it's very, very nice.  It's
only a matter of time for UNIX virii to start proliferating.  Many
people don't realize how easy it is to have a UNIX virus.

Kris

--

| Nobody in particular            |    UUCP: ...!uunet!paladin!sanctum!kris  |
|----------------------------------------------------------------------------|
| "Your lack of common decency reminds me of a computer!" - emacs M-x flame  |
 ----------------------------------------------------------------------------
                                       (Copyright 1994; personal use accepted)