Here's a clip of something I wrote a few years back. Still holds true for the most part...
I am not an HP official, but have been working in the UNIX environment for more than a decade. (Old timer kindof). Here is an explenation of why virii do not exist for UNIX. Let me say that the pointer in the previous reply says some of this too.
First, I should say that there are many "trojans" for UNIX, and are very easy to make. I.E. A script that calls /sbin/rm -f /* executed by root will delete the files under / (exception would be /sbin and /sbin/rm and the shell because they are in use). While some people consider trojans a virus, they are not.
Virii have certain characteristics which would define them as virii. First, a virus is usually memory resident. This means that the virus sits in memory and looks for keys to attack files. Usually the dos extension to the file name. I.E. .exe files and .com files. Also virii must be at least a nuisance. like writing "eat my shorts" into a text file would cause an unwanted change to the file. A program that sat in memory and wrote our ficticous message to files would be a virus. A virus must also spread itself in one way or another.
Because the virus usually needs a trigger (like the dos extension) UNIX virii are much more difficult to create. Since /usr/bin/rm is an executable not denoted by rm.exe, the virus would not be able to tell by name what is an executable to infect and spread, and what is not. /etc/hosts would look the same to a virus as /etc/ping. A virus would have to be huge to sit in memory and be able to stat all files, run magic, check bits, etc... to know how to spread.
Next, in UNIX the kernel is memory resident. When the system boots the kernel, it is read only. The kernel sits in memory until system shutdown. If a virus was to infect the kernel, it would not be effective until the system was rebooted with the bad kernel. In Win/XXXX the kernel sits on a disk, and is constantly accessed. Sorry Gates and Clan, but a 100MB kernel just does not fit into most PC's memory :). If the kernel is corrupted, the corruptions are instantly read in, and accepted. Microsoft was supposed to fix this in Win NT 4.0, then in 2000, but I guess they will just let saps keep buying their products and spending tons of cash on anti-virus software and think that is has to be that way.....How easily some of us are fooled :)
The next problem with running a virus in UNIX is that the virus can only run at the access level of the user who executes the program. I.E. If johndoe executes the program, the program can only affect "johndoe"'s processes and files. Anything owned by "root", and "bettysue" would be unaffected. The virus could only do wide spread system damage if the super user "root" executed the virus. This severely limits the ability of a virus in UNIX. Windows NT and 2000 also have multi leveled access for processes, but Microsoft's implementation is very easy to bypass. Another fine programming job by the wonderfull folks at Microsoft! :)
In SunOS and Linux, the virus scanning software that is available is NOT for UNIX and Linux protection, but Microsoft Windows protection. The software is made to scan data shared to and from Windows boxes.
The best defense in UNIX to the Virus threat is common sense, built in UNIX functionality, and basic security measures available in more locations than I would care to give in this reply.
Tell the person asking for Norton AV for HP-UX that it is only necessary in Microsoft world. While him and sooo many others think that Crashes and Virus threats are daily concerns, us UNIX folks know better!
Sincerely,
Shannon Petry
Systems Engineer
Microsoft. When do you want a virus today?
