Sorry, just read the tail of this one.. ;(
Wodish,
Some of what you say is true, but some is not.
I never said a virus has to be in a kernel, only that the windows kernel is an easy target.
Virii in windows can easily look at .com, .exe, .dll and know what to infect. Imagine the amount of work and time it would take for a virus to find every file on your computer and do a file(1) on it and evaluate the output.. I think within the first 12 hours it was running someone would find the thing running and kill the process.
A virus and a trojan are different. If you download joe schmo's code, and compile it and run it without looking, then shame on you! But joe schmo's code is not a virus, you had a brain fart.
Trojans are easy to create, and I have written quite a few myself as tests. (not early as you did so Im a couple years younger! har har), however they are not globally effective with good sysadmin practices.
I.E. I made a trojan and called it "ls". It copied itself in every place it could each time it ran. This is a way to test who had the "." in their path, and show the hard way what sysadmin need to be aware of.
Are there root kits for Unix? Yes, and be weary! if you dont know how and what to do to secure your systems, best hire someone or buy lots of books and get working on it. A root kit is not a virus, it allows a non root user to have access as root.
M$ said NT/2000/XP will make us as safe as unix. Guess what, most applications fail to run if your not an administrator in NT becaues microsoft's implementation of everything is flawed. (everthing being process control, file acl's, network port access, etc...)
In Unix world good sites have 1 root account on a system, and tight control over who has the access to it. If we had to make all our users UID=0 then we may have to worry more about viruses.
I agree with you 100% that telnet and ftp are so easy to sniff passwords people have heart attacks when you show them, so OpenSSH is awsome prevention.
SO, as for it being a matter of time.. Not hardly.. here is why
A virus in windows is effective because it corrupts the system completely, and launches itself at boot time with the kernel or dll corruption, and has fast access to any files it deams executable to tag itself into/onto.
unless "root" ran the virus in unix, the same thing is not possible. (unless there was a really sloppy admin that ran chmod -R 4777 / that is.
Also, since the kernel is immediately corrupted in windows, the highest level is corrupted. killing the process in memory is useless as the next time the kernel rereads itself (1-2 minutes) the virus is reloaded.
In unix, killing the process kills the virus.
SO I guess my official response to the question "Can a virus live in UNIX?" the answer is twofold. "Yes, but it would take so much development time that we wont ever see it."
Grand discussion though! ;)
Shannon
Microsoft. When do you want a virus today?
