HPE Community
Operating System - HP-UX
1825161 Members
2324 Online
109679 Solutions
New Discussion юеВ

Is there a Unix Virus ?

 
Richard_115
Frequent Advisor

тАО04-13-2004 02:32 AM

тАО04-13-2004 02:32 AM

Is there a Unix Virus ?

Are there any known Viruses for Unix systems ? And what types of software or controls are available to protect such Viruses on the Unix servers ? And are there companies that have implemented this unix Virus checks ?
0 Kudos
Reply
17 REPLIES 17
harry d brown jr
Honored Contributor

тАО04-13-2004 02:39 AM

тАО04-13-2004 02:39 AM

Re: Is there a Unix Virus ?


No viruses, but there are security "flaws" in software that can allow someone to "hack" in.

Simply fixed by keeping your machines patched.

You can purchase virus scanners, that scan SHARED filesystems, but this is used to prevent a WinDOZE pc's from spreading virsus's from one winDOZE pc to another - they can NOT infect Unix of Linux.

live free or die
harry
Live Free or Die
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО04-13-2004 02:42 AM

тАО04-13-2004 02:42 AM

Re: Is there a Unix Virus ?

Hi Richard,

YEP - it's spelled SCO and it's an insidious infection.

My 2 cents,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

тАО04-13-2004 02:48 AM

тАО04-13-2004 02:48 AM

Re: Is there a Unix Virus ?

Nope not on Unix, but if you share filesystems for windows servers you can store viri.

http://www.networkassociates.com/us/products/mcafee/antivirus/desktop/vs_unix.htm

Hope this helps,
Robert-Jan
0 Kudos
Reply
Marvin Strong
Honored Contributor

тАО04-13-2004 03:24 AM

тАО04-13-2004 03:24 AM

Re: Is there a Unix Virus ?

Well that depends on what he means my virus, some people, use virus, for the catchall term for malicious software.

There are 3 types of malicious software, virii, trojan horses, and network worms.

And while most people will claim there are no virii for unix, trojan horses, can be a problem.

Kate.sh(if I remember correctly) is a simple shell(kinda famous) script that could be considered a virus.
It will replicate itself, into other scripts that are in the same directory it runs from.

So they are possible. Just not widely known or popular. Due to most Unix systems are not as accessible nor numerous as Windows machines.

However you should always, keep an eye on your users, I have caught a few in my day with passwd, crackers, key capture, scripts etc...


0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

тАО04-13-2004 03:40 AM

тАО04-13-2004 03:40 AM

Re: Is there a Unix Virus ?

Jeff sorry you are wrong.

The virus is called Windows. I is horrible it causes you system to crash, it corrupts your data, and uses huge amounts of memory.


Wait a minute ---- thats it running normally ---


Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Uwe Zessin
Honored Contributor

тАО04-13-2004 04:10 AM

тАО04-13-2004 04:10 AM

Re: Is there a Unix Virus ?

The first known virus, as far as I know, was developed on a Unix system:
http://www.all.net/books/virus/part5.html
.
0 Kudos
Reply
Bruno Ganino
Honored Contributor

тАО04-13-2004 04:36 AM

тАО04-13-2004 04:36 AM

Re: Is there a Unix Virus ?

Antivirus
http://www.sophos.com/products/sav/
Bruno
Torino (Turin) +2H
0 Kudos
Reply
Fred Ruffet
Honored Contributor

тАО04-13-2004 04:42 AM

тАО04-13-2004 04:42 AM

Re: Is there a Unix Virus ?

Main problem for viruses on Unixes seems to be file-sharing with Windows PCs. They put infested files and other come to pick them.

Scanners are running on PCs but not on servers, and if you want to run your scanner on shares, you'll have to pass through Samba, CIFS or whatever you use. It will be long.

There are programs on Unixes to scan for thoses windows viruses, but you'll have to pay. A free solution is the File::Scan module for Perl. You certainly already have perl on your server. You install the module. It includes a sample program that you can script and is running good. It is based on Trend patterns (one is given with the module). If you don't have trend and its updates, then you can download new versions of file::scan periodicaly...
--

"Reality is just a point of view." (P. K. D.)
0 Kudos
Reply
Bruno Ganino
Honored Contributor

тАО04-13-2004 04:43 AM

тАО04-13-2004 04:43 AM

Re: Is there a Unix Virus ?

http://www.yuikee.com.hk/anti-virus/sophos/savunix.html
Torino (Turin) +2H
0 Kudos
Reply
John Kittel
Trusted Contributor

тАО04-13-2004 06:06 AM

тАО04-13-2004 06:06 AM

Re: Is there a Unix Virus ?

We run samba on our HP-UX systems, sharing filesystems to WinDOZE PCs. And we run Sophos atni-virus software, HP-UX version, on the HP-UX server, to scan the shares.

- John
0 Kudos
Reply
SS_6
Valued Contributor

тАО04-13-2004 12:01 PM

тАО04-13-2004 12:01 PM

Re: Is there a Unix Virus ?

No virus but there were some security warnings and we had to install patches for sendmail and some patches for HP Openview ITO products.
By providing solutions I am helping myself
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

тАО04-13-2004 05:54 PM

тАО04-13-2004 05:54 PM

Re: Is there a Unix Virus ?

There have been viruses for Unix in the past. They were called worms. But since all unixes differ so much, and since most virus writers or hackers love (or don't know) unix and most hate windows, and since writing a virus for windows is so easy with the number of security bugs in windows, you don't see them a lot anymore. Or don't hear of them.

But some unix servers do feel the impact of Windows viruses. We had some 10.20 systems with crashing RPC daemons due to the blaster virus, for instance!
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
MarkSyder
Honored Contributor

тАО04-13-2004 09:48 PM

тАО04-13-2004 09:48 PM

Re: Is there a Unix Virus ?

Paula,

I seem to remember that Computer Weekly highlighted the similarities between Windows and a virus a few years ago.

The conclusion they drew was that Windows isn't a virus, because viruses are well written and stable.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО04-13-2004 10:17 PM

тАО04-13-2004 10:17 PM

Re: Is there a Unix Virus ?

I know of no viruses, though writing one even as an unpriviledged user is trivial. Just write a script that keeps calling itself in a loop.

The system will come to a grinding halt very fast.

Symanntec claims to have a Virus scanner for Unix/Linux. Really it just scans emails for attached viruses.

As noted above hacking is a much more grave threat, with attempted relay of spam a big issue on machines exposed to the public Internet.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Ted Buis
Honored Contributor

тАО04-14-2004 11:54 AM

тАО04-14-2004 11:54 AM

Re: Is there a Unix Virus ?

With HP-UX 11.11 you have the option to use IDS/9000 for Intrusion Detection and IPfilter/9000 for additional protection. Also, you hopefully know about the Security Patch Check tool. If not, see:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA
Mom 6
0 Kudos
Reply
dirk dierickx
Honored Contributor

тАО04-14-2004 07:27 PM

тАО04-14-2004 07:27 PM

Re: Is there a Unix Virus ?

there have been proof of concept virusses on unix machines, but in reality it is hard for virusses to spread into the wild.

unix ofcourse has its share of security holes and these can be exploited.
what you have to watch out for on unix are mostly rootkits and every now and then a worm. to be safe run a rootkit checker every once in a while combined with a host based intrusion detection system like tripwire/aide and/or network based like snort.

http://sourceforge.net/projects/aide
http://www.tripwire.com/
http://www.snort.org/
0 Kudos
Reply
rmueller58
Valued Contributor

тАО04-16-2004 01:54 AM

тАО04-16-2004 01:54 AM

Re: Is there a Unix Virus ?

I've not be walloped with any direct threats to my *nix boxes.. I deployed snort and acid to monitor attempts, and our network (19 school districts) takes a daily pounding from a multitude of exploit attempts, PC worm infections, probes, DDOS, among other things, the best things that seems to knock a lot of it down is 1st a good firewall and security policy. Not all our 19 districts wanna have us micro-manage their PC/Mac network, all we can do is provide them information and services to reduce the risks.. We've shutdown P2P at the the router using Cisco NBAR..

Pop-ups and IM based products, are also restricted, we've become benevolent dictators about some things.
One of our districts was slammed this past week with Netsky, they were not using a SPAM email scanner, and had no PC based virus protection.. Our WS support person spent a day helping the SD's support team clean up. Several Workstations needed to be scratched and rebuilt.
Open Source solutions and *nix have been impervious at this point, but when a DOS hits our router every thing takes a performance hit. But the initiator of the DoS is generally a worm born MS macro virus of some sort. Spam assassin if you keep your conf up to date and rules current with known wild items, you can cut these too, but getting the buyoff from the pole smoking educators is a pain in the a*s.. It would hit the fan if the UX box got knocked. and paychecks didn't get out to them.. Then maybe they play by rules for a couple of months.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.