HPE Community
Operating System - HP-UX
1829309 Members
2367 Online
109989 Solutions
New Discussion

UNIX anti-virus

 
SOLVED
Go to solution
Robert Gamble
Respected Contributor

‎10-10-2000 11:52 AM

‎10-10-2000 11:52 AM

UNIX anti-virus

This is not a joke.
I have explained until I was blue in the face to local auditors that UNIX does not have anti-virus software availiable, and the local system administration is how it is controlled. I have tried explaining the difference between exploits and virii.

Is there an official statement from anyone (HP, SUN, IBM) stating that anti-virus software/measures are needed or required ? Something on paper would be nice to show these 'unbelievers'.

Thanks in advance.
0 Kudos
Reply
7 REPLIES 7
Rita C Workman
Honored Contributor

‎10-10-2000 12:17 PM

‎10-10-2000 12:17 PM

Re: UNIX anti-virus

Well I don't know if this will help you respond to mgmt, but here is a thread you may want to look over. It simply repeats your words:
http://my1.itrc.hp.com/cm/QuestionAnswer/1,1150,0x20b9119c3420d411b66300108302854d,00.html
But this next url may help you....Basically, as you already know, there is no 'antivirus' software for HPUX. Not in the sense of what the untechnologicals think as 'antivirus software'. This protection lies in the ability of the System Administrator to ensure that no outside forces can login/ftp or rlogin without proper authorization. It lies in the fact that the SA ensures that only the folks who need to see and do...can. And it lies in the security measures and backup procedures put in place by the SA.
As you said...HPUX is not Windows or Dos, and this 'generic-out of the box' software is what hackers rely on to weave their corruption.'
But here's the url....it shows what HPUX does is provide patch(s) to ensure that encryption, security access, router management, etc is all being properly handled by the server. Hope it helps,
http://my1.itrc.hp.com/cm/QuestionAnswer/1,1150,0x20b9119c3420d411b66300108302854d,00.html
0 Kudos
Reply
Robert Gamble
Respected Contributor

‎10-10-2000 12:38 PM

‎10-10-2000 12:38 PM

Re: UNIX anti-virus

Thanks Rita, but if you notice in the 1st url you posted, I was the one who gave the thorough answer.

The 2nd url is exactly the same as the 1st, which is probably a typo.

Thx
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎10-10-2000 12:54 PM

‎10-10-2000 12:54 PM

Solution

Re: UNIX anti-virus

I am not an HP official, but have been working in the UNIX environment for more than a decade. (Old timer kindof). Here is an explenation of why virii do not exist for UNIX. Let me say that the pointer in the previous reply says some of this too.

First, I should say that there are many "trojans" for UNIX, and are very easy to make. I.E. A script that calls /sbin/rm -f /* executed by root will delete the files under / (exception would be /sbin and /sbin/rm and the shell because they are in use). While some people consider trojans a virus, they are not.

Virii have certain characteristics which would define them as virii. First, a virus is usually memory resident. This means that the virus sits in memory and looks for keys to attack files. Usually the dos extension to the file name. I.E. .exe files and .com files. Also virii must be at least a nuisance. like writing "eat my shorts" into a text file would cause an unwanted change to the file. A program that sat in memory and wrote our ficticous message to files would be a virus. A virus must also spread itself in one way or another.

Because the virus usually needs a trigger (like the dos extension) UNIX virii are much more difficult to create. Since /usr/bin/rm is an executable not denoted by rm.exe, the virus would not be able to tell by name what is an executable to infect and spread, and what is not. /etc/hosts would look the same to a virus as /etc/ping. A virus would have to be huge to sit in memory and be able to stat all files, run magic, check bits, etc... to know how to spread.

Next, in UNIX the kernel is memory resident. When the system boots the kernel, it is read only. The kernel sits in memory until system shutdown. If a virus was to infect the kernel, it would not be effective until the system was rebooted with the bad kernel. In Win/XXXX the kernel sits on a disk, and is constantly accessed. Sorry Gates and Clan, but a 100MB kernel just does not fit into most PC's memory :). If the kernel is corrupted, the corruptions are instantly read in, and accepted. Microsoft was supposed to fix this in Win NT 4.0, then in 2000, but I guess they will just let saps keep buying their products and spending tons of cash on anti-virus software and think that is has to be that way.....How easily some of us are fooled :)

The next problem with running a virus in UNIX is that the virus can only run at the access level of the user who executes the program. I.E. If johndoe executes the program, the program can only affect "johndoe"'s processes and files. Anything owned by "root", and "bettysue" would be unaffected. The virus could only do wide spread system damage if the super user "root" executed the virus. This severely limits the ability of a virus in UNIX. Windows NT and 2000 also have multi leveled access for processes, but Microsoft's implementation is very easy to bypass. Another fine programming job by the wonderfull folks at Microsoft! :)

In SunOS and Linux, the virus scanning software that is available is NOT for UNIX and Linux protection, but Microsoft Windows protection. The software is made to scan data shared to and from Windows boxes.

The best defense in UNIX to the Virus threat is common sense, built in UNIX functionality, and basic security measures available in more locations than I would care to give in this reply.

Tell the person asking for Norton AV for HP-UX that it is only necessary in Microsoft world. While him and sooo many others think that Crashes and Virus threats are daily concerns, us UNIX folks know better!

Sincerely,
Shannon Petry
Systems Engineer
Microsoft. When do you want a virus today?
Reply
Greg Land
New Member

‎03-15-2001 12:05 PM

‎03-15-2001 12:05 PM

Re: UNIX anti-virus

I've been doing a little research on the same topic and came accross the following information you may find usefull:

- There are quite a few anti-virus solutions for UNIX (including HP-UX). Just search Yahoo for "+Anti-Virus +UNIX" and you'll find many pages of them. One promising prospect with a 30 trial is Sophos Anti-Virus for Unix (http://www.sophos.com/products/antivirus/savunix.html). Wish CA's InoculateIT would come on-board.

- There is a whitepaper written by Peter Raddatti titles "The Plausibility of UNIX Virus Attacks" that clearly states the case (cf. http://www.cyber.com/papers/plausibility.html).

I certainly don't have a philosophical opinion formed on what constitues a UNIX virus, but clearly malicious code exists ranging from simple shell scripts to full-blown DDOS attacks (e.g. distributed SMURF variants and daemonic.c). Even with the most up-to-date OS patches, firewall rules, and monitoring tools, it seems prudent to include proactive anti-virus software in your arsenal.

V/R
Greg
Reply
Brian Markus
Valued Contributor

‎03-15-2001 04:22 PM

‎03-15-2001 04:22 PM

Re: UNIX anti-virus

I think that advertising has gotten to him. McAfee/Network Associates makes an Anti-Virus for UNIX... But it's not to protect the OS, it's for people that use their unix systems for mail or as a shared filesystem (samba) It scan's through the mail or pc files stored and cleans them. The Unix OS it self can NOT be affected by "viruses" just malicious scripts and stupid admins that run them.
When a sys-admin say's maybe, they don't mean 'yes'!
0 Kudos
Reply
Bill McNAMARA_1
Honored Contributor

‎03-16-2001 06:05 AM

‎03-16-2001 06:05 AM

Re: UNIX anti-virus

You can download the Security Admin Tool SAINT from the porting archive.

http://hpux.connect.org.uk/hppd/hpux/Networking/Admin/saint-3.1.2/

Tripwire and Cops are other tools you may want to investigate that are well established on the security front.

Later,
Bill
It works for me (tm)
Reply
Marcel Boon
Trusted Contributor

‎03-16-2001 06:20 AM

‎03-16-2001 06:20 AM

Re: UNIX anti-virus

Beautiful explanation Shannon!!

Marcel
See the man pages
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.