----- Original Message -----
From: "Deryk Barker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 04, 2000 12:27 PM
Subject: Re: [expert] Anti-Virus for Linux
> Thus spake Kikta LCpl Jason M ([EMAIL PROTECTED]):
>
> > This may be a stupid question, but are there any anti-virus programs
> >avalible for Linux? I've looked but never found any and never seem to
even
> > hear mention of any. Is it necessary? If not, why? Thanks.
>
> Viruses are *much* harder to write for properly written OSes, i.e
> those in which there is protection for the boot sector, OS files etc.
>
> In order to infect a linux system you'd basically have to be running
> as root, which sensible people only do when absolutely necessary.
>
> Given that currently the largest (and fastest-growing) group of
> viruses are Word macro viruses, this is an excellent reason for
> hoping that MS never port Word to linux, although even then you;d
> probably only be able to infect your own userid.
>
> Which is not to say that linux viruses are impossible, but there is
> little incentive to produce one when you know that 99% of systems
> would not get caught. And 99% of MS systems would...:-)
>
> --
It's not a stupid question. It's just a confusing topic.
In a narrow sense, there is no known *nix virus "in the wild" although I
have heard of some in "laboratory environments", whatever that means.
It seems more a matter of terminology and nit-picking over what the
definition of what a virus is.
There are root exploits for *nix systems and the system operator doesn't
have to be running as root at the time of "infection". Since root exploits
give the intruder root permissions, the compromised machine can launch
attacks against other machines or "root" them also and spread that way,
pretty much what Joe Public would call a virus.The average person would
perceive a root exploit as a "virus", just as they don't understand the
distinction between a "hacker" and a "cracker".
There are malicious programs that exist in the *nix world, but many seem to
only trash the users workspace and so are considered somehow OK to sysadmins
since the malicious programs don't bring the entire system down (the
individual user would likely disagree about the importance, however).
Because of the way each OS is structured, the approach to attacks on MS
machines and *nix machines differ. MS exploits get more publicity because of
the much larger installed base. Because of the way the MS system is
designed, there seem to be many more opportunities to exploit them. Due to
their closed development, much more difficult to audit and fix. Because
there are so many installed systems, it is more difficult to apply the fix
to them all. Because of the sheer numbers of installations, they are easier
and more desirable targets (bigger bang for the buck, so to speak).
There are virus scanning programs for *nix systems, IIRC, but they are
usually focused on scanning email for MS viruses so as to not further
propagate them. Yet, I have heard some sysadmins claim not to care about
propagating Windows viruses since "we don't use Windows".
As a regular *nix user, you should not need to be concerned about viruses,
just make certain you always back up important data. As the administrator of
your own system, you should be aware of system security to defend against
root exploits on your machine.
Hoyt
