On Fri, 5 Sep 2003 [EMAIL PROTECTED] wrote: > Dear freeBSD enthusiast, > Greetings. I am a newcomer to the BSD/Unix world. My place of > employment is a large agency with thousands of client machines. Most of > the clients use Microsoft Windows 2000 Professional operating system. Most > of the servers use either Novell operating system, or I.B.M. Domino > operating system. A very important ritual that each client computer > performs every morning at boot-up time is to run a virus scan application > program. This program is run whether or not the user desires it, because > it runs before the user us granted a log-on screen. In my reading of Unix > and BSD literature, I have found no mention of virus scan programs for > these operating systems. Do such programs not exist? Alternately, is the > Unix/BSD approach to this problem in a different philosophical and/or > procedural sphere? If so, could you describe the Unix/BSD approach to > locating and eradicating these invaders of one's hard drive? If the issue > is already explained in either printed literature, or posted at a world > wide web site, it is sufficient to cite the location. Many thanks for your > response.
Viruses usually aren't the problem on UNIX; you usually find things like "root kits," where someone has broken into the system and replaced some common programs with sinister ones. But the effect isn't that much different from a virus. This kind of thing is usually monitored on UNIX systems by comparing some attribute of the system binaries (usually a checksum or some such) to a set of known good values. For example, there is a tool called 'chkrootkit' in the ports tree that tests a set of common utilities for evidence of tampering in certain ways. My personal theory on the top reason why viruses are not popular on UNIX is that most people run their software from a non-priveleged account, which means if they ever did run a binary with a virus, it probably wouldn't get very far. It's much more worthwhile to concentrate your attacks (and therefore your defenses) on worms. And the defense for worms is simple: turn off every service you don't need, put the ones you do need in their own jails, and patch, patch, patch! (see http://windowsupdate.microsoft.com for an example of those last three steps) As an aside, there are products for Linux/FreeBSD that will scan e-mail for Windows viruses, but I don't think that's what you're talking about... Marc. -- Marc Ramirez Blue Circle Software Corporation 513-688-1070 (main) 513-382-1270 (direct) http://www.bluecirclesoft.com http://www.mrami.com (personal) _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"