Date: Thu, 21 May 1998 11:19:29 +0930 (CST) From: Mark Newton <newton@camtech.com.au> To: cschuber@uumail.gov.bc.ca Cc: egravel@elr346.ateng.az.honeywell.com, freebsd-security@FreeBSD.ORG Subject: Re: Virus on FreeBSD Message-ID: <199805210149.LAA25157@frenzy.ct> In-Reply-To: <199805210018.RAA04596@passer.osg.gov.bc.ca> from Cy Schubert - ITSD Open Systems Group at "May 20, 98 05:18:37 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert - ITSD Open Systems Group wrote: > Stunt Pope wrote: > > Thanks for all the info. Now for a second question. Since there is an > > antivirus made by McAfee for Linux, Solaris, HP-UX, AIX (and one or two > > more Unix OS's) is there anything similar made for FreeBSD? What can > > one download/purchase to prevent: > > > > 1- Arrival/infection of the system from any virus that would target > > FreeBSD? > > 2- Presence of virii for any other OS in any file on the system? In addition to Cy's comments about the Linux "virus", I'd also point out that TTBOMK McAfee's virus scanners for Unix don't search for Unix viruses; They search for Wintel and Mac viruses enclosed within email attachments on Unix mail servers. As such they fit category 2 above. Category 1 is so far off the radar that it isn't worth considering -- IF one shows a little bit of discipline with the use of one's hash prompt (i.e.: don't go running foreign binaries as root unless you trust 'em). Since most people seem to show that required discipline, I'd guess that the law of diminishing returns makes it unworthwhile to actually write Unix viruses in the first place. LKMs open vast new vistas of potential for viruses, btw. I attended a series of seminars given my Kirk some number of years ago, where he said the decision to avoid expending development time on LKMs for 4.4BSD was partly motivated by the security concerns raised by the ability to move executable code from user-space (i.e.: the filesystem) into the kernel. Mitnick's SunOS "tap" streams module is but one example :-) - mark --- Mark Newton Email: newton@communica.com.au Systems Engineer and Senior Trainer Phone: +61-8-8303-3300 Communica Systems, a member of the Fax: +61-8-8303-4403 CAMTECH group of companies WWW: http://www.communica.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805210149.LAA25157>