Date: Thu, 21 May 1998 11:19:29 +0930 (CST) From: Mark Newton <newton@camtech.com.au> To: cschuber@uumail.gov.bc.ca Cc: egravel@elr346.ateng.az.honeywell.com, freebsd-security@FreeBSD.ORG Subject: Re: Virus on FreeBSD Message-ID: <199805210149.LAA25157@frenzy.ct> In-Reply-To: <199805210018.RAA04596@passer.osg.gov.bc.ca> from Cy Schubert - ITSD Open Systems Group at "May 20, 98 05:18:37 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert - ITSD Open Systems Group wrote:
> Stunt Pope wrote:
> > Thanks for all the info. Now for a second question. Since there is an
> > antivirus made by McAfee for Linux, Solaris, HP-UX, AIX (and one or two
> > more Unix OS's) is there anything similar made for FreeBSD? What can
> > one download/purchase to prevent:
> >
> > 1- Arrival/infection of the system from any virus that would target
> > FreeBSD?
> > 2- Presence of virii for any other OS in any file on the system?
In addition to Cy's comments about the Linux "virus", I'd also point
out that TTBOMK McAfee's virus scanners for Unix don't search for Unix
viruses; They search for Wintel and Mac viruses enclosed within email
attachments on Unix mail servers. As such they fit category 2 above.
Category 1 is so far off the radar that it isn't worth considering -- IF
one shows a little bit of discipline with the use of one's hash prompt
(i.e.: don't go running foreign binaries as root unless you trust 'em).
Since most people seem to show that required discipline, I'd guess that
the law of diminishing returns makes it unworthwhile to actually write
Unix viruses in the first place.
LKMs open vast new vistas of potential for viruses, btw. I attended a
series of seminars given my Kirk some number of years ago, where he
said the decision to avoid expending development time on LKMs for 4.4BSD
was partly motivated by the security concerns raised by the ability to
move executable code from user-space (i.e.: the filesystem) into the
kernel. Mitnick's SunOS "tap" streams module is but one example :-)
- mark
---
Mark Newton Email: newton@communica.com.au
Systems Engineer and Senior Trainer Phone: +61-8-8303-3300
Communica Systems, a member of the Fax: +61-8-8303-4403
CAMTECH group of companies WWW: http://www.communica.com.au
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805210149.LAA25157>