From owner-freebsd-questions@freebsd.org Thu Mar 24 15:39:01 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7F1B8ADC37A for ; Thu, 24 Mar 2016 15:39:01 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.70.90]) by mx1.freebsd.org (Postfix) with ESMTP id 604BD11A5; Thu, 24 Mar 2016 15:39:01 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 985CCCB8CA8; Thu, 24 Mar 2016 10:38:59 -0500 (CDT) Received: from 128.135.52.6 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Thu, 24 Mar 2016 10:38:59 -0500 (CDT) Message-ID: <35576.128.135.52.6.1458833939.squirrel@cosmo.uchicago.edu> In-Reply-To: <56F40540.6090600@FreeBSD.org> References: <44909.128.135.52.6.1458829510.squirrel@cosmo.uchicago.edu> <56F40540.6090600@FreeBSD.org> Date: Thu, 24 Mar 2016 10:38:59 -0500 (CDT) Subject: Re: Anti-virus for FreeBSD From: "Valeri Galtsev" To: "Matthew Seaman" Cc: freebsd-questions@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Mar 2016 15:39:01 -0000 On Thu, March 24, 2016 10:18 am, Matthew Seaman wrote: > On 2016/03/24 14:25, Valeri Galtsev wrote: >> (Is anybody in a mood of correcting me on the part >> that we scan for viruses attacking something else not on MS products? >> Are >> there any? ;-) > > I believe that there is a growing corpus of Malware aimed at MacOS X, > IOs and Android nowadays. Although nothing like as much as has been > aimed at various Windows versions over the years. It's all down to how > common those OSes are and whether the malware can achieve any sort of > critical mass and whether it provides sufficient return for its authors. Do any of virus scanners scan for MacOS or Android aimed stuff? > > Of course, while FreeBSD is an unlikely target, it is certainly not > immune. Nothing is. It's just it doesn't usually pay to attack FreeBSD > machines because a) most FreeBSD users tend to pay more attention to > security than your average machine-herder, and b) even if you do develop > an interesting way of breaking into FreeBSD boxes, there aren't enough > of them around to make them worthwhile as a target for recruiting into a > botnet or the like. > > Also, since FreeBSD is pretty uncommon as a desktop sysetm, attacks on > it that rely on end-users to click on things they shouldn't are pretty > futile. Yes, this is where the difference between [MS Windows] virus and UNIX worm shows (and I would add MacOS into UNIX band, not certain about Android, as I'm not sure to what extend android executes when it sees something it can execute). I probably should exclude Morris worm here though. Basically, Windows viruses exploit mostly MS Windows architecture flaws. MS itself warns that to run MS Windows safely you should have anti-virus software (this is the only system vendor that plainly admits their system can not be run safely with some 3rd party software). Thanks for your nice input, Matthew! Valeri > Not when there's all those poorly written PHP applications and > other network-exploitable code; a much more likely attack vector against > FreeBSD -- but those tend not to require anti-virus software to defend > against. > > Cheers, > > Matthew > > > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++