From owner-freebsd-questions Thu Jun 20 13:29:12 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id NAA05699 for questions-outgoing; Thu, 20 Jun 1996 13:29:12 -0700 (PDT) Received: from rocky.sri.MT.net (rocky.sri.MT.net [204.182.243.10]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id NAA05693 for ; Thu, 20 Jun 1996 13:29:08 -0700 (PDT) Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id OAA11078; Thu, 20 Jun 1996 14:29:00 -0600 Date: Thu, 20 Jun 1996 14:29:00 -0600 From: Nate Williams Message-Id: <199606202029.OAA11078@rocky.sri.MT.net> To: Jim Dennis Cc: nate@sri.MT.net (Nate Williams), questions@FreeBSD.ORG Subject: Re: Missing Memory & shrinking drives In-Reply-To: <201006202023.NAA06201@mistery.mcafee.com> References: <199606201342.HAA09496@rocky.sri.MT.net> <201006202023.NAA06201@mistery.mcafee.com> Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Jim Dennis writes: > > > > > Greetings, > > > How does FreeBSD handle the presence of the various types of viruses. > > > Is it similar to the way NT handles them?? Are there any anti-virus > > > utilities available for FBSD? [ My claim that FreeBSD isn't succeptible to virus's for multiple reasons ] > Mostly correct. Note that most PC virii are not OS specific -- > they rely on the initial behaviour of the BIOS (these are > boot sector virii; there are a few hundred of them like > 'Stoned' and 'Michealangelo'). True. But I claim that 'most' is probably too strong. Many are Boot-sector virus's. > Typically the BSV (boot sector virus) then makes itself memory > resident. This part only works for DOS, since almost any 32-bit > OS, from Concurrent DOS, through Linux, FreeBSD and even OS/2 > and NT, switch out of real mode and replace all interrupt > service routines -- all hardwire drivers, with their own 32-bit > code. Note that Win '95 is vulnerable since the 32-bit GUI is > still riding on top of a 16-bit OS, and still relies and *some* > chunks of "real mode" code (some BIOS functions, and some "old > hardware drivers"). Exactly my point. In order to get/pass the virus your OS must allow it to be passed on, and Unix doesn't allow this. So, to get a boot-sector virus chances are *very* high that it came from a DOS/Windows floppy, so you should be able to use any of the DOS/Windows software to remove it. If you have a DOS floppy you are running DOS, and can run the DOS software to remove it. :) [ Good description deleted ] > So, as a practical point, there are not *unix* viruses. > > If, on the other hand, you are concerned about the possible > propagation of PC viruses *from* your NFS or FTP server to > other PC's -- then you might want to look at McAfee's > anti-virus for Unix (available for Linux, SunOS, and Solaris -- > hopefully the Linux version will run O.K. under FreeBSD's > "emulation"). Sad to say I haven't had time to personally > test that. Good point. The Moral of the story is: "Never post a small description of a problem when you know a complete expert in the field is lurking in the wings." :) Nate