Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 2 Mar 1999 21:48:46 -0600
From:      Alan Weber <aaweber@austin.rr.com>
To:        Greg Lehey <grog@lemis.com>
Cc:        freebsd-questions@FreeBSD.org
Subject:   Re: H.S. networking (beginners)
Message-ID:  <19990302214846.A7794@austin.rr.com>
In-Reply-To: <19990303131142.U441@lemis.com>; from Greg Lehey on Wed, Mar 03, 1999 at 01:11:42PM %2B1030
References:  <000701be6509$2fc67980$41c494cd@KingKong> <19990303115627.Q441@lemis.com> <36DC9FEC.80DBBB5@confusion.net> <19990303131142.U441@lemis.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 03, 1999 at 01:11:42PM +1030, Greg Lehey wrote:
--> On Tuesday,  2 March 1999 at 21:35:24 -0500, Laurence Berland wrote:
--> > Greg Lehey wrote:
--> >
--> >> <SNIP>
--> >>
--> >>> An antivirus program
--> >>
--> >> FreeBSD doesn't have viruses, so it doesn't have anti-virus programs.
--> >> I believe some people offer virus scanners for Email destined to
--> >> Microsoft machines, but I can't say much about them.
--> >
--> > Perhaps I am not clear on whatt you mean.  Does it not have them
--> > because no one writes them, or is it truly virus-proof?
--> 
--> I don't suppose any system is *truly* virus-proof, modulo your
--> definition of virus.  But most viruses on Microsoft platforms exploit
--> conceptual weaknesses that FreeBSD does not have.  For example, I
--> couldn't think of any way to write a virus that is transferred by
--> mail.
--> 

The only reason FreeBSD/*nix doesnt have email viruses because not enough 
people think that having an auto execute of email attachments is a good idea.
IBM went thru a hell with PROFS a couple of years ago when a self-replicating
email forced them to shutdown their entire email system and hunt down copies of 
this email. Most viruses that use mail as a carrier are trojans anyway. 

There are several reasons that viruses are not prevalent in the *nix environment

1) *nix comes from a multi-user design standpoint and interprocess/user 
protections required for a stable operating system and run-time environment
significantly raise the bar for virus writers. Microsoft has an background of
standalone or isolated single user machines in trusted networks. If Microsoft 
had actually implemented something equivalent to telnet wher you could actually
execute code vs request file services, viruses would be far more damaging. 
Currently, viruses on microsoft are like vampires, you have to invite them in.

1a) A corallary of the above is that *nix machines are used by many people and 
thus are watched much more closely than a pc on someone's desk so suspicious 
activity is much more likely to be noticed.

2) *nix runs on wildly incompatable hardware as well as executable formats. You
would have to write a virus that could detect the environment of target system
and recompile itself for that environment to be generic to *nix. With the mix
of api's and system idosyncracies this is very difficult. 

3) Relative to Windows/DOS the populations of unix machines are very small making
a virus have to work much harder to find infectable systems. 

Notwithstanding the above, any root shell exploit that is automatable and that 
can be run over the internet could be used to create a virus. Given the explosion
of Linux machines on the net, a Linix virus is coming soon. Look at       
www.hub.org/OS_Survey and you will see that Linux is ~12% of the population 
that visited the web site and you can extropolate that Linux is near critical
mass if a simple root shell exploit is found that could be automated. Right now
the hackers have other goals, but eventually they will figure out that "agent"
technology will be the most efficient way for them to find and exploit others 
systems.

-- 
When I was a kid I had to rub sticks together to multiply and divide numbers. 
A calculator was a job description.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990302214846.A7794>