Good anti-virus programs for Linux

John Chambers,,,781-647-1813 jc at trillian.mit.edu
Sat Aug 28 13:35:32 EDT 1999 

Jerry Feldman <gaf at gaf.ne.mediaone.NET> writes:
	John Chambers Wrote:
	> Jerry Feldman writes:
	> Of course, those running linux on an Alpha  or  SPARC  or  any  other
	> non-Intel hardware probably don't need to worry for a while.
	I disagree with this. This is certainbly true in the case where the virus 
	is an Intel binary. But, what if the virus is a script, or even part ov a 
	Java byte code.  Remember that the Internet worm back in 1988 travelled 
	through many different Unix systems. No system is imune.

As I recall, there were two binary forms of the virus, one  of  which
infected  several  releases  of SunOS, and the other infected several
releases of Ultrix on a VAX.  Other Unix systems were unaffected.  At
the time, I was working at a rather security-conscious place (Mitre),
and our lab was full of Suns.  When  we  got  good  info  on  how  to
identify  the  worm,  we found several copies of it on various of the
Suns, but none had actually  been  "infected"  because  they  weren't
running  the  right releases of SunOS, or had a different SMTP daemon
than the sendmail that came with the system. (Guess who wrote it? ;-)
We  also  had  a  couple  of  VAXen,  which  weren't infected, and we
couldn't find the worm's code in them, probably because  they  talked
to  the  world  via  email  gateways that were Suns, and the VAX worm
binaries couldn't cross this gap.

	Jerry Clabaugh wrote:
	> http://www.cyber.com/papers/plausibility.html

Interesting and well-written doc.  But I did keep getting the feeling
that I was reading an attack on a strawman. He was trying to convince
readers that Unix viruses are possible.  I remember some of the early
virus  prototypes  back  in  the 70's, which were mostly developed on
Unix systems.  I'd be a bit surprised if anyone  knowledgeable  about
OSs  needed  convincing  of  the  possibility of a virus in any given
system, and I'd dismiss claims that "System FOO is  immune"  as  just
PR.   So proving that "Sytem X can have viruses" seems like preaching
to the choir.  What needs explaining is why there have been  so  many
problems  in  the Microsoft world, a few problems in the Apple world,
but only a few problems in the Unix world. The fact that Unix systems
have  been  networked  for  a  couple  of  decades now and Unix users
routinely download software via the Net would argue that Unix  should
have a lot of infections.

An article proving that Unix viruses are possible  isn't  at  all  an
answer  to  the  question  "Why  do  Unix  systems have so many fewer
problems?" It also doesn't answer  the  question  "Are  Unix  systems
likely to have more problems in the future?"

An argument for a "Yes" answer to the latter question is  that  virus
writers  naturally  tend to target common systems.  Now that linux is
running on a million machines or so, and most are using a small range
of  Intel  processors,  linux  is  likely  becoming a more attractive
target.  Also, which there aren't nearly as many alphas in the world,
many  of the high-load web servers are running on alphas, which makes
them into highly-visible and attractive targets.

More than half of the world's web servers, including most of the  big
ones,  are  running apache.  This qualifies as another "monoculture",
though the underlying hardware is varied  and  there  are  a  lot  of
releases.   I  wonder how many people are studying the apache code to
find good ways of bringing it down at will?

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

More information about the Discuss mailing list