jbasara@uunet.UU.NET (jim basara) (01/17/91)
I would like to request recommendations for off-the-shelf packages which will prevent/isolate/monitor/etc. viruses on a Sun workstation under unix. thank you jim basara uunet!ssdc!jbasara
bryden@chopin.udel.edu (Chris Bryden) (01/30/91)
limes@Eng.Sun.COM (Greg Limes) writes: }ssdc!jbasara@uunet.UU.NET (jim basara) writes: }|> I would like to request recommendations for off-the-shelf packages }|> which will prevent/isolate/monitor/etc. viruses on a Sun workstation }|> under unix. } }Occasionally, I see people asking about such things on this list and }elsewhere, and I am underwhelmed by the amount of information that }therefore appears on the net. } }Has anyone ever actually SEEN a "virus" on a UNIX box? And, don't tell }me about worms, that's a different matter ... I am specificly looking }for information about programs that propogate by modifying other }programs. You bet. _Abacus_ had a fairly lengthy series of articles on unix style viruses. The author of the article wrote a fairly simple virus and advertized the existance of deseriable programs he had sitting around. Within a week, the virus had spread to the farthest reaches of the disk on an exerimental machine. }My background as an operating systems programmer at Sun leads me to }believe that such virii would be more difficult and less rewarding for }Joe Virus-Writer to create, and easier to protect against using }mechanisms available in the system, but it might be nice if I could }have some backing information that I could give when people ask me }about such things ... I'm surprised. Does the word "crt0" mean anything to you? Break a fairly mundain security hole, learn some assembly, and wait for the next big rebuild. Complicated by the fact that most sites with a source license get their updates in the form of source code, we're talking about a major hole in Unix. In fact, if you don't know when the bug was introduced, you may have to go back several operating system revisions to get back to "normal". And, hey, I'm not even going to start talking about packet scanners on a network that has NFS traffic. At some point, the distinction between virus, worm and trojan horse break down. Has anybody seen a formal specification that delineates the difference between each? Ever wonder why? I saw a Unix virus long before I ever saw a PC virus. Chris - -- {gateway}!udel!brahms!bryden | I am a direct result of the policies and actions bryden@udel.edu 302-451-6339 | that are endorsed by the University of Delaware.