Virus Protection On *nix

GovernmentSecurity.org > System Security > Trojan & Virus Errata

beardednose

Aug 4 2003, 02:41 PM

I'm trying to convince my company to run AV protection on all boxes and are running into a bit of barbwire

. The Windows boxes are hands down, but the Linux, AIX, and remaining *nix boxes aren't going quietly.

Now I know that *nix viruses aren't as prevalent, but the last cleanup (Windows-not all were protected) cost a pretty nickel. I just don't think that leaving those *nix boxes unprotected is worth the chance. Especially as Linux and other *nix systems grow in popularity. Eventually more and more viruses and attacks will focus on those. And the attacks are getting more clever. When is someone going to write a cross-platform virus?

What do you think? What's your experience? Do you think it's necessary? Wise?

Whose ever got a *nix virus and what happened? How much did recovery cost?

w00dy

Aug 4 2003, 08:52 PM

[QUOTE]When is someone going to write a cross-platform virus?[/QUOTE]
Its kind of impossible to write a cross platform virus... The file system hierarchies are setup differently and there are no exploits taht are the same on both windows and *nix, even different flavors of the *nixes have different file system hierarchy. The closest you could do would be to write 2 viruses in C and then compile them together (1 for windows, 1 for Linux).

As for the AV, it all depends on the flavor of linux. For instance, Redhat (which i think sucks) is going to be far more vulnerable than something like Debian or FreeBSD. The latter 2 distros have professionals changing, securing, and updating everything from how programs are compiled to the source code every day. This makes them far safer because they are updated more frequently. Generally the same people that find new exploits are also the ones who help to write patches for them. Therefore, the flavors that are being updated everyday are going to be far less susceptible to virus' and exploits than the more main stream things like RH and windows which get updates every couple months. By far the least secure linux flavors (excluding small distros like BrlSpeak (linux for the blind)) are RH, Suse, Mandrake in that order.

beardednose

Aug 5 2003, 05:05 PM

That's what I mean, w00dy. Compile one for each. Thanks for the input.

Dillinja

Aug 7 2003, 02:25 PM

There is one cross-platform virus Ive read about:

(From Hacking Explosed:Linux)
[QUOTE]W32/Lindose: This cross platform virus is able to infect both Windows PE executables and Linux ELF executables. When run, it searches for executables to infect and prepends itself to the program. A technical achievement surely, but not anything too scary for Linux users. The infection routines can only run from a Windows machine, which means that you need to have your Linux file system mounted on a Windows box and run the virus from there.[/QUOTE]

So while tecnically a cross-platform virus, its not really a threat.

Also from HE:Linux, an example of a Linux "virus" in the wild contained in an email message:
[QUOTE][I]
To: Whomever
From: A Friend
Subject: Linux Virus

This virus works on the honor system:

If you're running any varient of UNIX or Linux, please forward this message to everyone you know, and delete a bunch of your files at random.

Thank you for your cooperation.

--

Hi! I'm a signature virus!
Copy me into your signature to help me spread! [/I][/QUOTE]

enlightnr

Sep 4 2003, 07:08 PM

Well the way Linux sets up users to Windows users. Is a clear advantage to stopping virus'. As long as you dont give users root that would help.
Also Id be more worried about keeping up to date with patches on linux as exploits would be of a higher risk.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Virus Protection On nix GovernmentSecurity.org > System Security > Trojan & Virus Errata beardednose Aug 4 2003, 02:41 PM I'm trying to convince my company to run AV protection on all boxes and are running into a bit of barbwire . The Windows boxes are hands down, but the Linux, AIX, and remaining nix boxes aren't going quietly. Now I know that nix viruses aren't as prevalent, but the last cleanup (Windows-not all were protected) cost a pretty nickel. I just don't think that leaving those nix boxes unprotected is worth the chance. Especially as Linux and other nix systems grow in popularity. Eventually more and more viruses and attacks will focus on those. And the attacks are getting more clever. When is someone going to write a cross-platform virus? What do you think? What's your experience? Do you think it's necessary? Wise? Whose ever got a nix virus and what happened? How much did recovery cost? w00dy Aug 4 2003, 08:52 PM [QUOTE]When is someone going to write a cross-platform virus?[/QUOTE] Its kind of impossible to write a cross platform virus... The file system hierarchies are setup differently and there are no exploits taht are the same on both windows and nix, even different flavors of the nixes have different file system hierarchy. The closest you could do would be to write 2 viruses in C and then compile them together (1 for windows, 1 for Linux). As for the AV, it all depends on the flavor of linux. For instance, Redhat (which i think sucks) is going to be far more vulnerable than something like Debian or FreeBSD. The latter 2 distros have professionals changing, securing, and updating everything from how programs are compiled to the source code every day. This makes them far safer because they are updated more frequently. Generally the same people that find new exploits are also the ones who help to write patches for them. Therefore, the flavors that are being updated everyday are going to be far less susceptible to virus' and exploits than the more main stream things like RH and windows which get updates every couple months. By far the least secure linux flavors (excluding small distros like BrlSpeak (linux for the blind)) are RH, Suse, Mandrake in that order. beardednose Aug 5 2003, 05:05 PM That's what I mean, w00dy. Compile one for each. Thanks for the input. Dillinja Aug 7 2003, 02:25 PM There is one cross-platform virus Ive read about: (From Hacking Explosed:Linux) [QUOTE]W32/Lindose: This cross platform virus is able to infect both Windows PE executables and Linux ELF executables. When run, it searches for executables to infect and prepends itself to the program. A technical achievement surely, but not anything too scary for Linux users. The infection routines can only run from a Windows machine, which means that you need to have your Linux file system mounted on a Windows box and run the virus from there.[/QUOTE] So while tecnically a cross-platform virus, its not really a threat. Also from HE:Linux, an example of a Linux "virus" in the wild contained in an email message: [QUOTE][I] To: Whomever From: A Friend Subject: Linux Virus This virus works on the honor system: If you're running any varient of UNIX or Linux, please forward this message to everyone you know, and delete a bunch of your files at random. Thank you for your cooperation. -- Hi! I'm a signature virus! Copy me into your signature to help me spread! [/I][/QUOTE] enlightnr Sep 4 2003, 07:08 PM Well the way Linux sets up users to Windows users. Is a clear advantage to stopping virus'. As long as you dont give users root that would help. Also Id be more worried about keeping up to date with patches on linux as exploits would be of a higher risk. This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.