UNIX for Dummies Questions & Answers

i tought you can;t get virus in unix ? i have some admins buddys that work in bsd all he time and they sayed you can;t get viurs in unix is that true? download.com is putting virux updates out for mac OS X ................

Thats not really true. There does exists Unix Viruses. Even though many implementation have been done to get rid of them Various patterns are still being code and programed each day to attack Unix OS's. Some are smart enough to attack even though on diffrent Kernels. Check this site out, more information you can get on.

http://antivirus.about.com/cs/unixthreats/

MAC OS/X Viruses.
http://www.avp.ch/avpve/otheros.stm

http://www.seifried.org/security/ant...d-viruses.html

I trust this Anti Virus Software. Check it out. Its from Sophos Anti Virus.

http://www.sophos.com/products/softw...s/savunix.html

theoretically, a virus couldn't affect system files unless it had the root password, or the details of somebody who had permission to alter system files, but it could bugger up a user's files if it was run by them.

Also, i have heard of unix antivirus software that eliminates windows viruses, so a windows virus cannot pass from one windows computer through a router or server running unix (which of course would not be harmed).

Just as the above poster said, the program would have to be executed with root privelages.
Since Unix has multiple users, and it's a Very Bad Idea to use the machine as root for any more than you have to, it would make sense that not as many people execute infected programs as root as would, say, someone on a Win98 machine which does not have different permission levels, so to speak.

Now, MacOSX, as I understand it, pretty much has the user logged on a privelaged user all of the time (maybe it's just in console mode). That puts MacOSX is the same boat as a Windows 98 machine.

Also, I'm sure that it's a supply and demand kind of thing. When was the last time any large-scale Mac virus was active? They're not as common as they used to be. But people always remember names like "Michelangelo Virus" and want virus protection. And sometimes they just listen to too much of the blather on ZDNET ScreenSaver...

Unix is not as secure as you folks seem to think. A somewhat recent example was the rlogin bug. rlogin is a program that can be executed by any user. However it is suid to root so it assumes root power as it runs. Until recently it loaded the contents of the TERM environment variable into an automatic array without checking to see if it fit. By cleverly setting your TERM variable to a long binary string, a user could deposit machine language code on the stack and then clobber the frame pointer so that the next return statement executed that code. All of this was done with effective uid set to root. And it didn't take the root password or anything like that. The bug was fixed in the late 90's. And HP-UX and SunOS now have kernel options to prohibit executing code on the stack. But I would not bet the rent that there are no more defective suid programs around.

This is not entirely true. In most home computer cases, a user with admin privileges is logged on all the time. Now just because the user has admin privileges does not mean they have full System Admin privileges. This just means they are allowed certain privileges to run and alter programs, not the system files itself. Now if a program were to affect a system file or the system folder, it would ask the user for an admin login and password. So in essence, you would know if something were trying to access your system.

Terminal (or Darwin, the Unix core) on the otherhand is a bit different. I am not too entirely familiar with it but I am learning. From what I understand, you do have more access privileges in the Terminal than in OS X. But Unix is a bit more of a powerful operating system so that does not surprise me.

And to straighten something out . . . Mac OS X is built off of a Unix core, which means that OS X is not entirely Unix. Therefore you can attempt to infect your OS X box with a Unix "virus" unless u tried to running Terminal. Nor can you (from my understanding) infect OS X with a "virus" (if you can find one) from Unix, this case the Terminal.

If I am wrong on any of this, someone please point out my error. I am here to learn just as any other.

Well, I take that as a mitigated risk. Many sites concerned about security have not run rlogin, or any of the r* services for that matter, for a very long time because it's not only a plaintext login agent, but it's inherent security problems make it undesirable as well. I bet there's a few people out there with an old fingerd that's vunerable to the Morris worm, but what's the likelyhood? Heck, even ssh isn't 100% proof, as recent history has shown. It's truly up to the competence of the administrator to make these decisions - is ssh worth the hassle for 80% security, or do we trust our network enough for rlogin and 60% security?
Frankly, no network is 100% safe, but of course if you know somewhat what you're doing, the likelyhood of exploitation drops exponentially.

How many "Unix" viriii have you seen? There have been a few worms, mostly for Linux and / or Solaris, but no user-initiated virus that were very widespread that I know of.