On Mon, Nov 26, 2001 at 04:40:03PM -0800, Rich Richenberg wrote: > Hello All, > I'd appreciate your comments on the exposure Unix-based systems face > relative to malicious code being passed via email, http, etc. I notice that > the major antivirus vendors do not offer server or desktop products for the > Unix-based OSes.
Inherently, there is nothing really preventing UNIX or UNIX-like OS's from being infected with virii or worms. However, several cultural factors make such infections somewhat rare: 1. Infecting system-level files in UNIX is a more difficult task. The tendancy for Windows users to log in, work, and run programs at the highest priviledge level (assuming there is security at all), and the common scripting environments provided by Microsoft's IE/Outlook/Office programs, make it easy to infect the system from a simply-written script. 2. Programming anything in UNIX is typically more difficult than Windows. Windows has GUI development tools like Visual Basic that make it easy for even the most novice programmer to write dangerous applications. 3. Most end-users run Windows on their desktop. The pool of 'victims' for a Windows virus is, therefore, much higher. 4. Those people who do run UNIX-alike OS's on their desktop generally know better than to fall for the typical email virus tricks. Additionally, I know of no UNIX-based mail client that automatically opens anything other than plaintext without the user explicity making that decision at some point. 5. Apache, by far the most popular web server for UNIX, has been hammered at for quite a while. I can't remember the last time I heard of a major exploit for Apache along the lines of the CodeRed problems with IIS. That's not to say UNIX programs are immune to viruses and the like. One could, for example, interpret most of the things run by skriptkiddies as a form of worm. These programs scan for infected ftp/bind/sendmail/ssh/younameit programs, exploit them, install themselves, and repeat. And in fact, many antivirus vendors provide "intrustion detection systems" for preventing this type of thing. But a desktop antivirus program for UNIX simply wouldn't be commercially viable for most of them. --K