On Monday 26 November 2001 06:40 pm, Rich Richenberg wrote: > Hello All, > I'd appreciate your comments on the exposure Unix-based systems face > relative to malicious code being passed via email, http, etc. I notice that > the major antivirus vendors do not offer server or desktop products for the > Unix-based OSes. > > Thanks, > > Rich Richenberg > Technical Security Manager > Peregrine Systems, Inc. > unix systems are generally immune to malicious code being passed via an email message (they can still relay this code if they are mail servers, but they themselves are not infected) because most of the usual email clients do not support any of the 'features' which have lead to most of the email virii we see, the same is true for windows machines in which people do not use outlook. they are also generally immune to attacks which rely on the user executing the code as most virii passed via email are windows executables and will not run on unix platforms. As for http, i do recall a vulnerability where netscape would execute code embedded in .gifs or something, but that was a while ago (maybe 2 years?) so make sure you're up to date with that.
However if the unix system is running any remote accessable services it may be possible for the machine to be compromised. Protection against these types of attacks involves a different method than protecting desktops from virii, so different software is need, free software like snort, hogwash, and tripwire can greatly improve your immunity to most attacks, or at least knowedlge of when an attack occurs, and of course the most important thing is to keep all software up to date. Also many virus vendors do actually have products for unix variants, they are usually buried deep in their websites though, however their main use is scanning email, programs, or whatever for viruses that affect windows machines.
