Re: Why doesn't UNIX pick up viruses? - Solaris

This is a discussion on Re: Why doesn't UNIX pick up viruses? - Solaris ; GreyCloud wrote: > I'm looking for the core details as to why UNIX doesn't get viruses. > Any thoughts on the technical details? > Greetings: I'm a total newbie to OpenSolaris but have used FreeBSD for a little over 6 ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Re: Why doesn't UNIX pick up viruses?

  1. Re: Why doesn't UNIX pick up viruses?

    GreyCloud wrote:

    > I'm looking for the core details as to why UNIX doesn't get viruses.
    > Any thoughts on the technical details?
    >


    Greetings:

    I'm a total newbie to OpenSolaris but have used FreeBSD for a little over
    6 years now. As to what is, or is not "Unix", is a different matter
    relating to various copyright/trademark naming issues so my comments may be
    construed as just sort of lumping them all together in a generalization.

    A few thoughts occur to me:

    1. "Unix", and/or it's derivatives has been around for quite a while. In
    it's earlier years it was hacked just like anything will be and as time
    progressed the code got better and it became more difficult to find new
    exploits. "Mature" is a word I associate with this.

    2. Along came Dos/Windows which became the dominant user desktop operating
    system. Fertile territory in which to explore for new exploits. As more and
    more weaknesses are located many more people are going to spend their time
    in this fertile landscape because it's "where the action is...".

    3. This is to say when you combine the largest number of installed machines
    with many new exploits just awaiting discovery you're setting the stage.
    This is not to say that any other OS is not "hackable"; but rather bang for
    buck against time spent. Hackers are not going to spend a year trying to
    break a "mature" OS when in that time they can easily come up with dozens
    of 'sploits which target large numbers of machines readily available to
    them.

    Now I'm certainly no expert. This is just my very general feeling kind of
    wrapped up in a nutshell. There are many who can probably give you a better
    answer than mine.

    -Jason


  2. Re: Why doesn't UNIX pick up viruses?

    Jason Bourne wrote:
    > 1. "Unix", and/or it's derivatives has been around for quite a while. In
    > it's earlier years it was hacked just like anything will be and as time
    > progressed the code got better and it became more difficult to find new
    > exploits. "Mature" is a word I associate with this.
    >
    > 2. Along came Dos/Windows which became the dominant user desktop operating
    > system. Fertile territory in which to explore for new exploits. As more and
    > more weaknesses are located many more people are going to spend their time
    > in this fertile landscape because it's "where the action is...".
    >
    > 3. This is to say when you combine the largest number of installed machines
    > with many new exploits just awaiting discovery you're setting the stage.
    > This is not to say that any other OS is not "hackable"; but rather bang for
    > buck against time spent. Hackers are not going to spend a year trying to
    > break a "mature" OS when in that time they can easily come up with dozens
    > of 'sploits which target large numbers of machines readily available to
    > them.


    While in theory age would tend to improve security, if you start from a very
    bad situation, time will do little to help. If you start with an effective
    security model as Unix did there are few openings for viruses and other
    attacks. In addition, Unix has security in depth. A security fault in,
    say, a CGI script may damage the web service, but if the web server is
    properly configured there is nowhere else to go within the operating system
    where damage can be made.

    In the past, a program may have needed to run as root and thus present a
    serious security risk. In a modern Unix (and Linux) system there is a
    security model that is extremely detailed. A program that needs some
    priviledge can be given just that capability and nothing else.

    As for the bigger target being hacked more, Apache runs about 66% of all web
    services yet it is much less likely to be successfully hacked.

    Finally, a Unix program requires special priviledge to open a network port
    below 1000. This simple measure eliminates a huge class of exploits that
    are common on some other platforms. It is very difficult to "own" a
    properly configured Unix system even when you have login access.




  3. Re: Why doesn't UNIX pick up viruses?

    On Wed, 24 May 2006, GreyCloud wrote:

    > I presume then that the need for special priviledges to open a network port
    > below 1000 will keep out most viruses then?


    It helps.

    The bottom line is that UNIX was (and still is) designed with security in
    mind. Contrast this to Windoze where security is at best a poorly bolted
    on after thought.

    In order to spread, a virus must be executed (run). Most users on a UNIX
    system do not have their own binaries, relying on only the stuff the system
    came with, or 3rd party software that will be installed by the admin. The
    OS binaries on a UNIX system (e.g., the usual commands one runs like ls and
    so on) are owned by root or some other privileged user, and cannot be written
    to by mere mortals. Consequently, viruses *can't* spread themselves by
    infecting system binaries.

    And the same thing applies to processes. If you and me are logged into the
    same system, and assuming neither of us is root, it is impossible for us to
    interfere with each other's processes. The kernel prohibits it, and the MMU
    enforces that prohibition at a HW level.

    The list goes on, but I think you get the point. :-)

    --
    Rich Teer, SCNA, SCSA, OpenSolaris CAB member

    President,
    Rite Online Inc.

    Voice: +1 (250) 979-1638
    URL: http://www.rite-group.com/rich

  4. Re: Why doesn't UNIX pick up viruses?

    News wrote:

    [snip]
    >
    > While in theory age would tend to improve security, if you start from a
    > very
    > bad situation, time will do little to help. If you start with an
    > effective security model as Unix did there are few openings for viruses
    > and other
    > attacks. In addition, Unix has security in depth. A security fault in,
    > say, a CGI script may damage the web service, but if the web server is
    > properly configured there is nowhere else to go within the operating
    > system where damage can be made.
    >
    > In the past, a program may have needed to run as root and thus present a
    > serious security risk. In a modern Unix (and Linux) system there is a
    > security model that is extremely detailed. A program that needs some
    > priviledge can be given just that capability and nothing else.
    >
    > As for the bigger target being hacked more, Apache runs about 66% of all
    > web services yet it is much less likely to be successfully hacked.
    >
    > Finally, a Unix program requires special priviledge to open a network port
    > below 1000. This simple measure eliminates a huge class of exploits that
    > are common on some other platforms. It is very difficult to "own" a
    > properly configured Unix system even when you have login access.


    Very well spoken, thanks for the clarification(s). I am aware of these
    details and is the general impetus behind my desire to have anything that
    is directly connected to the 'Net (ie my DMZ) be Unix rather than Windows.

    I am now looking at trying to get others where I work to consider doing
    the same with regard to a data warehouse/database server project involving
    Oracle. My thoughts along this matter are that even if all the Windows
    workstations get infected with malware(s) the data in the warehouse has
    more value and should be protected as such. Using a different OS would
    create an "isolation" preventing the promulgation from the workstation
    environment into the database environment.

    The argument I face is "it'll cost more to support the disparate
    infrastructure". My argument is "why can an MCSE not learn to support
    another OS?". I have used FreeBSD at home and in a test environment at work
    for 6 years now (it is our DMZ) and have begun the attempt to learn
    something about Solaris by installing OpenSolaris on a box at home. As with
    anything, there is a learning curve - so what? It's not impossible. The
    suits and ties at work are under the impression that they'll need to
    duplicate the personnel involved to run two OS's. Me I think the personnel
    we already have can handle the job if they do the work to climb the
    learning curve. But I get the feeling I'm barking up an empty tree. :-)

    -Jason





  5. Re: Why doesn't UNIX pick up viruses?

    On Wed, 24 May 2006, Jason Bourne wrote:

    > The argument I face is "it'll cost more to support the disparate


    WHat price data loss?

    > infrastructure". My argument is "why can an MCSE not learn to support
    > another OS?". I have used FreeBSD at home and in a test environment at work


    I'd think of another argument if I were you; MCSE are fairly well known
    for their cluelessness...

    > for 6 years now (it is our DMZ) and have begun the attempt to learn
    > something about Solaris by installing OpenSolaris on a box at home. As with
    > anything, there is a learning curve - so what? It's not impossible. The
    > suits and ties at work are under the impression that they'll need to
    > duplicate the personnel involved to run two OS's. Me I think the personnel
    > we already have can handle the job if they do the work to climb the
    > learning curve. But I get the feeling I'm barking up an empty tree. :-)


    Indeed. Get rid of all Windoze, fire the MCSE techie-wannabes, and put
    some secure infrastructure in there, with thin clients to the desktop.
    The potential cost savings are huge.

    --
    Rich Teer, SCNA, SCSA, OpenSolaris CAB member

    President,
    Rite Online Inc.

    Voice: +1 (250) 979-1638
    URL: http://www.rite-group.com/rich

  6. Re: Why doesn't UNIX pick up viruses?

    On Wed, 24 May 2006, GreyCloud wrote:

    > Thanks Rich. In a ways I was hoping that you would show up and you did. :-)


    Always glad to oblidge. :-)

    > The problem that I ran into is that some MSCE says that UNIX is no more
    > reliable than NT or XP is. Which I then asked where are the viruses for UNIX.


    Huh. MCSEs, as a rule, are clueless dolts (MCSE == Must Consult Someone
    Else). From my experience, they're taught how to do something using M$
    products, rather than the background knowledge. So, they might know how
    to set up an Exchange server, but don't have the faintest idea of how email
    actually works.

    > He couldn't name any. But his strawmans argument reaches into what I call the
    > 'myth' that UNIX is a small market niche and not in the majority like windows


    Yeah, they always pull that one.

    > Of course any urls or links showing that UNIX can't propagate or receive
    > viruses would be much appreciated for these types of discussions.


    "Can't" is perhaps too strong. In theory, a virus I run could infect
    any executable files I own--if I own any. Running that virus as root
    could be disastrous, but your average UNIX users don't go around as
    root all the time.

    Another thing to remember is Windoze's mantra: features over security
    (hence the virus propegation properties of Outhouse).

    --
    Rich Teer, SCNA, SCSA, OpenSolaris CAB member

    President,
    Rite Online Inc.

    Voice: +1 (250) 979-1638
    URL: http://www.rite-group.com/rich

  7. Re: Why doesn't UNIX pick up viruses?

    Rich Teer wrote:

    > On Wed, 24 May 2006, Jason Bourne wrote:
    >
    >> The argument I face is "it'll cost more to support the disparate

    >
    > WHat price data loss?


    This is my driving argument, believe me. No one wants to take the time and
    resources to plan [and test the plan in real life] for disaster. Then when
    disaster happens what mostly infuriates the suits and ties is me standing
    there saying "I told you so...". Been there, done that...

    >> infrastructure". My argument is "why can an MCSE not learn to support
    >> another OS?". I have used FreeBSD at home and in a test environment at
    >> work

    >
    > I'd think of another argument if I were you; MCSE are fairly well known
    > for their cluelessness...


    Well in some parts of this I am agreement, but not totally. "Paper" MCSEs
    who got their ticket punched from some $6000 boot camp I don't want
    anywhere around me. But to lump every MCSE into the same basket is probably
    an over generalization. Before I was an MCSE I was a CBE and before that a
    CNE. In each instance I walked into a testing facility one afternoon after
    having had worked extensively in each environment for several years. No
    boot camp or study course, just simple experience. But then I wrote my
    first Fortran program on punch cards with Hollerith code. I remember 9
    track tape, keypunch machines, and core bead memory.

    [snip]
    >
    > Indeed. Get rid of all Windoze, fire the MCSE techie-wannabes, and put
    > some secure infrastructure in there, with thin clients to the desktop.
    > The potential cost savings are huge.


    While I find the concept of the Sun Ray, and its like, very attractive I
    can't sell it. A suit and tie sees the cost and says "Gee, well I can buy a
    whole Dell PeeCee for that!" - and that's about where that ends. Since I am
    bound to work within the constraints imposed by others (many of which have
    no clue whatsoever) I don't really see an immediate end to the Windows
    desktop in my situation. But I'd like to get as much of it out of my
    datacenter as humanly possible. So I'm only trying to sell one corner - an
    upcoming data warehouse project.


    -Jason




  8. Re: Why doesn't UNIX pick up viruses?

    GreyCloud wrote:
    > I presume then that the need for special priviledges to open a network
    > port below 1000 will keep out most viruses then?
    > This is the technical aspect I've been looking for.


    No, it stops your system being the _source_ of bad stuff.

+ Reply to Thread