[PLUG] anti virus
Deepak Dinesh
deepak@purdue.edu
Thu, 20 Sep 2001 16:13:33 -0500 (EST)
On Thu, 20 Sep 2001, William Lee Irwin III wrote:
>On Thu, Sep 20, 2001 at 07:16:32AM -0500, Christopher N. Deckard wrote:
>> Secondly, there really isn't any kind of anti-virus software because the
>> only way to "infect" a Unix box is to actually run code by hand. If you
>> want to consider someone cracking into your machine and replacing known
>> binaries (ls, cat, grep, etc) with "evil" versions, then I guess you can
>> consider that a virus. There is software like Trip Wire and snort and
>> some other things that do intrusion detection and in some cases
>> prevention.
>
>The viral techniques of inserting code into executable formats of
>various kinds (be it machine code in ELF or PECOFF formats or shell
>scripts or Word macros) all pretty much carry over straight to UNIX.
>Of course, a malicious program will need to obtain privileges to do
>such modifications to executables or other files owned by root, but
>it's probably possible to just propagate entirely without privileges.
All the more reason to mount /home with noexec,nosuid etc.
DD