Tip

Does HP-UX need anti-virus?

Not according to this post on the

">HP-UX Tek-Tips forum. Actually according to the information below, viruses are exclusively the problem of Microsoft operating systems. This forum posting was spawned by the question "do you really need anti-virus for UNIX?" Read the thread in its entirety here.

There are many "trojans" for UNIX, and they are very easy to make. I.E. A script that calls /sbin/rm -f /* executed by root will delete the files under / (exception would be /sbin and /sbin/rm and the shell because they are in use). While some people consider trojans a virus, they are not.

Viruses have certain characteristics which would define them as viruses. First, a virus is usually memory resident. This means that the virus sits in memory and looks for keys to attack files. Usually the dos extension to the file name. I.E. .exe files and .com files. Also viruses must be at least a nuisance. Like writing "eat my shorts" into a text file would cause an unwanted change to the file. A program that sat in memory and wrote our ficticous message to files would be a virus. A virus must also spread itself in one way or another.

Because the virus usually needs a trigger (like the dos extension) UNIX viruses are much more difficult to create. Since /usr/bin/rm is an executable not denoted by rm.exe, the virus would not be able to tell by name what is an executable to infect and spread, and what is not. /etc/hosts would look the same to a virus as /etc/ping. A virus would have to be huge to sit in memory and be able to stat all files, run magic, check bits, etc... to know how to spread.

Next, in UNIX the kernel is memory resident. When the system boots the kernel, it is read only. The kernel sits in memory until system shutdown. If a virus was to infect the kernel, it would not be effective until the system was rebooted with the bad kernel. In Win/XXXX the kernel sits on a disk, and is constantly accessed. A 100MB kernel just does not fit into most PC's memory :). If the kernel is corrupted, the corruptions are instantly read in, and accepted. Microsoft was supposed to fix this in Win NT 4.0, then in 2000, but I guess they will just let saps keep buying their products and spending tons of cash on anti-virus software and think that it has to be that way... How easily some of us are fooled :).

The next problem with running a virus in UNIX is that the virus can only run at the access level of the user who executes the program. I.E. If johndoe executes the program, the program can only affect "johndoe"'s processes and files. Anything owned by "root", and "bettysue" would be unaffected. The virus could only do wide spread system damage if the super user "root" executed the virus. This severely limits the ability of a virus in UNIX. Windows NT and 2000 also have multi leveled access for processes, but Microsoft's implementation is very easy to bypass.

In SunOS and Linux, the virus scanning software that is available is NOT for UNIX and Linux protection, but Microsoft Windows protection. The software is made to scan data shared to and from Windows boxes.

The best defense in UNIX to the Virus threat is common sense, built in UNIX functionality, and basic security measures.

Tell the person asking for AV for HP-UX that it is only necessary in the Microsoft world.


These opinions are sure to inspire some discussion. Visit the SearchHP.com discussion forums to chime in.

Editor's Note: The opinions expressed in this passage are solely those of the author and are not intended in any way to indicate an opinion by SearchHP.com or its parent TechTarget.


This was first published in August 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.