> Unix systems are as susceptible to hostile software attacks as any other system,
UNIX systems are as susceptible to *some* hostile software attacks as *some*
other systems.
> however, the Unix community is zealous in their believe that they are immune.
> This belief is in the face of historical reality.
I described a "source code virus" that was more of a "real" virus than the
Internet Worm, and posted a message about it to the net about a week before
the "Internet Worm" hit.
Due to the Internet Worm it was never implemented, but would have been a
program that would infect source distributions by hijacking "malloc"... a
routine used in virtually all programs. It would copy its source code to
the end of a random large C source file (using standard obfuscated C contest
tricks to encode its source in itself) the first time it was run, then perform
a conventional "malloc" operation (using "sbrk").
So I'm hardly ignorant of the fact that a UNIX virus could be developed.
I would rather appreciate, then, some expansion on the following paragraphs
that make claims that appear on the face of it to be contrary to my own
experience, claims that are completely unsupported in your document.
> Traditional methods used against attacks in other operating system
> environments such as MS-DOS are insufficient in the more complex
> environment provided by Unix.
And are also, IMO, competely unnecessary. Normal users can not write
executables into locations that other users run programs from, nor can they
write into arbitrary memory locations. Therefore it's hard for a virus to
propogate, and the usual virus checking tools are un-necessary. The tools
that *are* needed are things like "COPS" and "Tripwire", and these tools
already exist.
> Additionally, Unix provides a special and significant problem in this regard
> due to its open and heterogeneous nature.
IMO this is a problem for the virus writers. For a virus to remain undetected,
it has to infect executables. This is inherently difficult in an environment
where the machine codes and executable formats vary from system to system.
Also, traditional MS-DOS based virus techniques, such as stealth, are far
harder in the UNIX environment where so much more of the machinery is exposed
to the casual view. How do you stealth a shell script?
> These problems are expected to become
> both more common and pronounced as 32 bit multitask network operating systems
> such as Microsoft NT become popular.
NT is a different matter, since in the normal configuration users have write
access to %systemroot%... a shared executable location that is required by
the vast majority of DOS software. The fact that Microsoft encourages software
developers to design their packages to install into %systemroot% means this
problem is not going to get fixed.
In any case... while it's clear that complete immunity to viruses in UNIX is
a myth, statements like "Unix systems are as susceptible to hostile software
attacks as any other system" are simply alarmist. UNIX is a lot harder to
automatically attack than most of the systems on people's desktops today. No,
it's not immune. But it's definitely resistant.
Follow-Ups:
References:
|
|
