Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!mips!pacbell.com!iggy.GW.Vitalink.COM!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson) Newsgroups: comp.virus Subject: UNIX & Viruses (UNIX) Message-ID: <0001.9104091351.AA04984@ubu.cert.sei.cmu.edu> Date: 3 Apr 91 18:34:30 GMT Sender: Virus Discussion List Lines: 50 Approved: krvw@sei.cmu.edu >From: micor!esleng!esleng.ocunix.on.ca!dag@uunet.UU.NET (Dave Gilmour) Basically, the sheer diversity of UNIX platforms provides the best defense against malicious software. Mix in the user/kernel and "rights" requirements and you have the basis for a good protection scheme. Mr. Morris's worm was directed at only two platforms: DEC Ultrix and Sun/OS as I recall and it had to carry separate code modules along for each. Viruses are remarkably sucessful on PCs, not because of the operating system, though DOS certainly does nothing to stop a virus, but because every machine from the lowliest 8088 to the mightiest 486 runs the basic 8086 instruction set at startup. Add in the fact that every function and every entry address defined in the 27 October, 1982 BIOS specification still exists and you have the key to the spread of malicious software. With UNIX on the other hand, not only is a certain amount of integrity checking built in to the O/S, but malicious software (and many users) have no idea if the architecture is based on an Intel 80386, a Motorola 680x0, the CVAX chipset, or some other RISC or CISC architecture. To the user, the biggest question is usually whether it is a C or Bourne shell. When we talk about "portability" in the UNIX world, we are usually referring to the fact that ASCII is ASCII and that source code that compiles on an Apollo can also compile on a VAX. That they use wildly different run-time-libraries is unimportant at the source-code level. In comparison, writing a virus that can attack both an IBM-PC and a MacIntosh would be simpler than one that could affect just the different varieties of Sun microsystems - no I am not picking on Sun, I just happen to have those manuals on hand. In addition, UNIX being a "real" multi-user operating system has had to layer in many integrity checks to protect users from each other. These same checks make it much more difficult to spread a virus without notice. I am not saying that it cannot be done, just that it would be first, difficult, and second, would have to be targetted to a particular platform or platforms. As yet, we have not seen any real threat to the UNIX platforms that cannot be countered with effective use of the tools built in. The biggest danger is still an "accident" by someone with root privilege and a managerial lack of proper training of system administrators. (off the soapbox, Padgett)