The subject line is Anti Virus Software for Linux:. I am not sure how much of that you will find as UNIX systems don't exactly get the same viruses that DOS and Windows systems do. They have their own set of nasties to look out for. One of the most potentially dangerous things to watch out for are security holes that are created by malfunctions in the operating system such as un-checked buffers or timing situations sometimes called race conditions in which somebody can do terrible things to your system by sending it certain commands at just the right time in relation to each other to break an application in such a way as to gain root access. Once they gain root, the world is their oyster so to speak. Un-checked buffers are one of the most common hacker access methods and the way they work is pretty simple. A certain program may have some memory set aside for holding perhaps a user ID and password or a set of operating parameters. Maybe the programmer decided that 32 or 64 bytes was sufficient for this information. Now, suppose somebody accesses this program and begins to pump junk characters at it in place of anything useful. If the buffer is un-checked, the routine that stores these data does nothing but add one more character to memory each time a new character comes in. It keeps adding and adding until the 32 or 64 bytes are filled and then it keeps right on grinding away overwriting other buffers and maybe even getting in to program code. At that point, the program dies as soon as the storage routine hits some vital part of the code. What happens after that is anybody's guess, but it is possible for someone to write executable machine code in to that buffer such that it actually runs. It is sort of like a woodsman who can fell a tree and control exactly where it falls. The hacker scripts that bust UNIX systems do exactly this kind of controlled destruction to a vulnerable system because any program running as root will give the hacker root privileges when its burned-out shell crashes. The hacker script will then sometimes be able to create a new user account and give the thug a root shell to do more dirty work. Older versions of just about every form of UNIX known to man contain all kinds of weak spots that have been discovered and fixed. The hacker community is well aware of all these vulnerabilities and there are web sites that come and go which contain various types of scripts and executable programs which probe unsuspecting UNIX boxes for holes to exploit. The main way to keep out of that kind of trouble is to stay abreast of the security advisories for your particular operating system. There are mailing lists for redhat and Debian, for instance, and probably a list for every flavor of UNIX. Another way folks get burned in the UNIX world is by installing a full suit of programs with everything enabled. Such things as file sharing and remote procedure calls in which one can manage systems remotely are great for network administrators, but they also provide more playgrounds for hackers and crackers. If you aren't careful, somebody in some far-off land may decide to manage your system for you and, believe me, he or she isn't doing you any favors. The main difference between Windows viruses and UNIX system exploitation is that a lot of UNIX, these days, is open-source which means that more people know what is inside. This is both a blessing and a curse. The curse is that smart hackers know how it works so they know how to abuse it. The blessing is that there are just as many if not more smart good people who are figuring out ways to either keep the exploit from succeeding or different ways one can configure the system to discourage this activity. Windows, however, is a closed system in which exploits are built from someone's gaining proprietary knowledge or someone simply abusing poorly-designed code such as what happened with the Love-letter worm last year. I think that Microsoft has been rather proactive in trying to fix these holes, but they never should have been created in the first place. I have been working with networked computers for eleven years, now, and we used to discuss the nightmare possibilities of email that could execute or certain kinds of remote access and what people could do with it. It all came to pass and it has been just as bad as many of us feared it would be. UNIX systems don't really need antivirus software for themselves although they might be able to use some sort of filter to prevent them from forwarding emails containing viruses. All of us who run UNIX systems, however, owe it to the rest of the world to be current on security practices and do as much as we can to configure our systems properly so that they don't become hijacked. Martin McCormick WB5AGZ Stillwater, OK OSU Center for Computing and Information Services Network Operations Group
