• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 515
  • Last Modified:

AV protection for Unix

We have a Windows-based domain, with one Unix server on it. The Unix server is completely managed by the application vendor, not by us.  We have Norton/Symantec AV for all the windows pcs/servers, but not on the Unix server.  When I asked the vendor why there's no AV, they said (1) Unix doesn't need it, since it's not as susceptible to viruses as is Windows, (2) AV slows the performance too much.  This is the only non-Windows we have on the network.  Is this true, that Unix doesn't need AV protection?  I have been told since starting this job that the vendor (company xyz) has complete responsibility for this server, and we are not to mess with it. Still, it's on our network, and I hate to put that much faith in outside sources...
  • 2
2 Solutions
Sasser was fine, antiviruses were cost effective etc etc...

(1)Yes, UNIX is not wormhole like Windows.
(2) In case you have not noticed.

There are antivirues on UNIX, but they are file scanners to clean files passed from infected Windows-based Domains.

AFAIK, Unix does not have virus, so far. Unix did have some worms, but of very rare occasion. This is because the OS design of Unix world is different from DOS/Windows world.

There are some AVs, running in Unix, but serve to scan for viruses and worms in email attachment or Windows files. A good example is Clamav. Running AV uses up resources, such as memory, CPU cycles, etc. However, Unix has been well designed that unless its memory is in shortage, else running AV would not slow down its performance too much.

It is true that Unix does not need AV protection. However, it need rootkit (or unauthorized system file changes) protection. There are security tools safeguarding critical files for Unix, in many occasion, built by the vendor and comes with the Unix system.

>  Is this true, that Unix doesn't need AV protection?
yes and no
As said before, up to now (just roughly 30 years) there is no virus known for any Unix, just worms, trojans and rootkits. So a good protection against these kind of malware is something like tripvire.

If your Unix is a file server for Windows, it might be important for those clients, but if you have them protected already there's no need for an additional AV on Unix, IMHO.
Especially for fileserver, you can add clamav antivirus into samba, so it warns in case some windows machine starts spreading viruses to network shares ;) - i.e. there are some situations when antivirus on UNIX can serve a purpose, but this is not the case when you need to keep UNIX system protected from malware.

Otherwise you may request that your UNIX provider  names network services running along with versions, patches those vulnerable, disables those unneeded, and makes sure each and every network service is protected from attacks at least by using TCP wrappers and/or other similar IP access lists.

Make sure they apply latest maintenance patches for system itself (like latest service pack in your world).

Once you/they  configured IP based access odds are high that system will stand internet for years. Now it is time to install tripvire or samhain, and make sure your provider configures respective integrity solution to track changes to their programs and config files.

If you provide us with output of "uname -a" you will get more on exact solutions available.

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now