AV protection for Unix

Posted on 2006-04-06
Last Modified: 2013-12-04
We have a Windows-based domain, with one Unix server on it. The Unix server is completely managed by the application vendor, not by us.  We have Norton/Symantec AV for all the windows pcs/servers, but not on the Unix server.  When I asked the vendor why there's no AV, they said (1) Unix doesn't need it, since it's not as susceptible to viruses as is Windows, (2) AV slows the performance too much.  This is the only non-Windows we have on the network.  Is this true, that Unix doesn't need AV protection?  I have been told since starting this job that the vendor (company xyz) has complete responsibility for this server, and we are not to mess with it. Still, it's on our network, and I hate to put that much faith in outside sources...
Question by:maharlika
    LVL 61

    Expert Comment

    Sasser was fine, antiviruses were cost effective etc etc...

    (1)Yes, UNIX is not wormhole like Windows.
    (2) In case you have not noticed.

    There are antivirues on UNIX, but they are file scanners to clean files passed from infected Windows-based Domains.
    LVL 14

    Accepted Solution


    AFAIK, Unix does not have virus, so far. Unix did have some worms, but of very rare occasion. This is because the OS design of Unix world is different from DOS/Windows world.

    There are some AVs, running in Unix, but serve to scan for viruses and worms in email attachment or Windows files. A good example is Clamav. Running AV uses up resources, such as memory, CPU cycles, etc. However, Unix has been well designed that unless its memory is in shortage, else running AV would not slow down its performance too much.

    It is true that Unix does not need AV protection. However, it need rootkit (or unauthorized system file changes) protection. There are security tools safeguarding critical files for Unix, in many occasion, built by the vendor and comes with the Unix system.

    LVL 51

    Expert Comment

    >  Is this true, that Unix doesn't need AV protection?
    yes and no
    As said before, up to now (just roughly 30 years) there is no virus known for any Unix, just worms, trojans and rootkits. So a good protection against these kind of malware is something like tripvire.

    If your Unix is a file server for Windows, it might be important for those clients, but if you have them protected already there's no need for an additional AV on Unix, IMHO.
    LVL 61

    Assisted Solution

    Especially for fileserver, you can add clamav antivirus into samba, so it warns in case some windows machine starts spreading viruses to network shares ;) - i.e. there are some situations when antivirus on UNIX can serve a purpose, but this is not the case when you need to keep UNIX system protected from malware.

    Otherwise you may request that your UNIX provider  names network services running along with versions, patches those vulnerable, disables those unneeded, and makes sure each and every network service is protected from attacks at least by using TCP wrappers and/or other similar IP access lists.

    Make sure they apply latest maintenance patches for system itself (like latest service pack in your world).

    Once you/they  configured IP based access odds are high that system will stand internet for years. Now it is time to install tripvire or samhain, and make sure your provider configures respective integrity solution to track changes to their programs and config files.

    If you provide us with output of "uname -a" you will get more on exact solutions available.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Suggested Solutions

    First let me explain that I am extremely paranoid about computer security issues and computer backup issues.  This means that I only feel safe if I am running unknown programs and visiting unknown sites in a virtual machine.  In that way, if anythin…
    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now