AV protection for Unix

We have a Windows-based domain, with one Unix server on it. The Unix server is completely managed by the application vendor, not by us.  We have Norton/Symantec AV for all the windows pcs/servers, but not on the Unix server.  When I asked the vendor why there's no AV, they said (1) Unix doesn't need it, since it's not as susceptible to viruses as is Windows, (2) AV slows the performance too much.  This is the only non-Windows we have on the network.  Is this true, that Unix doesn't need AV protection?  I have been told since starting this job that the vendor (company xyz) has complete responsibility for this server, and we are not to mess with it. Still, it's on our network, and I hate to put that much faith in outside sources...
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sasser was fine, antiviruses were cost effective etc etc...

(1)Yes, UNIX is not wormhole like Windows.
(2) In case you have not noticed.

There are antivirues on UNIX, but they are file scanners to clean files passed from infected Windows-based Domains.

AFAIK, Unix does not have virus, so far. Unix did have some worms, but of very rare occasion. This is because the OS design of Unix world is different from DOS/Windows world.

There are some AVs, running in Unix, but serve to scan for viruses and worms in email attachment or Windows files. A good example is Clamav. Running AV uses up resources, such as memory, CPU cycles, etc. However, Unix has been well designed that unless its memory is in shortage, else running AV would not slow down its performance too much.

It is true that Unix does not need AV protection. However, it need rootkit (or unauthorized system file changes) protection. There are security tools safeguarding critical files for Unix, in many occasion, built by the vendor and comes with the Unix system.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
>  Is this true, that Unix doesn't need AV protection?
yes and no
As said before, up to now (just roughly 30 years) there is no virus known for any Unix, just worms, trojans and rootkits. So a good protection against these kind of malware is something like tripvire.

If your Unix is a file server for Windows, it might be important for those clients, but if you have them protected already there's no need for an additional AV on Unix, IMHO.
Especially for fileserver, you can add clamav antivirus into samba, so it warns in case some windows machine starts spreading viruses to network shares ;) - i.e. there are some situations when antivirus on UNIX can serve a purpose, but this is not the case when you need to keep UNIX system protected from malware.

Otherwise you may request that your UNIX provider  names network services running along with versions, patches those vulnerable, disables those unneeded, and makes sure each and every network service is protected from attacks at least by using TCP wrappers and/or other similar IP access lists.

Make sure they apply latest maintenance patches for system itself (like latest service pack in your world).

Once you/they  configured IP based access odds are high that system will stand internet for years. Now it is time to install tripvire or samhain, and make sure your provider configures respective integrity solution to track changes to their programs and config files.

If you provide us with output of "uname -a" you will get more on exact solutions available.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.