Antivirus for FreeBSD

Hi,

I am looking for Antivirus for FreeBSD besides ClamAV. I've searched for any AV that would be supported on FreeBSD, but I could not find any. Or if I did, it was for old versions and/or it is not developed any more.

I am intending to use FreeBSD as desktop and the question is how to secure it from possible viruses etc.

Thank you!
 
I have used FreeBSD on the desktop for a number of years and don't use any anitvirus program. What kind of virus were you thinking about?
 
You pretty much won't find anything else but products that run on Linux or BSD OSes but are only for finding MS Windows viruses/malware and MS Office macro viruses. There is a very good reason for lack of antivirus products for native FreeBSD viruses, such viruses don't really exist in the wild. FreeBSD as any UNIX/UNIX-like OS has a proper privilege separation and the OS is configured by default in such a way that it discourages unsafe practices. It is of course possible to write a virus for FreeBSD but getting to spread from machine to machine is not a reality. Practically all of the software installed on a FreeBSD system comes from a known safe source, packages are now signed to prevent tampering, base system distributions can be verified if the user wishes to do so. Also, quite a few people do their base system updates/upgrades using the source code and that already closes many possibilities for tampering with the system using compromised binaries.
 
I did a quick search and found BitDefender - security/bdc.

And there are several ports related to Rootkits - security/chkrootkit, security/revealrk , security/rkhunter.

The rootkit detectors are aimed at people who host web services on their systems and run unsafe CGI applications that are often (poorly) written in PHP and can potentially allow a remote attacker to inject something nasty into the system. A desktop user would never be vulnerable to rootkits unless they do something totally stupid like run web browsers as root.

The BitDefender port you linked is a FreeBSD 5 binary only product with last real updates done in 2007-2008 and has no maintainer, I wouldn't use it.
 
I come from Windows world and AV is a must. It is a bit uncomfortable to use system without AV, especially today where everything is online and "easy" target.

Ok, I understand that viruses for UNIX/UNIX-like systems can not spread easy or fast enough but the question that comes to my mind is how can you check if your computer is infected.
 
What actual virus did you have in mind? I've never heard of anybody in the *nix world getting a virus. Yes, there are people who insist on laboratory proof of concept being the same as what happens in the wild, but they never offer any proof other than a machine can be compromised if you have physical or root access. Besides, from everything I've read a normal antivirus program isn't going to help you with that since those programs only detect last generation infections. That's McAfee's take on it and I'll go with that. In any case how about just watching what goes out to see if there's anything suspicious? That's what I do.
 
This isn't limited to "virus" (methods of attack, compromise, and disruption are only limited by the imagination (I imagine ;))) but the links might be interesting to readers of this thread:
Off the top of my head, I would guess that a large scale attack on FreeBSD systems could be done through the ports system (if some people were sufficiently motivated). There is a lot of trust involved in compiling and installing third-party software (and running the scripts in the ports system).
 
Off the top of my head, I would guess that a large scale attack on FreeBSD systems could be done through the ports system (if some people were sufficiently motivated). There is a lot of trust involved in compiling and installing third-party software (and running the scripts in the ports system).

Very unlikely. All of the distfiles are checksummed with a strong cryptographic hash method called SHA256. An attacker would first have to falsify these checksums on selected important ports and then find a way to distribute his compromised version of the ports tree in place of the real thing to the unsuspecting users. This would have to involve compromising the main SVN repository of the project because that is the authoritative source for the source code of FreeBSD and also for the ports tree. Another way of achieving such compromise would be falsifying DNS records for the SVN and portsnap main sites and mirrors but given how DNS works it's very hard to implement such attacks on scale larger than a few local LAN networks that you have immediate access to.
 
The creators of the third-party source code could do a lot. The creators of the distribution tarball could do a lot. The port developers could do a lot.

As a thought experiment (or take it all the way), if you were to develop some software, a distribution tarball, and a set of /usr/ports scripts, could you find ways in that process to rootkit your system? (Assuming yes) Can you imagine any of those methods making their way through the ports development process and into the distributed ports system?
 
I come from windows world and AV is a must. It is a bit uncomfortable to use system without AV, especially today where everything is online and "easy" target.

Ok, I understand that viruses for UNIX/UNIX-like systems can not spread easy or fast enough but the question that comes to my mind is how can you check if your computer is infected.

You can wonder how to check for viruses, but it seems odd to do so without wondering why to check as well. I've been using Linux and Unix for almost a decade, and in that time I haven't even heard a single report of a *nix virus found spreading around the Net, and I've never seen any sign on any of my systems that might suggest any sort of malware might be running rampant. It's possible for a latent vulnerability to allow some black-hat to compromise an LAN, but malware? Never heard anything of it.

Incidentally, along with the fact that viruses are virtually non-existent in the *nix world, another thing you'll often hear when the subject comes up on forums and mailing lists is that many people attracted to Unix-like systems--who also likely use Windows in the workplace, or even at home--may be the sort of cautious, security-conscious people less susceptible to virus infections in the first place, and many of them use Windows themselves. Frankly, most serious malware infections stem from poor user choices and habits, and AV software serves as an incentive to perpetuate those (what psychologists call "risk compensation" or the "Peltzman effect"). Many people--more than you might suspect--use Windows without AV software, and get by just fine.
 
Notice that most of stories of problems in the past involve someone having their hands on the system to cause the damage. That's a different story from those trying to cause problems from a distance. If you have a system in front of you, you can do a lot of damage to anything. There has not been any widespread malware on a Unix system since 2001, iirc.
 
You can have the best system in the world, but it will never be perfect. Thinking that FreeBSD is immune is honestly wishful thinking. The fact that FreeBSD has a very small market share should definitely be considered when thinking that these things don't happen on FreeBSD.
Personally I don't run any antivirus, even on Windows. But I understand that you might want to have a more serious check in some cases.
 
Risk of getting infected by malware on FreeBSD is in my opinion very small. The work required to create such malware is too great for the potential benefit. A scenario for infecting could be in the line of getting a browser or an email reader to execute arbitrary code, this code would know a zero day vulnerability on something that runs with higher privileges. Something that runs with root privileges on a UNIX like system. After the second stage vulnerability has rooted the system, the malware would contact master and ask for further instructions, ready to install key loggers or whatever. To calculate that only a portion of the installed systems would be vulnerable to one specific attack, and the size of the user base is tiny, it would not be cost efficient to target FreeBSD. Overall, it is not necessarily harder or easier to target FreeBSD desktops, but the time and work it takes to find zero day vulnerabilities and turning those into exploits can be too high for the practically non-existent benefit. This is just my personal opinion and not a fact.
 
Do you really believe that anyone is going to create any kind of virus for FreeBSD? And you will be a FreeBSD user, you will made it to setup this Monster OS and you will just execute the virus as windows user with none idea about what you are doing? Virus and this things doesn't exist here. The only danger is that of hacking from someone but still is very secure OS and should be very good cracker to made it. But if you still want the most secured OS, then go to OpenBSD!
 
You can have the best system in the world, but it will never be perfect. Thinking that FreeBSD is immune is honestly wishful thinking. The fact that FreeBSD has a very small market share should definitely be considered when thinking that these things don't happen on FreeBSD.
Personally I don't run any antivirus, even on Windows. But I understand that you might want to have a more serious check in some cases.

Operating system security has nothing to do with Market share. This is a false dichotomy, security through obscurity-like thinking (from the Windows crowd) that needs to stop. iOS has more than 2/3 of the U.S. smartphone market share and yet Android has more reports of huge vulnerabilities, and it's open source.
 
Android has over 80% worldwide market share. Most virus/malware writers, but certainly not all, aim to maximize infection. That said, I agree, it's a very bad idea to consider market share when securing your operating system.

FreeBSD itself is pretty much immune to Windows viruses, yes, but it can still be used to spread the infection to Windows clients. Using FreeBSD as a mail server for a small business is one example.
 
Android has over 80% worldwide market share. Most virus/malware writers, but certainly not all, aim to maximize infection. That said, I agree, it's a very bad idea to consider market share when securing your operating system.

FreeBSD itself is pretty much immune to Windows viruses, yes, but it can still be used to spread the infection to Windows clients. Using FreeBSD as a mail server for a small business is one example.

But I thought with many eyes, all bugs are shallow! :p
 
Operating system security has nothing to do with Market share.
I'm not sure where you read that in my post; unless by security you mean lower risk of security incidents. In that case that is indeed what I wrote. I really don't think people are willing to write malware for a system used by very few people, unless it's trivial or unless those few people are very important. The reward is simply not worth the effort.
Otherwise said: if FreeBSD doesn't have security issues it's not because it's perfect. It isn't. It may be better than others, but there will always be ways to do bad things.
 
I really don't think people are willing to write malware for a system used by very few people, unless it's trivial or unless those few people are very important.

We're getting off topic here, but since the OP hasn't been back I guess that's OK. :) Anyway, I'm not sure that the idea that because FreeBSD is used by few people there's a lack of value in compromising it. I would think that most intrusions to home computers are of little value other than collecting nodes for a botnet. I've known a lot of people over the years (who use MS-Windows) and not one has ever reported their bank account as being compromised, for example. I suspect that it is very few that get pwned in that way. Perhaps I'm wrong but isn't it in servers where the real value lies? Judging by the barrage of break in attempts I see I'd say there's certainly a lot of interest.
 
Back
Top