• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Antivirus for FreeBSD

troublemaker

Member

Thanks: 3
Messages: 37

#26
We're getting off topic here
Not so much I think. The thread is about an antivirus for FreeBSD; it's pretty much related to how secure your system is. And I think FreeBSD can be more secure than other systems (and this might be considered a bold statement by some, but we will leave those losers alone :)), but no system is 100% secure. So if you are really concerned any extra check is always welcome.
You know the saying: the only secure system is turned off, in a safe, in a bunker, deep underground, guarded by 200 men. And even then I wouldn't be so sure.

Anyway, I'm not sure that the idea that because FreeBSD is used by few people there's a lack of value in compromising it
Not necessarily a lack of value, but (much) less than Windows or Linux. And don't get me wrong, I'm not saying this is the only factor. But I think it can be a relevant factor if the market share is small.

I would think that most intrusions to home computers are of little value other than collecting nodes for a botnet.
That's not nothing. Try to imagine how many machines are zombies. How many zombie candidates are running FreeBSD?

I've known a lot of people over the years (who use MS-Windows) and not one has ever reported their bank account as being compromised, for example. I suspect that it is very few that get pwned in that way.
I don't know much about that. But for example here:

http://www.zdnet.com/article/dyre-wolf-attacks-your-corporate-bank-account-door/

Can be very few people, but apparently more than enough

Perhaps I'm wrong but isn't it in servers where the real value lies? Judging by the barrage of break in attempts I see I'd say there's certainly a lot of interest.
Could be, but even in that case Linux is far more popular. So if you have a FreeBSD server that allows you to get into Fort Knox then obviously FreeBSD can be of some interest, but I would say this is not the case. If I had to write some malicious software I would definitely target Linux first, unless I wanted to target a specific company that uses FreeBSD. Besides, Linux is much easier to attack :p
 

ANOKNUSA

Aspiring Daemon

Thanks: 358
Messages: 671

#27
FreeBSD itself is pretty much immune to Windows viruses, yes, but it can still be used to spread the infection to Windows clients. Using FreeBSD as a mail server for a small business is one example.
Yes, but this raises the already answered question of responsibility: nearly every mail server in the world runs on some Unix-like operating system, yet we don't hold our mail service providers responsible for infecting our Windows systems, nor do we blame the operating system the mail server is running on for the unwanted content of our mail. Likewise, it is of course possible to benignly store a virus or trojan or malicious macro on a FreeBSD system, and unwittingly transfer that malware to Windows--just as it's possible to do so on Linux and OS X. Yet we don't hold users of those more secure alternatives responsible for the security of others' Windows systems.

The long and short of it is that everyone is responsible for their own system security, and the only people who really have to worry about malware are Windows users. And we all implicitly agree that holding the minority that use Unix-like systems--possibly because they're conscientious about malware--responsible for the problems of the majority who can't be bothered, isn't right.
 

Max212

New Member

Thanks: 2
Messages: 16

#28
Saying that FreeBSD is secure because of low market share is a illusion. If you or your system that you are using is a target, than you will get hacked. Check Stuxnet case.
The question here is how to check that your system is not compromised in a way that it is not leaking data or that it is used to compromise other non UNIX/UNIX-like systems.
 

drhowarddrfine

Daemon

Thanks: 639
Messages: 2,391

#29
Max212 Stuxnet was a Windows attack. There has not been an effective malware attack on Unix systems since 2001 and, even then, that was on Linux, iirc.
 

kpa

Beastie's Twin

Thanks: 1,673
Messages: 6,084

#30
Saying that FreeBSD is secure because of low market share is a illusion. If you or your system that you are using is a target, than you will get hacked. Check Stuxnet case.
The question here is how to check that your system is not compromised in a way that it is not leaking data or that it is used to compromise other non UNIX/UNIX-like systems.
You keep arguing that such infections take place and are common on UNIX and UNIX-like system. Where's you evidence, post some reputable reports for known recent incidents of UNIX viruses and malware.
 

Beastie7

Well-Known Member

Thanks: 88
Messages: 283

#31
I'm not sure where you read that in my post; unless by security you mean lower risk of security incidents. In that case that is indeed what I wrote. I really don't think people are willing to write malware for a system used by very few people, unless it's trivial or unless those few people are very important. The reward is simply not worth the effort.
Otherwise said: if FreeBSD doesn't have security issues it's not because it's perfect. It isn't. It may be better than others, but there will always be ways to do bad things.
The "value" is what to be gained from the objective; regardless of the platform. Infrastructure involves a lot more than just servers. For instance, adversaries are hitting things like edge switches, PLC devices, telecom networks, etc. a lot more compared to your average x86 server or ARM embedded device, yet they are way less deployed (in volume). Your post basically says "If FreeBSD had more market share, there would be more reports of breaches. That's a wrong way to look at systems security. Good design, and simplicity will trump any number of possible attack vectors.


There are a lot more reports of vulnerabilities in Windows because it's terribly designed, and complex; thus more breaches. Not market share. If Redmond actually gave two shits about secure design and preventative responsibility; Windows wouldn't be the way it has been.

Max212 Stuxnet was a Windows attack. There has not been an effective malware attack on Unix systems since 2001 and, even then, that was on Linux, iirc.
Windows was just one piece of the pie, a lot more was exploited in getting those centrifuges to a halt.

Android has over 80% worldwide market share. Most virus/malware writers, but certainly not all, aim to maximize infection. That said, I agree, it's a very bad idea to consider market share when securing your operating system.

FreeBSD itself is pretty much immune to Windows viruses, yes, but it can still be used to spread the infection to Windows clients. Using FreeBSD as a mail server for a small business is one example.

When a company operates under a horizontal business model, it's a lot easier (and faster) to distribute an operating system globally because you have OEMs (I call these "naked" hardware makers) to do all the leg work for you. Vertical companies like Apple, SUN (RIP), SGI (RIP), etc. where you control the entire stack of product; peak market saturation is more challenging. Still, it has very little to do with systems security.

Anyway, I'm done here. :) talking about windows makes me depressed.
 

kpa

Beastie's Twin

Thanks: 1,673
Messages: 6,084

#32
There are a lot more reports of vulnerabilities in Windows because it's terribly designed, and complex; thus more breaches. Not market share. If Redmond actually gave two shits about secure design and preventative responsibility; Windows wouldn't be the way it has been.
They also have their own POLA issues. Everyone should remember the backlash they got for introducing the UAC in Windows Vista. That alone makes it very scary to think about how safe Windows machines are in reality.
 

drhowarddrfine

Daemon

Thanks: 639
Messages: 2,391

#34
Given all the vulnerabilities we run behind, how probable is it, that there are (a few?) viruses out in the FreeBSD world (that we even deny to find)?
Lone Ranger: "Tonto, we're surrounded by Indians ready to attack. What are we going to do?!"

Tonto: "What you mean 'we', white man?"

Don't base your perception of FreeBSD security on this thread. There's a lot going on.

Note: Maybe only Americans my age will get who those TV characters are.
 

Beastie7

Well-Known Member

Thanks: 88
Messages: 283

#35
It's getting funny here. And this is because there is a lot of belief (and hubris?) in the discussion and a lack of information or evidence.

But how can there ever be an evidence if nobody scans the BSD world for viruses?

Given all the vulnerabilities we run behind, how probable is it, that there are (a few?) viruses out in the FreeBSD world (that we even deny to find)?

Long answer short: FreeBSD is "virus free" until a broad scanning is started giving us some results.
Given FreeBSDs history of being the basis of covert infrastructure products that usually aggregate raw data (routers, load balances, storage, etc) I'm sure there are some virus' in the wild. It's easier to extract data from such devices. But I doubt the severity is those vulnerabilities are high, and you rarely see reports of those from FreeBSD based products.

I'd say FreeBSD is less "virus prone" than is it "virus free".
 

troublemaker

Member

Thanks: 3
Messages: 37

#36
The "value" is what to be gained from the objective
Yes, that's what I said. I also added that it's not only the value, but also the effort you put in it

Your post basically says "If FreeBSD had more market share, there would be more reports of breaches. That's a wrong way to look at systems security
I'm afraid there is a misunderstanding somewhere. Again, I never said a system is secure when it has little market share, if this is what you are saying. I'm saying you can't say a system is secure just because there are no reports, for the simple reason that no system with some complexity can be 100% secure. And you are right, simplicity helps, but a complex system will still be complex, and complexity is a bitch; you can't pretend something the size of FreeBSD to be perfect. If a little used system has no reports, the fact itself that the system is little used can be a relevant factor in explaining the lack of reports. Give it more users and reports will start coming in. Even if it's FreeBSD, sorry. Maybe you will have less reports compared to other systems, but you will still have them.
 

drhowarddrfine

Daemon

Thanks: 639
Messages: 2,391

#37
Maybe you will have less reports compared to other systems, but you will still have them.
That's an assumption and a guess, not a fact. Perhaps possible but, still, not a known fact, afaik.

The problem I see in this thread is people mixing up viruses which get installed and run on the OS with malware with other things that exist on other OSes, specifically Windows, as if they can be installed and executed in the same manner on FreeBSD which, of course, is not true and the assumption that such things must be on FreeBSD is only a guess.

I get irritated when the only proof of an intrusion into a system is when someone installs a piece of software from an unknown source and runs it which brings down one user. Then they point and exclaim, "See! FreeBSD isn't secure either!!"
 

shepherdAZ

Member

Thanks: 27
Messages: 40

#38
...when someone installs a piece of software from an unknown source and runs it which brings down one user.
And there we have the security model we are forced to deal with. Most general operating system security mechanisms are centred around protecting users (and their files) from each other, rather than protecting users from their applications (or a piece of malware) running amok. We still live in a world where we default accept, rather than default deny. There are additional protections that can be applied, but the tools landscape is messy and confusing for most users.

I have been a primarily Linux/grsecurity user for many years, using grsecurity's RBAC to set policies that restrict what an application can do within the user security context it operates (i.e. you're a PDF reader, of course you can't bind to a network socket or read .ssh/*). I am now slowly moving stuff over to FreeBSD, where I can use Jails and Capsicum to achieve compartmentalisation and fine grained control (without the filesystem cock-ups, systemd farce, distro wars, and other Linux drama).

In my experience, anti-virus products have generally been riddled with security holes of their own, cause system resource exhaustion, and unnecessary overheads whilst delivering little actual security return.
 

Beastie7

Well-Known Member

Thanks: 88
Messages: 283

#39
Yes, that's what I said. I also added that it's not only the value, but also the effort you put in it


I'm afraid there is a misunderstanding somewhere. Again, I never said a system is secure when it has little market share, if this is what you are saying. I'm saying you can't say a system is secure just because there are no reports, for the simple reason that no system with some complexity can be 100% secure. And you are right, simplicity helps, but a complex system will still be complex, and complexity is a bitch; you can't pretend something the size of FreeBSD to be perfect. If a little used system has no reports, the fact itself that the system is little used can be a relevant factor in explaining the lack of reports. Give it more users and reports will start coming in. Even if it's FreeBSD, sorry. Maybe you will have less reports compared to other systems, but you will still have them.
Oh boy... more "he said, she said" non-sense. Look, I'm simply highlighting the common fallacy of relativity that X operating system will be equally exploited as Y operating system per market share. You seem to be conflating the two.

Now, it's perfectly logical to say the more widespread system will be attacked more often, but actually being exploited or breached by an attack vector is something else.
 

troublemaker

Member

Thanks: 3
Messages: 37

#40
That's an assumption and a guess, not a fact. Perhaps possible but, still, not a known fact, afaik.
You mean it's an assumption to say that reports will come if (when) FreeBSD becomes more popular? Could be, the assumption is based on the fact that popularity attracts hackers. Sort of what happened to Linux. Many years ago people were thinking Linux unbreakable. I don't hear that anymore.
Ah, I found an interesting link:

https://en.wikipedia.org/wiki/Linux_malware
The growth in Linux malware is simply due to its increasing popularity, particularly as a desktop operating system ... The use of an operating system is directly correlated to the interest by the malware writers to develop malware for that OS.

Oh boy... more "he said, she said" non-sense.
sorry, just trying to explain myself

Look, I'm simply highlighting the common fallacy of relativity that X operating system will be equally exploited as Y operating system per market share. You seem to be conflating the two.
Is it bad if I say it's not what I said? No, never mentioned equality, and never tried to build a mathematical relationship. Of course there are other factors, and more important ones too. At the end I think there are three factors:

1) effort (how hard is the system to crack?). And this is pretty much related to the security of the system
2) reward (how much money can I make? Can I make once a lot of money, or many times little money?)
3) risk (how likely is it that I get caught? How long is the jail term?). I actually forgot this one.

Market share is only related to point 2. Not even 100%
 

Beastie7

Well-Known Member

Thanks: 88
Messages: 283

#41
You mean it's an assumption to say that reports will come if (when) FreeBSD becomes more popular? Could be, the assumption is based on the fact that popularity attracts hackers. Sort of what happened to Linux. Many years ago people were thinking Linux unbreakable. I don't hear that anymore.
Ah, I found an interesting link:

https://en.wikipedia.org/wiki/Linux_malware


sorry, just trying to explain myself


Is it bad if I say it's not what I said? No, never mentioned equality, and never tried to build a mathematical relationship. Of course there are other factors, and more important ones too. At the end I think there are three factors:

1) effort (how hard is the system to crack?). And this is pretty much related to the security of the system
2) reward (how much money can I make? Can I make once a lot of money, or many times little money?)
3) risk (how likely is it that I get caught? How long is the jail term?). I actually forgot this one.

Market share is only related to point 2. Not even 100%
No not at all! By all means, say what you want. It's just irritating when people (in general) bring up market share in regards to systems security; to some like it's justification for a vendors/organizations apathy to it.
 

troublemaker

Member

Thanks: 3
Messages: 37

#42
No not at all! By all means, say what you want. It's just irritating when people (in general) bring up market share in regards to systems security
I would never do such a thing. I am a software developer, and to me security is based on a valid concept, solid code and thorough testing. With a good process controlling the steps, and good tools for the implementation. Anything necessary to put some quality, basically. Low market share is only (in part) related to the likelihood of an attack.
Which brings me to my original point: no matter what, you will always have a flaw. Why people don't put more effort in using better tools is beyond me, but even with the best tools and coders you will always miss something. So an antivirus can be a useful extra

:)
 

OJ

Daemon

Thanks: 236
Messages: 1,015

#43
In my experience, anti-virus products have generally been riddled with security holes of their own, cause system resource exhaustion, and unnecessary overheads whilst delivering little actual security return.
I alluded to it earlier but here is a relevant quote from John McAfee:

"I don’t use AV, I think it’s dead and based on an ancient tech that is no longer relevant. Hacker kits come out 10x faster. AV is a meaningless system."
 

drhowarddrfine

Daemon

Thanks: 639
Messages: 2,391

#44
OS X is based on BSD. Are there any viruses running on OS X?
It is not. Please stop with this. Look at the Wikipedia article about OSX.
The heritage of what would become OS X had originated at NeXT, a company founded by Steve Jobs following his departure from Apple in 1985. There, the Unix-like NeXTSTEP operating system was developed, and then launched in 1989.

The kernel of NeXTSTEP is based upon the Mach kernel, which was originally developed at Carnegie Mellon University, with additional kernel layers and low-level user space code derived from select parts of BSD.
 

drhowarddrfine

Daemon

Thanks: 639
Messages: 2,391

#45
troublemaker said:
Could be, the assumption is based on the fact that popularity attracts hackers.
Which means nothing much to Fort Knox. It's one thing for a mouse to attack the cat and another to think the mouse can win.

You found an interesting quote from Kaspersky, a seller of anti-virus programs who now sells them for Linux, not an unbiased statement. In fact, the rest of that section goes on to say the main reason some Linux(Unix) installations may need AV is when they're connected to Windows machines or handling Windows software and components; and only then to protect the users of Windows machines!
 

ANOKNUSA

Aspiring Daemon

Thanks: 358
Messages: 671

#46
It's getting funny here. And this is because there is a lot of belief (and hubris?) in the discussion and a lack of information or evidence.

But how can there ever be an evidence if nobody scans the BSD world for viruses?
New malware are not discovered by AV/AM software, as the latter scan files and check them against a database of known malware. New viruses, trojans, etc. are discovered by savvy system administrators who monitor their systems' behavior for unexpected or undesired activity.

It is getting funny in here, though: the original question mainly concerned desktop/laptop/personal server systems, and now we're off on a national security/infrastructure security tangent...
 

OJ

Daemon

Thanks: 236
Messages: 1,015

#47
New malware are not discovered by AV/AM software, as the latter scan files and check them against a database of known malware.
And that is exactly relevant to the original question. Until we get "known malware" we can't have a meaningful scanner. (I hope the OP is hearing this.)
 

troublemaker

Member

Thanks: 3
Messages: 37

#50
Which means nothing much to Fort Knox. It's one thing for a mouse to attack the cat and another to think the mouse can win.

You found an interesting quote from Kaspersky, a seller of anti-virus programs who now sells them for Linux, not an unbiased statement. In fact, the rest of that section goes on to say the main reason some Linux(Unix) installations may need AV is when they're connected to Windows machines or handling Windows software and components; and only then to protect the users of Windows machines!
I am not sure what are we discussing here. Is it that a more popular system is more likely to be attacked or that Linux and/or FreeBSD have flaws? Because if it is the latter I don't think there are doubts; every developer that has written a bit of more or less complex code should know that bug free code doesn't exist. Flaws are always present. Assuming that your system is perfectly secure is a recipe for disaster.