On Tue, Jun 06, 2006 at 05:00:26PM +0300, Linas ??virblis wrote: > Mike Hommey wrote: > > > Could you tell us what kind of harm can do a "hidden" empty file in /usr ? > > First of all, false positives in rootkit and security scanners. And too > many false positives lead to false negatives sooner or later. That's a bug in the rootkit and/or host-based scanner. A "hidden" file is in no way indication of a rootkit or malicious software installed. Sure, some rootkits do use hidden files, but if you have a rootkit-detector software you don't want to flag a *big* alarm [1] if you see any of those. Regards Javier [1] Tiger, which could be considered a host-based security scanner, will flag a *medium* alarm in some instances of hidden files but will not inmediately say that's a security issue.
Attachment:
signature.asc
Description: Digital signature