Re: Anti virus and Firewall
On 8/4/2010 9:24 AM, Brian wrote:
On Wed 04 Aug 2010 at 10:53:42 +0200, Wolodja Wentland wrote:
chkrootkit - rootkit detector
rkhunter - rootkit, backdoor, sniffer and exploit scanner
If ckkrootkit really did detect worms like Lupper, Lion
and Adore (as opposed to the false positives both programs
appear fond of generating) the user should take a close
look at the Debian release he is using.
My problem with software like this is that it gives the
impression of providing security over and above what the
normal updating procedure provides.
Because a rootkit can't remain hidden and inject itself back into the
binary after a "security update" right? I mean it's never happened
before, that's why Tripwire doesn't exist...Or because apt does trigger
checks and validates once after the install and then once more a few
minutes later to trigger integrity violations? Or because doing a
security update on grub will remove a rootkit in your system that will
just inject itself back into the boot? All this is just figments of our
imagination and it's impossible for any of this to happen because all
you have to do is apt-get upgrade and you'll be legit.