On 8/4/2010 9:24 AM, Brian wrote:
On Wed 04 Aug 2010 at 10:53:42 +0200, Wolodja Wentland wrote:chkrootkit - rootkit detector rkhunter - rootkit, backdoor, sniffer and exploit scannerIf ckkrootkit really did detect worms like Lupper, Lion and Adore (as opposed to the false positives both programs appear fond of generating) the user should take a close look at the Debian release he is using. My problem with software like this is that it gives the impression of providing security over and above what the normal updating procedure provides.
Because a rootkit can't remain hidden and inject itself back into the binary after a "security update" right? I mean it's never happened before, that's why Tripwire doesn't exist...Or because apt does trigger checks and validates once after the install and then once more a few minutes later to trigger integrity violations? Or because doing a security update on grub will remove a rootkit in your system that will just inject itself back into the boot? All this is just figments of our imagination and it's impossible for any of this to happen because all you have to do is apt-get upgrade and you'll be legit.