[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hidden files

On Tue, Jun 06, 2006 at 05:00:26PM +0300, Linas ??virblis wrote:
> Mike Hommey wrote:
> > Could you tell us what kind of harm can do a "hidden" empty file in /usr ?
> First of all, false positives in rootkit and security scanners. And too
> many false positives lead to false negatives sooner or later.

That's a bug in the rootkit and/or host-based scanner. A "hidden" file is in
no way indication of a rootkit or malicious software installed. Sure, some
rootkits do use hidden files, but if you have a rootkit-detector software you
don't want to flag a *big* alarm [1] if you see any of those.



[1] Tiger, which could be considered a host-based security scanner, will flag
a *medium* alarm in some instances of hidden files but will not inmediately
say that's a security issue.

Attachment: signature.asc
Description: Digital signature

Reply to: