processes - Re: recommended Virus Scanner?
On Wed, 26 Nov 2003, Paul Johnson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, Nov 26, 2003 at 12:07:05AM -0800, Tom wrote:
> > It's only going to get worse as Linux gets more popular.
>
> They've had ten plus years. If it was going to happen, it would have
> happened.
>
> > I think all Linux devs, from Linus on down, need to stop and think very
> > seriously about what can be done to preemptively mitigate the inevitable
> > embarressments which are sure to come (soon).
>
> They already do.
yup.. and they have shown that they can detect and control any compromise
before it gets serious ...
ditto for debians security team ... they can detect and control the
intruders to some extent
ditto for va/sourceforge ... they too can detect and control the intruders
ditto for gcc ...
ditto for ??? ... that we didnt hear about ??
these sites are all big/major targets ... gotta give them lots
of credit for being able to fend of the potential crackers by the
gazillions ... ( armed with port scan ... cracking up .. )
other distro .. or packages ... donno .. haven't been tested
properly by outsiders yet :-)
there will always be somebody that can get in ... no matter what you did
the problem is to save your data... and minimize damages .. and hopefully
be able to go after the crackers
- my dumb and real example ... ( real because they will have root access )
- assume the cracker has root passwd to one of yoru boxes,
say the dns server or firewalls .. what happens to your systems
- i think if they exploited a vulnerability and got in,
changing stuff will only trigger the host and network ids
( applying rootkits is a bad idea .. in my book to cover up
( the fact that they got in, because thats how you know they got
( in, something does work like it used to
c ya
alvin
Reply to: