Re: Anti virus and Firewall
On Wed 04 Aug 2010 at 10:09:17 -0500, Jordon Bedwell wrote:
> Because a rootkit can't remain hidden and inject itself back into the
> binary after a "security update" right?
Correct. It wouldn't be there in the first place and I don't plan on
having my root acoount compromised. Besides, I know my system.
I mean it's never happened
> before, that's why Tripwire doesn't exist...Or because apt does trigger
> checks and validates once after the install and then once more a few
> minutes later to trigger integrity violations? Or because doing a
> security update on grub will remove a rootkit in your system that will
> just inject itself back into the boot? All this is just figments of our
> imagination and it's impossible for any of this to happen because all
> you have to do is apt-get upgrade and you'll be legit.
You're speaking hypothetically. When rootkits with these capabilities
exist neither chkrootkit nor rkhunter will detect them. By the time
they get round to it my updates will have brought in the fixes, just
as they did when Lion, which chkrootkit spuriously claims to defend
me against, was about.