[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Anti virus and Firewall

On 8/4/2010 12:43 PM, Brian wrote:
On Wed 04 Aug 2010 at 10:09:17 -0500, Jordon Bedwell wrote:
Correct. It wouldn't be there in the first place and I don't plan on
having my root acoount compromised. Besides, I know my system.

Naive but cute you think that though. You obviously don't to the latter.

You're speaking hypothetically. When rootkits with these capabilities
exist neither chkrootkit nor rkhunter will detect them. By the time
they get round to it my updates will have brought in the fixes, just
as they did when Lion, which chkrootkit spuriously claims to defend
me against, was about.

Let me know when the security industry does not run on theory and hypothetical (until proven) proof of concepts. if it weren't for theory and hypothetical situations you would still think MD5 was secure because nobody would have hypothesized that if MD5 was vulnerable to clashes and then could be vulnerable to rainbow tables, and then come up with a proof of concept which is now generally accepted as true and proven by the security and non-security industry. The world runs off of hypothetical situations, without them, you would still be using a pen and paper sir, actually, possibly and probably not because you wouldn't even have fire.

Let me know when you can't noexec mount that drive onto a clean system, or onto the current system with a liveCD and check for rootkits so that the rootkit can't constantly hide itself, even if it's in the Kernel.

Chkrootkit does not claim to "defend you", "protect you", "warn you ahead of time with constant monitoring", "secure you" or "fix problems" it merely only claims to try and find rootkits, they don't say on their site "you are protected from rootkits if you use our software", "you will be safe from rootkits if you use our software", "rootkits are no more with our software!", "we will remove the rootkits for you with our software and you will be safe!", no, it only claims to detect them. As a matter of fact, is the tagline of chkrootkit not: "locally checks for signs of a rootkit" not "locally checks and removes rootkits".

Reply to: